VIRUS SENDING MASS EMAILS, ONLY WAY TO STOP IS ccApp... help!!!!!!!!!![Resolved]

Comments

• jmoney3457 Maine

  September 2006 edited September 2006

  hey relax welcome ! please do the following steps (in order):
  Make sure that you can see hidden files.

  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.

  then, First download ewido anti-spyware from HERE and save that file to your desktop.

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need to run ewido and update the definition files.
  3. On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
     • Select "Automatically generate report after every scan"
     • Un-Select "Only if threats were found"

  Close ewido anti-spyware and reboot your computer into Safe Mode.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
     IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  3. Ewido will now begin the scanning process, be patient this may take a little time.
  4. Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  5. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  6. Close ewido & post that report in your next reply

  0
• RelaxX1230

  September 2006 edited September 2006

  Hey and thank you for the welcome and quick reply! Sorry for the delay its been hard to work on this computer as of late...
  
  anyway I followed ur instructions exactly and it came up with some stuff, however the email problem keeps occuring during my startup, and again wont stop until i stop the ccApp process.
  
  the report file is HUGE and my computer wont let me post it (too slow) so im not sure what to do (txt file is 27.3 MB) ill paste here what i can...
  

  ---

  ewido anti-spyware - Scan Report

  ---

  
  + Created at: 12:05:12 PM 9/18/2006
  
  + Scan result:
  
  
  
  C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
  C:\WINDOWS\Noble Poker setup.exe -> Adware.Casino : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
  C:\Documents and Settings\Loren\Desktop\aimfix_quarantine\29520_nlkfev7cozlwht.exe.bak -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
  C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YBSFCLQL\dtest1[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9QB4H23\d227_seven2[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QFW9MN\bmp[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WXAJ8X2N\dtest1[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\ntms.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\ntp.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\vcb.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
  C:\System Volume Information\_restore{73BDC787-7052-47CE-A99E-A8B73718CA93}\RP700\A0081201.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
  
  then a lot of text of mozilla tracking cookies and whatnot (altho ewido did say some had error while quarantining...)
  
  :mozilla.109:C:\RECYCLER\NPROTECT\00077478.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079634.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079635.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079636.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079637.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079638.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079639.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079640.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079641.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079642.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079643.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079644.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.285:C:\RECYCLER\NPROTECT\00079645.MOZ -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  C:\Documents and Settings\Loren\Local Settings\Temp\~DF508.tmp -> Trojan.Susear.a : Cleaned with backup (quarantined).
  
  
  ::Report end

  0
• RelaxX1230

  September 2006 edited September 2006

  Oh and heres another hijackthis log (duno if it helps at all)
  
  Thanks!
  
  Oh and I also noticed my computer is slowing down considerably...
  
  Logfile of HijackThis v1.97.7
  Scan saved at 1:18:57 PM, on 9/18/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\CRW\shwicon.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\WINDOWS\system32\taskmgr.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://global.acer.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38204.6000462963
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  no problem, you had a backdoor not good but lets see what bitdefende can take care of-->BitDefender Online Scanner
  
  - Once you are on the BitDefender site, click the I Agree button
  - BitDefender will check to see if you have the ActiveX. If you don't, then allow for it to be installed.
  - The required files for the scan will start downloading (Note: It may take a couple of minutes)
  - If you get a Confirm File Replace message to overwrite a file, click Yes
  - When download is complete, click the Click here to scan button
  ...BitDefender will download the latest virus signatures.
  - The scan will automatically start
  - Once the scan is complete, click Close
  - On the box that appears, press Click here to view the report button
  - Chose either Send Report or Don’t send - It is your choice!
  - Save the entire contents of the scan to a convenient location as an html file and attach that bitdefender html scan report to your next reply along with new HJT log

  0
• RelaxX1230

  September 2006 edited September 2006

  Ok, so I went to that page and tried to scan the first time... it was taking a lonnnng time and at about the 6 hour mark I went to bed and woke up with an error message... So i tried it again today and it worked after around 10 hours... but as I tried to view the report IE froze up (sigh...) and I think i lost it.... There were a bunch of viruses detected and deleted though.....
  
  heres another HJT log... sorry for not getting the report.....
  
  Logfile of HijackThis v1.97.7
  Scan saved at 7:21:14 PM, on 9/19/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\taskmgr.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\CRW\shwicon.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://global.acer.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM)
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38204.6000462963
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  
  Hows it look? Going to reboot right now and find out if im good yet....

  0
• RelaxX1230

  September 2006 edited September 2006

  sigh...nope...

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  i'd like to see a list please do the following (also no worries on the scan good to hear it may have deleted some viruses and such): open HJT click misc tools>uninstall manager>save list it'll create a .txt please post that report here in your next reply along with how your PC currently is performing

  0
• RelaxX1230

  September 2006 edited September 2006

  Ok heres the new log (i didnt realize that I had the old HJT version) and the uninstall list. My computer keeps tellng me that the virtual memory is too low and the paging file is being increased... and i do notice that it has slowed down a bit, loading some pages is a task and downloads are rediculously slow (HJT took a couple min. at 203kb going at like 30kb/sec and im on a cable modem with average of 600). Man this thing is killing me!! ok so here goes...
  
  Logfile of HijackThis v1.99.1
  Scan saved at 12:29:45 AM, on 9/20/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\CRW\shwicon.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  
  and the uninstall list
  
  545 Studios Skinstaller (remove only)
  Ad-Aware SE Personal
  Adobe Atmosphere Player for Acrobat and Adobe Reader
  Adobe Download Manager 1.2 (Remove Only)
  Adobe Photoshop Album 2.0 Starter Edition
  Adobe Reader 6.0.1
  Agere Systems AC'97 Modem
  AIM Pro
  Apple Software Update
  Aspire Arcade 3.0
  Aspire Series
  ATI - Software Uninstall Utility
  ATI Control Panel
  ATI Display Driver
  Audacity 1.2.2
  AudibleManager
  B.U.I.C.K. 95
  BitTorrent 3.4.2
  CCleaner (remove only)
  Chart5 for Windows
  CIF USB Camera (2110A)
  CRW Series Driver v1.17r019
  DC++ 0.691
  Direct Show Ogg Vorbis Filter (remove only)
  DiskeeperWorkstation
  DivX
  DivX Player
  Dream Poker
  DVD Shrink 3.2
  ewido anti-spyware 4.0
  Final Fantasy VII - Ultima Edition
  FreeRIP v2.90
  Full Tilt Poker
  GMail Drive Shell Extension
  Google Earth
  Google Gmail Notifier
  Google Toolbar for Internet Explorer
  Half-Life
  HighMAT Extension to Microsoft Windows XP CD Writing Wizard
  HijackThis 1.99.1
  Hotfix for Windows XP (KB909394)
  HP Image Zone 3.5
  HP PSC & OfficeJet 3.5
  HP Software Update
  Indeo® Software
  iPod for Windows 2005-01-11
  iPod for Windows User Guide
  iPod System Software Updater 2.0.1
  iPod Updater 2004-07-15
  iPod Updater 2004-08-06
  iTunes
  J2SE Runtime Environment 5.0 Update 2
  J2SE Runtime Environment 5.0 Update 4
  J2SE Runtime Environment 5.0 Update 6
  Java 2 Runtime Environment, SE v1.4.2_01
  Java 2 Runtime Environment, SE v1.4.2_05
  Java 2 Runtime Environment, SE v1.4.2_06
  Launch Manager
  LiveReg (Symantec Corporation)
  LiveUpdate 2.6 (Symantec Corporation)
  Logitech® Camera Driver
  Macromedia Flash Player 8
  Macromedia Shockwave Player
  Magic ISO Maker v4.7 (build 0132)
  MapleStory
  Mathematica 5.2 for Students
  Matroska Pack - Lazy Man's MKV 0.94 (2004-11-11)
  Memories Disc Creator 2.0
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Hotfix (KB886903)
  Microsoft ActiveSync 4.0
  Microsoft Data Access Components KB870669
  Microsoft Encarta Encyclopedia 2000
  Microsoft Office Professional Edition 2003
  Mozilla Firefox (1.0.7)
  MUSICMATCH iPod Plug-in
  MUSICMATCH® Jukebox
  myTunes Redux 1.0
  Noble Poker
  Norton AntiVirus 2003 Professional Edition
  Norton WMI Update
  NTI CD & DVD-Maker Gold
  NYKO Gamepad Mapping Tools 2.0.0
  Olympus Digital Wave Player
  PartyPoker
  Post-it® Software Notes Lite
  PowerDVD
  PowerProducer
  QuickTime
  RealArcade
  RealPlayer
  Realtek AC'97 Audio
  Royal Vegas Poker
  Security Task Manager 1.6e
  Security Update for Windows Media Player (KB911564)
  Security Update for Windows Media Player 10 (KB911565)
  Security Update for Windows Media Player 10 (KB917734)
  Security Update for Windows XP (KB883939)
  Security Update for Windows XP (KB890046)
  Security Update for Windows XP (KB893756)
  Security Update for Windows XP (KB896358)
  Security Update for Windows XP (KB896422)
  Security Update for Windows XP (KB896423)
  Security Update for Windows XP (KB896424)
  Security Update for Windows XP (KB896428)
  Security Update for Windows XP (KB896688)
  Security Update for Windows XP (KB899587)
  Security Update for Windows XP (KB899588)
  Security Update for Windows XP (KB899589)
  Security Update for Windows XP (KB899591)
  Security Update for Windows XP (KB900725)
  Security Update for Windows XP (KB901017)
  Security Update for Windows XP (KB901214)
  Security Update for Windows XP (KB902400)
  Security Update for Windows XP (KB903235)
  Security Update for Windows XP (KB904706)
  Security Update for Windows XP (KB905414)
  Security Update for Windows XP (KB905749)
  Security Update for Windows XP (KB905915)
  Security Update for Windows XP (KB908519)
  Security Update for Windows XP (KB908531)
  Security Update for Windows XP (KB911280)
  Security Update for Windows XP (KB911562)
  Security Update for Windows XP (KB911567)
  Security Update for Windows XP (KB911927)
  Security Update for Windows XP (KB912812)
  Security Update for Windows XP (KB912919)
  Security Update for Windows XP (KB913446)
  Security Update for Windows XP (KB913580)
  Security Update for Windows XP (KB914388)
  Security Update for Windows XP (KB914389)
  Security Update for Windows XP (KB916281)
  Security Update for Windows XP (KB917159)
  Security Update for Windows XP (KB917344)
  Security Update for Windows XP (KB917422)
  Security Update for Windows XP (KB917953)
  Security Update for Windows XP (KB918439)
  Security Update for Windows XP (KB918899)
  Security Update for Windows XP (KB920214)
  Security Update for Windows XP (KB920670)
  Security Update for Windows XP (KB920683)
  Security Update for Windows XP (KB921398)
  Security Update for Windows XP (KB921883)
  Security Update for Windows XP (KB922616)
  SMSC IrCC Driver V5.1.2462.0 (WinXP)
  Spybot - Search & Destroy 1.3
  Starcraft
  StationRipper V1.13
  Steam
  Synaptics Pointing Device Driver
  The Core Media Player 4.0
  TI Connect(TM) 1.2.1
  TI-Black Link
  TI-Graph Link 83 Plus
  Trillian
  Update for Windows XP (KB894391)
  Update for Windows XP (KB896727)
  Update for Windows XP (KB898461)
  Update for Windows XP (KB900485)
  Update for Windows XP (KB910437)
  Update for Windows XP (KB916595)
  Winamp (remove only)
  Windows Genuine Advantage v1.3.0254.0
  Windows Installer 3.1 (KB893803)
  Windows Installer 3.1 (KB893803)
  Windows Media Format Runtime
  Windows Media Player 10
  Windows Media Player 10 Hotfix - KB894476
  Windows XP Hotfix - KB834707
  Windows XP Hotfix - KB867282
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB873339
  Windows XP Hotfix - KB885250
  Windows XP Hotfix - KB885835
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887472
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB887797
  Windows XP Hotfix - KB888113
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890047
  Windows XP Hotfix - KB890175
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB890923
  Windows XP Hotfix - KB891781
  Windows XP Hotfix - KB893066
  Windows XP Hotfix - KB893086
  Windows XP Service Pack 2
  WinRAR archiver
  Wolfram Notebook Indexer 1.1
  XviD MPEG4 Video Codec (remove only)
  Zoom Player (remove only)
  
  thanks for the help

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  no problem do you use DC++? if not i'd STRONGLY recommend uninstalling it via add/remove programs..let me know what you decide to do

  0
• RelaxX1230

  September 2006 edited September 2006

  well i uninstalled it, altho i dunno what to do now with my comp.... any ideas on what to do next?

  0
• RelaxX1230

  September 2006 edited September 2006

  duno if it helps, but it took a looooooooooooooooong time to load my programs when looking at add/remove programs

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  please post new hjt log

  0
• RelaxX1230

  September 2006 edited September 2006

  Logfile of HijackThis v1.99.1
  Scan saved at 12:14:03 AM, on 9/21/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\CRW\shwicon.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  Next, your version of Sun Java is outdated and should be updated.

  • Download the offline installer from HERE.
    • Accept the License Agreement
    • Select "Windows Offline Installation, Multi-language".
    • Save the file to your Desktop.
  • Next, uninstall your currently installed version from Add or Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version,
    it leaves the older version(s) still installed, complete with previous vulnerabilities.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Restart your system.
  • Install the new version by double-clicking on the file you downloaded.

  0
• RelaxX1230

  September 2006 edited September 2006

  ok got it... thanks. Do you need me to post anything?

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  good job, yes please post new hjt log & hows the pc running now?

  0
• RelaxX1230

  September 2006 edited September 2006

  Ok, heres the new log, but computer seems to be running the same.... I do notice tho that when im loading webpages firefox freezes in the middle for a bit then starts up again.... trying to find a connection between something and this virus but i cant seem to pinpoint what or where it is.... argh
  
  Logfile of HijackThis v1.99.1
  Scan saved at 3:14:01 PM, on 9/22/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CRW\shwicon.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\taskmgr.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  
  i uninstalled all the java stuff i had and just added that file u had me download, i hope that was right... now the only thing i have in my uninstall list is java 5.0 update 8, should i have downloaded a runtime with that?

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  nope you don't need to ..you did it right:)..please do the following-->Please do an online scan with Kaspersky WebScanner
  
  Click on Kaspersky Online Scanner
  
  You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
    
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

  • Scan Options:

  Scan Archives
  Scan Mail Bases
  
  [*]Click OK
  [*]Now under select a target to scan:

  Select

  My Computer
  
  [*]This will program will start and scan your system.
  [*]The scan will take a while so be patient and let it run.
  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:

  [*]Save the file to your desktop.
  [*]Copy and paste that information in your next post.
  

  0
• RelaxX1230

  September 2006 edited September 2006

  Ok here are the results
  
  Sunday, September 24, 2006 3:32:22 AM
  Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
  Kaspersky Online Scanner version: 5.0.83.0
  Kaspersky Anti-Virus database last update: 24/09/2006
  Kaspersky Anti-Virus database records: 225978
  Scan Settings
  Scan using the following antivirus database extended
  Scan Archives true
  Scan Mail Bases true
  Scan Target My Computer
  C:\
  D:\
  E:\
  Scan Statistics
  Total number of scanned objects 229871
  Number of viruses found 6
  Number of infected objects 12 / 0
  Number of suspicious objects 0
  Duration of the scan process 04:39:27
  
  Infected Object Name Virus Name Last Action
  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
  C:\Documents and Settings\Loren\Cookies\index.dat Object is locked skipped
  C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\Loren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\Loren\Local Settings\History\History.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\Loren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\Loren\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\Loren\ntuser.dat.LOG Object is locked skipped
  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
  C:\Downloads\radmin22.exe/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
  C:\Downloads\radmin22.exe/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
  C:\Downloads\radmin22.exe/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
  C:\Downloads\radmin22.exe Gentee: infected - 3 skipped
  C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
  C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
  C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
  C:\Program Files\Norton AntiVirus\Quarantine\02B50E80.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
  C:\Program Files\Norton AntiVirus\Quarantine\02B50E80.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
  C:\Program Files\Norton AntiVirus\Quarantine\02B50E80.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
  C:\Program Files\Norton AntiVirus\Quarantine\02B50E80.zip ZIP: infected - 3 skipped
  C:\Program Files\Norton AntiVirus\Quarantine\02B50E80.zip CryptFF: infected - 3 skipped
  C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
  C:\Sierra\Half-Life\hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
  C:\System Volume Information\_restore{73BDC787-7052-47CE-A99E-A8B73718CA93}\RP701\A0081218.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
  C:\System Volume Information\_restore{73BDC787-7052-47CE-A99E-A8B73718CA93}\RP702\A0082234.sys Infected: Backdoor.Win32.HacDef.fv skipped
  C:\System Volume Information\_restore{73BDC787-7052-47CE-A99E-A8B73718CA93}\RP712\change.log Object is locked skipped
  C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
  C:\WINDOWS\SchedLgU.Txt Object is locked skipped
  C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
  C:\WINDOWS\Sti_Trace.log Object is locked skipped
  C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
  C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
  C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
  C:\WINDOWS\system32\config\default.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SAM Object is locked skipped
  C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\SECURITY Object is locked skipped
  C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
  C:\WINDOWS\system32\config\software.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
  C:\WINDOWS\system32\config\system.LOG Object is locked skipped
  C:\WINDOWS\system32\h323log.txt Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
  C:\WINDOWS\wiadebug.log Object is locked skipped
  C:\WINDOWS\wiaservc.log Object is locked skipped
  C:\WINDOWS\WindowsUpdate.log Object is locked skipped
  D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
  D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
  D:\System Volume Information\_restore{73BDC787-7052-47CE-A99E-A8B73718CA93}\RP712\change.log Object is locked skipped
  Scan process completed.

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  did you intentionally put this on your computer-->C:\Downloads\radmin22.exe/radmin.exe and also please purge *delete everything* from your norton's quarentine folder and then do the following: click start>control panel>java icon>on the bottom click delete files>make sure all 3 boxes are checked>hit ok> close out all boxes after and reboot then post new HJT log along with the requested info from above

  0
• RelaxX1230

  September 2006 edited September 2006

  hmm, dont recall putting that on my computer but ive had this for a couple years now... i cant see why i need it tho...
  oh and that last scan didnt actally clean anything right? it just says whats wrong?
  
  Logfile of HijackThis v1.99.1
  Scan saved at 5:05:15 PM, on 9/24/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\taskmgr.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CRW\shwicon.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  
  Ha, this virus seems impossible to rid myself of.... Its odd how this one works too, sometimes when i reboot it seems fixed and wont start sending emails until like 2 hours after its on and idle, but sometimes is starts sending right as windows is loading. Odd.

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  lets try this:
  
  Download Avenger from here:
  http://swandog46.geekstogo.com/
  
  Open the program. Check the 'Input script manually' option.
  Click the Magnifying Glass icon.
  In the box that opens, paste this:
  
  Files to delete:
  C:\Downloads\radmin22.exe
  
  and click 'Done'
  
  Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.
  
  Post the Avenger output.txt, which you can find at C:\Avenger\.txt
  also did you clear out your norton quarentine and java's cache like I asked in my previous post? just making sure you did as its important

  0
• RelaxX1230

  September 2006 edited September 2006

  Oh yeah sorry about that I did dump the quarentines and the java files. Heres the avenger log, worked perfect but still getting those email popups
  
  Logfile of The Avenger version 1, by Swandog46
  Running from registry key:
  \Registry\Machine\System\CurrentControlSet\Services\sphdjvfl
  
  *******************
  
  Script file located at: \??\C:\WINDOWS\dnccylwo.txt
  Script file opened successfully.
  
  Script file read successfully
  
  Backups directory opened successfully at C:\Avenger
  
  *******************
  
  Beginning to process script file:
  
  File C:\Downloads\radmin22.exe deleted successfully.
  
  Completed script processing.
  
  *******************
  
  Finished! Terminate.
  
  and HJT
  
  Logfile of HijackThis v1.99.1
  Scan saved at 6:26:20 PM, on 9/24/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CRW\shwicon.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\WINDOWS\system32\notepad.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\taskmgr.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  
  should I try and delete the files that kaspersky virusscan found?

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  good job, hmm what exactly is this virus doing with the emails again?could you explain in detail,also no some of the files kaspersky found are just "locked" not infected

  0
• RelaxX1230

  September 2006 edited September 2006

  Ok, ill try to explain this the best i can.
  
  First my computer will boot up, and ill get to the desktop fine. The services start loading up and area next to to clock will start showing icons or whatever (notification area?) and its fine. Now heres where things start going screwy.
  
  After some time (i have found anywhere between instantly to 3 hours after bootup while the computer is idle) symantec begins scanning these random outgoing emails like mad, and LOTS of notifications appear on my screen like "error sending to ASFGS@yahoo.com: Server is inactive" or something along those lines.... hundreds start popping up and as you would guess my computer is trying to process all these. Ive found that the only way to make them all disappear is to stop the process ccApp via task manager when this is happening. Ive thought of just disabling ccApp, but i feel that the virus would just be working in the background and until i get rid of it this trend will keep happening. I guess thats the best i can explain it, if you have any specific questions that would help identify this problem ill definitly try and get whatever you need. Thanks for all the help so far i really appreciate it.

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  thanks for that info it helps alot now while I go research this further lets see if this will find/cure anything please run this online virus scan-->http://www3.ca.com/securityadvisor/virusinfo/scan.aspx allow the active X to be installed then place a check next to my computer and when its done scanning if it finds any infected files first try to "cure it" via the cure option then if that doesn't work delete it via the delete file option, let me know how that goes

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  relaxx, i think i may have found the root of the problem (with help from RPG girl) ..please do the following-->Download SDFix and save it to your desktop.
  
  Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  0
• RelaxX1230

  September 2006 edited September 2006

  Oh man i have a good feeling about this...
  
  heres the report
  
  SDFix: Version 1.26

  ---

  
  Scan run on:
  Mon 09/25/2006
  
  Time:
  06:21 PM
  
  
  Microsoft Windows XP [Version 5.1.2600]
  
  Running from: C:\Documents and Settings\Loren\Desktop\SDFix
  
  Stage One...
  
  Checking Services...
  
  Name:

  ---

  
  NETAPI
  SpoolSvc227
  TIME
  WTIME
  
  Path:
  ----
  
  "C:\WINDOWS\system32\ntps.exe"
  C:\WINDOWS\system32\cjnr4r4rcmxi.exe /service
  C:\WINDOWS\system32\mlsdf8hvisd.exe
  \??\C:\WINDOWS\system32\timedrv26.sys
  
  
  NETAPI ... deleted
  SpoolSvc227 ... deleted
  TIME ... deleted
  WTIME ... deleted
  
  
  Repairing Registry...
  
  Restoring Default Hosts File...
  
  Stage One Complete
  
  Rebooting!
  
  Stage Two...
  
  Registry Cleaning Finished...
  
  Checking For Malware Files:

  ---

  
  C:\WINDOWS\system32\cjnr4r4jvgqb.exe
  C:\WINDOWS\system32\cjnr4r4kxhsc.exe
  C:\WINDOWS\system32\cjnr4r4ozjufq.exe
  C:\WINDOWS\system32\cjnr4r4pcmwhs.exe
  C:\WINDOWS\system32\cjnr4r4rcmxi.exe
  C:\WINDOWS\system32\cjnr4r4tfpalvgrc.exe
  C:\WINDOWS\system32\cjnr4r4vgrbmxit.exe
  C:\WINDOWS\Temp\cjnr4r43699210.exe
  C:\WINDOWS\Temp\cjnr4r49A66C476.tmp
  C:\WINDOWS\Temp\cjnr4r49A66C477.tmp
  C:\WINDOWS\system32\sklrr7ycozju.exe
  C:\WINDOWS\system32\sklrr7yepalvgrcn.exe
  C:\WINDOWS\system32\sklrr7yfqalwh.exe
  C:\WINDOWS\system32\sklrr7ygqbm.exe
  C:\WINDOWS\system32\sklrr7yhscnyjuf.exe
  C:\WINDOWS\system32\sklrr7ykufqb.exe
  C:\WINDOWS\system32\sklrr7ymxisd.exe
  C:\WINDOWS\system32\sklrr7ynyite.exe
  C:\WINDOWS\system32\sklrr7ynyjtepalw.exe
  C:\WINDOWS\system32\sklrr7yoalvgrb.exe
  C:\WINDOWS\system32\sklrr7yrdoyju.exe
  C:\WINDOWS\system32\sklrr7yykvfqa.exe
  C:\WINDOWS\Temp\sklrr7y1602853.exe
  C:\WINDOWS\Temp\sklrr7y3204758.exe
  C:\WINDOWS\Temp\sklrr7y6572018.exe
  C:\WINDOWS\Temp\sklrr7y8520508.exe
  C:\WINDOWS\system32\mlsdf8hitdozkv.exe
  C:\WINDOWS\system32\mlsdf8hiufpa.exe
  C:\WINDOWS\system32\mlsdf8hjuepal.exe
  C:\WINDOWS\system32\mlsdf8hpakvgrc.exe
  C:\WINDOWS\system32\mlsdf8hqblwhsdo.exe
  C:\WINDOWS\system32\mlsdf8hugqblwh.exe
  C:\WINDOWS\system32\mlsdf8hvisd.exe
  C:\WINDOWS\Temp\mlsdf8h3152749.exe
  C:\WINDOWS\Temp\mlsdf8h4752664.exe
  C:\WINDOWS\system32\nlkfev7alwgr.exe
  C:\WINDOWS\system32\nlkfev7anxisdoz.exe
  C:\WINDOWS\system32\nlkfev7fqalwhs.exe
  C:\WINDOWS\system32\nlkfev7kvfq.exe
  C:\WINDOWS\system32\nlkfev7oalv.exe
  C:\WINDOWS\system32\nlkfev7qblwhs.exe
  C:\WINDOWS\system32\nlkfev7rdoy.exe
  C:\WINDOWS\system32\nlkfev7reoz.exe
  C:\WINDOWS\system32\nlkfev7seozjufq.exe
  C:\WINDOWS\system32\nlkfev7wgrcn.exe
  C:\WINDOWS\system32\nlkfev7xjteozkvgr.exe
  C:\WINDOWS\system32\nlkfev7zlvgr.exe
  C:\WINDOWS\Temp\nlkfev72602022.exe
  C:\WINDOWS\Temp\nlkfev78763D771.tmp
  C:\WINDOWS\Temp\nlkfev78763D774.tmp
  C:\WINDOWS\Temp\nlkfev79124212.exe
  C:\WINDOWS\system32\dior4f4bnxi.exe
  C:\WINDOWS\system32\dior4f4bnxitdozkv.exe
  C:\WINDOWS\system32\dior4f4eqbl.exe
  C:\WINDOWS\system32\dior4f4gscnc.exe
  C:\WINDOWS\system32\dior4f4hscnyju.exe
  C:\WINDOWS\system32\dior4f4nakufq.exe
  C:\WINDOWS\system32\dior4f4qbmxhsdoal.exe
  C:\WINDOWS\system32\dior4f4sdoyju.exe
  C:\WINDOWS\system32\dior4f4ufqalw.exe
  C:\WINDOWS\Temp\dior4f45073901.exe
  C:\WINDOWS\Temp\dior4f46107836.exe
  C:\WINDOWS\system32\timedrv26.sys
  
  Backing Up and Removing any Files Found...
  
  Final Check:
  
  Remaining Services:

  ---

  
  Remaining Files:

  ---

  
  
  
  *Any removed Files are saved in the SDFix\backups Folder*
  
  *FINISHED*
  
  and the new (and hopefully the last) HJT log
  
  Logfile of HijackThis v1.99.1
  Scan saved at 6:59:38 PM, on 9/25/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CRW\shwicon.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  C:\Program Files\Google\Gmail Notifier\gnotify.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Post It\PsnLite.exe
  C:\PROGRA~1\POSTIT~1\PSNGive.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Loren\Desktop\Computer Ckeaners\HijackThis.exe
  C:\Program Files\Messenger\msmsgs.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=time2relaxx
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
  O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post It\PsnLite.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  
  ...So far so good, lets see what time will tell haha

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  lo, very good my friend log looks clean how are things? did the email situation stop? and a special thanks again to RPG girl:headbange

  0
• RelaxX1230

  September 2006 edited September 2006

  haha!!! you did it!! thank you so much!!!!!!!!!!! Oh man wouldnt have gotten this fixed without ur help, you have my deepest gratitude. That had to be the most annoying bug ive ever encountered! Ill be sure to refer everyone right here. I cant thank you enough!!

  0