too many unkown processes

Topic:too many unkown processes

Remainpoint:0

computermaineack Gender

PostTime:12/16/2008 12:18:50 PM

Top

Level:

Professional point:

Experience:

Thread:

275

Post:

917

Total online time:

13M

Joined date:

4/28/2007 11:37:00 PM

Last Visit:

12/16/2008 11:49:17 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

I am have too many processing running that I don't the sources of, Iexplore.exe is hogging the system however I don't even use intermet Explorer.

Here is a copy of my Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 9:23:11 AM, on 10/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\runservice7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\zstgtazo.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
F:\software\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\WINDOW~4\tbu07847\tbhelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB05999 - {41CC72EE-6DC3-4045-90B3-66ADC6395189} - C:\PROGRA~1\WINDOW~4\tbu07847\WIN_FT~1.DLL
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O3 - Toolbar: Windows FTP plugin - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Windows FTP key\tbu07847\win_ftp_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SvcManager] runservice7.exe
O4 - HKLM\..\Run: [zstgtazo.exe] C:\WINDOWS\System32\zstgtazo.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\System32\stcheck32.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [xdsqwe2r] C:\WINDOWS\System32\pyvidqvm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{89A4EAC4-02DF-4448-B3E4-1D613574420C}: NameServer = 85.255.116.70,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8533E69-6BB6-4765-82AB-404EC24B108D}: NameServer = 85.255.116.70,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Lane	PostTime:12/16/2008 2:16:11 PM	Point:0 \| # 1
Level: 1 Professional point: 87 Experience: 35 Thread: 282 Post: 936 Total online time: 35M Joined date: 4/28/2007 11:15:00 PM Last Visit: 12/16/2008 11:26:43 PM Status:	Ok Now have done all that HJT log file Logfile of HijackThis v1.99.1 Scan saved at 5:43:18 AM, on 17/05/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\zstgtazo.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: TBSB05999 - {41CC72EE-6DC3-4045-90B3-66ADC6395189} - C:\PROGRA~1\WINDOW~4\tbu07847\WIN_FT~1.DLL O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file) O3 - Toolbar: Windows FTP plugin - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Windows FTP key\tbu07847\win_ftp_plugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SvcManager] runservice7.exe O4 - HKLM\..\Run: [zstgtazo.exe] C:\WINDOWS\System32\zstgtazo.exe O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\System32\stcheck32.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [xdsqwe2r] C:\WINDOWS\System32\pyvidqvm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/au/securityadvisor...n/pestscan.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/au/securityadvisor...fo/webscan.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Thanks again for this assistance


vovk	PostTime:12/16/2008 2:32:47 PM	Point:0 \| # 2
Level: 1 Professional point: 0 Experience: 14 Thread: 314 Post: 924 Total online time: 14M Joined date: 4/24/2007 6:51:00 AM Last Visit: 12/17/2008 12:02:44 AM Status:	Thanks for your response, I have followed your instructions here are the log files Report.txt Fixwareout Last edited 5/15/2007 Post this report in the forums please ... Prerun check ?br /> ?Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ?Misc files. .... ?Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ ?Other ?Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SvcManager"="runservice7.exe" "zstgtazo.exe"="C:\\WINDOWS\\System32\\zstgtazo.exe" "Privacy tools"="C:\\WINDOWS\\System32\\stcheck32.exe" "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart" "xdsqwe2r"="C:\\WINDOWS\\System32\\pyvidqvm.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe" "AcctMgr"="C:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" .... Hosts file was reset, If you use a custom hosts file please replace it ?End report ?br /> HJT Logfile of HijackThis v1.99.1 Scan saved at 5:52:09 AM, on 16/05/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\zstgtazo.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: TBSB05999 - {41CC72EE-6DC3-4045-90B3-66ADC6395189} - C:\PROGRA~1\WINDOW~4\tbu07847\WIN_FT~1.DLL O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file) O3 - Toolbar: Windows FTP plugin - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Windows FTP key\tbu07847\win_ftp_plugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SvcManager] runservice7.exe O4 - HKLM\..\Run: [zstgtazo.exe] C:\WINDOWS\System32\zstgtazo.exe O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\System32\stcheck32.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [xdsqwe2r] C:\WINDOWS\System32\pyvidqvm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/au/securityadvisor...n/pestscan.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/au/securityadvisor...fo/webscan.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
	Love my life!!


synergy	PostTime:12/16/2008 5:28:26 PM	Point:0 \| # 3
Level: 1 Professional point: 78 Experience: 33 Thread: 287 Post: 923 Total online time: 33M Joined date: 4/29/2007 2:43:00 AM Last Visit: 12/17/2008 1:00:30 AM Status:	Combo fix log file "NB" - 2007-05-16 22:46:00 Service Pack 1 ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\NB\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 05:31 9,416 --a------ C:\dnsbak.reg 2007-05-15 06:26 <DIR> d-------- C:\Program Files\SkillSoft 2007-05-11 18:36 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-10 09:19 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-08 21:17 67,167 --a------ C:\WINDOWS\system32\drivers\hsf_bsc2.sys 2007-05-08 21:17 50,751 --a------ C:\WINDOWS\system32\drivers\hsf_tone.sys 2007-05-08 21:17 488,383 --a------ C:\WINDOWS\system32\drivers\hsf_v124.sys 2007-05-08 21:17 44,863 --a------ C:\WINDOWS\system32\drivers\hsf_soar.sys 2007-05-07 10:41 397,312 -ra------ C:\WINDOWS\system32\ZSHP1020.EXE 2007-05-07 10:41 106,496 -ra------ C:\WINDOWS\system32\VSHP1020.DLL 2007-05-07 10:40 86,016 -ra------ C:\WINDOWS\system32\ZLhp1020.DLL 2007-05-07 07:29 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-05-02 06:05 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-02 06:05 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-23 09:42 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-23 09:42 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-23 09:42 <DIR> d-------- C:\Program Files\Xvid 2007-04-23 09:40 <DIR> d-------- C:\DOCUME~1\NB\APPLIC~1\DivX 2007-04-22 21:56 <DIR> d-------- C:\Program Files\Google 2007-04-22 09:28 <DIR> d-------- C:\Program Files\Windows FTP key 2007-04-22 09:21 <DIR> d-------- C:\WINDOWS\system32\lrdaiqrs 2007-04-22 09:18 54,272 --a------ C:\WINDOWS\system32\zstgtazo.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-08 10:44:15 -------- d-----w C:\DOCUME~1\NB\APPLIC~1\Canon 2007-05-03 09:36:48 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-01 20:35:51 -------- d-----w C:\Program Files\Norton SystemWorks 2007-05-01 20:12:30 -------- d-----w C:\Program Files\Symantec 2007-04-22 23:38:41 -------- d-----w C:\Program Files\DivX 2007-04-01 19:36:04 -------- d-----w C:\DOCUME~1\NB\APPLIC~1\Uniblue 2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-03-27 07:55:32 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-27 07:55:32 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-27 07:55:31 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll 2007-03-17 19:45:49 -------- d-----w C:\DOCUME~1\NB\APPLIC~1\AdobeUM 2007-03-17 19:45:26 -------- d-----w C:\DOCUME~1\NB\APPLIC~1\Opera 2007-03-17 19:45:03 -------- d-----w C:\Program Files\Opera 2007-03-09 20:37:57 1,024 ----a-w C:\hjibde.exe 2007-03-08 11:15:29 -------- d--h--w C:\Program Files\WindowsUpdate 2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects] "{41CC72EE-6DC3-4045-90B3-66ADC6395189}"="C:\PROGRA~1\WINDOW~4\tbu07847\WIN_FT~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" "{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SvcManager"="runservice7.exe" "zstgtazo.exe"="C:\\WINDOWS\\System32\\zstgtazo.exe" "Privacy tools"="C:\\WINDOWS\\System32\\stcheck32.exe" "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart" "xdsqwe2r"="C:\\WINDOWS\\System32\\pyvidqvm.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe" "AcctMgr"="C:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\Symantec Drmc.job C:\WINDOWS\tasks\Symantec NetDetect.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 22:49:39 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\RECYCLER\NPROTECT C:\RECYCLER\NPROTECT\00000210.win 16384 bytes C:\RECYCLER\NPROTECT\00000213.win 4096 bytes C:\RECYCLER\NPROTECT\00000214.win 4096 bytes C:\RECYCLER\NPROTECT\00000216.win 656 bytes C:\RECYCLER\NPROTECT\00000217.js 144 bytes . . .This list goes on for 1500 file have cut it out if you require it I can post all .. C:\RECYCLER\NPROTECT\00002025.cf 96 bytes C:\RECYCLER\NPROTECT\00002026.cf 104 bytes C:\RECYCLER\NPROTECT\00002027.cf 96 bytes C:\RECYCLER\NPROTECT\00002028.cf 96 bytes C:\RECYCLER\NPROTECT\00002029.cf 96 bytes C:\RECYCLER\NPROTECT\NPROTECT.LOG 647168 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1506 ****************************************************************** Completion time: 2007-05-16 22:49:54 C:\ComboFix-quarantined-files.txt ... 2007-05-16 22:49 C:\ComboFix2.txt ... 2007-05-11 18:36 Thanks again for all this help

Twisteddso

PostTime:12/16/2008 9:12:46 PM

Point:0

# 4

Level:

Professional point:

Experience:

Thread:

294

Post:

1009

Total online time:

11M

Joined date:

4/29/2007 2:38:00 AM

Last Visit:

12/17/2008 12:46:59 AM

Status:

I don't need to see the C:\RECYCLER\NPROTECT lines from the report. I would suggest from time to time you empty the recycler.

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:

Files to delete:
C:\WINDOWS\System32\zstgtazo.exe
C:\WINDOWS\System32\stcheck32.exe
C:\WINDOWS\System32\pyvidqvm.exe
C:\WINDOWS\system32\runservice7.exe
C:\hjibde.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh hijackthis log.


vovk	PostTime:12/16/2008 10:12:16 PM	Point:0 \| # 5
Level: 1 Professional point: 0 Experience: 14 Thread: 314 Post: 924 Total online time: 14M Joined date: 4/24/2007 6:51:00 AM Last Visit: 12/17/2008 12:02:44 AM Status:	Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall
	Love my life!!


RAECH	PostTime:12/16/2008 11:18:07 PM	Point:0 \| # 6
Level: 30 Professional point: 0 Experience: 27341 Thread: 272 Post: 945 Total online time: 27341M Joined date: 4/24/2007 9:26:00 AM Last Visit: 4/13/2009 10:45:15 PM Status:	You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Run HJT again and put a check in the following: O17 - HKLM\System\CCS\Services\Tcpip\..\{89A4EAC4-02DF-4448-B3E4-1D613574420C}: NameServer = 85.255.116.70,85.255.112.101 O17 - HKLM\System\CCS\Services\Tcpip\..\{A8533E69-6BB6-4765-82AB-404EC24B108D}: NameServer = 85.255.116.70,85.255.112.101 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101 Close all applications and browser windows before you click "fix checked". Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step . CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed. Double-click the Network Connections icon Right-click the Local Area Connection icon and select Properties. Hilight Internet Protocol (TCP/IP) and click the Properties button. Be sure Obtain DNS server address automatically is selected. OK your way out. Go to Start > Run and type in cmd Click OK. This will open a command prompt. Type the following line in the command window: ipconfig /flushdns Hit Enter Exit the command window Now restart your machine. Post the report.txt and a new Hijackthis log.

Sorry, you are not login, click here to login