Options

Ads 234 Removal - PC going out the Window

Unknown
edited December 2004 in Spyware & Virus Removal
Hi,
This is my first post, and after a lot of searching around (to no avail) I cam accross this site which has the experts to rid me of my problem - Ads 234 !!. I have (or one of my 5 kids) has inadvertantly infested our PC with Ads 234. I have tried with CW SHredder, SpyBot and Spysubtract to remove it, but have had no joy.

I would very much appreciate it if somebody could help out if possible. I would be eternally grateful.

Below is a copy of my Hijack file: Thanks in advance if anyone could help me out.

Regards
Jase


Logfile of HijackThis v1.99.0
Scan saved at 17:54:14, on 22/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\asflntdx.exe
C:\WINDOWS\System32\djplks.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\documents and settings\dad\local settings\temp\QeyrVaCHJ.exe
C:\documents and settings\dad\local settings\temp\v.exe
C:\Documents and Settings\Dad\Application Data\eetu.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Xkr8iz.exe
C:\WINDOWS\System32\Iweh9T.exe
C:\WINDOWS\System32\m?iexec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\InterMute\AdSubtract\AdSub.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\userinit.exe
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - (no file)
O2 - BHO: (no name) - {4EA7375B-9C14-2999-D750-64550DA82E18} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\ug7qo.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Dad\Local Settings\Temp\CXTrCsJ86.dll
O2 - BHO: (no name) - {F1FDC88F-2335-50E4-1F54-5EF07CCC6690} - C:\WINDOWS\System32\djyec.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\System32\adsubtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ownjrrsu] C:\WINDOWS\System32\asflntdx.exe
O4 - HKLM\..\Run: [qsvtmcjvex] C:\WINDOWS\System32\djplks.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [QeyrVaCHJ] C:\documents and settings\dad\local settings\temp\QeyrVaCHJ.exe
O4 - HKLM\..\Run: [v] C:\documents and settings\dad\local settings\temp\v.exe
O4 - HKLM\..\Run: [P2le] C:\documents and settings\dad\local settings\temp\P2le.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wdi7.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Dad\Application Data\eetu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Jitem] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\xcopy.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{803958B2-5785-49E1-A8A4-DBEEB4BAA8E2}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2004
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Dad\Local Settings\Temp\CXTrCsJ86.dll
    O2 - BHO: (no name) - {F1FDC88F-2335-50E4-1F54-5EF07CCC6690} - C:\WINDOWS\System32\djyec.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [ownjrrsu] C:\WINDOWS\System32\asflntdx.exe
    O4 - HKLM\..\Run: [qsvtmcjvex] C:\WINDOWS\System32\djplks.exe
    O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
    O4 - HKLM\..\Run: [QeyrVaCHJ] C:\documents and settings\dad\local settings\temp\QeyrVaCHJ.exe
    O4 - HKLM\..\Run: [v] C:\documents and settings\dad\local settings\temp\v.exe
    O4 - HKLM\..\Run: [P2le] C:\documents and settings\dad\local settings\temp\P2le.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wdi7.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Dad\Application Data\eetu.exe
    O4 - HKCU\..\Run: [Jitem] C:\WINDOWS\System32\m?iexec.exe
    O4 - HKCU\..\Run: [Clock] C:\WINDOWS\xcopy.exe

    Fix those entries then find and delete the files listed above, reboot and post a new log.
  • JPJ
    edited December 2004
    Thanks for your help. Done what you have advised. The following is the new "log file":

    Logfile of HijackThis v1.99.0
    Scan saved at 10:04:32, on 23/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPserv.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Parallel Tasking\ptask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Netropa\OSD.exe
    C:\WINDOWS\System32\ZybTPXa.exe
    C:\WINDOWS\System32\Iweh9T.exe
    C:\Program Files\Ares\Ares.exe
    C:\WINDOWS\mmc.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\InterMute\AdSubtract\AdSub.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\DOCUME~1\Dad\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1032
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\System32\userinit.exe
    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - (no file)
    O2 - BHO: (no name) - {4EA7375B-9C14-2999-D750-64550DA82E18} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
    O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\ug7qo.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\System32\adsubtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" /hidden
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Qdo78j0i.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Clock] C:\WINDOWS\osk.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{803958B2-5785-49E1-A8A4-DBEEB4BAA8E2}: NameServer = 195.92.195.95 195.92.195.94
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2004
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - (no file)
    O2 - BHO: (no name) - {4EA7375B-9C14-2999-D750-64550DA82E18} - (no file)
    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
    O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\ug7qo.dll (file missing)
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

    Fix those entries then post a new log. You don't have to delete anything or reboot since they are only (no file) entries. This is just to clean up your log, you still have some spyware.
  • JPJ
    edited December 2004
    Thanks a lot for your help. Ads 234 has definately gone, your help is very much appreciated especially by my kids who were about to be throttled !!

    New log file looks like this:

    Regards
    Jase

    Logfile of HijackThis v1.99.0
    Scan saved at 17:32:17, on 23/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPserv.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Parallel Tasking\ptask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Ares\Ares.exe
    C:\WINDOWS\mmc.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\InterMute\AdSubtract\AdSub.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\Iweh9T.exe
    C:\WINDOWS\System32\Jfm38U2.exe
    C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Ahead\nero\nero.exe
    C:\DOCUME~1\Dad\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1032
    F2 - REG:system.ini: UserInit=C:\Windows\System32\userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\System32\adsubtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" /hidden
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wdi7.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Clock] C:\WINDOWS\osk.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{803958B2-5785-49E1-A8A4-DBEEB4BAA8E2}: NameServer = 195.92.195.95 195.92.195.94
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2004
    O4 - HKCU\..\Run: [Clock] C:\WINDOWS\osk.exe

    Fix that entry then find and delete osk.exe, reboot and post a new log. You still have the peper trojan, which we will need a tool to remove.
  • JPJ
    edited December 2004
    Hi,
    Removed the entry and deleted the osk.exe file from C:\Windows. New log file as follows:

    Logfile of HijackThis v1.99.0
    Scan saved at 19:21:53, on 23/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Parallel Tasking\ptask.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\EngpL.exe
    C:\WINDOWS\System32\Iweh9T.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\InterMute\AdSubtract\AdSub.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dad\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1031
    F2 - REG:system.ini: UserInit=C:\Windows\System32\userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\System32\adsubtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" /hidden
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wdi7.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{803958B2-5785-49E1-A8A4-DBEEB4BAA8E2}: NameServer = 195.92.195.95 195.92.195.94
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2004
    http://www.bleepingcomputer.com/files/virus/PeperFix.exe

    Download and run that tool once, then reboot and run it again. Once you have done that, reboot again and post a new log.
  • JPJ
    edited December 2004
    Hi,
    A Merry Christmas and Happy New Year to you - thanks for all your help. I have done as you have advised. The program found 9 files and deleted them. I owe you a few beers !!. New Log File now looks like this:

    Regards
    Jase

    Logfile of HijackThis v1.99.0
    Scan saved at 19:05:25, on 24/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPserv.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Parallel Tasking\ptask.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\InterMute\AdSubtract\AdSub.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dad\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1036
    F2 - REG:system.ini: UserInit=C:\Windows\System32\userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" /hidden
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wdi7.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{803958B2-5785-49E1-A8A4-DBEEB4BAA8E2}: NameServer = 195.92.195.94 195.92.195.95
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
    O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Sign In or Register to comment.