View Full Version : surf sidekick3 !!! HELP
disco zippy
2006-05-31, 22:19
hi forum, and sorry if im posting this in the wrong place.
can anyone help me with the removal of surfsidekick3 that has somehow ended up on my pc.. i have tried via the add remove programs route. with no joy.
so i searched on this subject and found i was not alone with this thing, i have d/l hijackthis and created my log.
if anyone can help, that would be cracking.
Logfile of HijackThis v1.99.1
Scan saved at 9:18:13 PM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RGFtaWFu\command.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\defender24.exe
C:\WINDOWS\system32\PPATCH~1\msiexec.exe
C:\Program Files\Common Files\??crosoft.NET\w?wexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Damian\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Tuup] "C:\WINDOWS\system32\PPATCH~1\msiexec.exe" -vt yazr
O4 - HKCU\..\Run: [Rfzylm] C:\Program Files\Common Files\??crosoft.NET\w?wexec.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8274802E-D555-455D-8B35-B469D9DB4153}: NameServer = 80.225.248.50 80.225.248.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\k8no0i53e8.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFtaWFu\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
LonnyRJones
2006-06-04, 13:57
Download and run Look2Me-Destroyer: http://www.atribune.org/content/view/28/
A log will open when your pc has been restarted, post it.
"C:\DOCUME~1\Damian\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe"
Your running Hijackthis from a temp and/Or it still hasnt been unzipped, neither is a good idea.
Create a new folder, for instance C:\AntiSpyware
Download the exe from here to that new folder.
http://www.merijn.org/files/HijackThis.exe
This is necessary to ensure you have backups should anything go wrong
Make and post a new log
disco zippy
2006-06-04, 15:15
this is the log for look2me.
cheers for your help
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/4/2006 1:59:10 PM
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028555.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028604.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029648.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029656.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029814.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029815.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029846.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029847.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030862.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030877.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030878.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030916.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030932.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030939.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030950.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030963.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030968.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031336.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031337.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031365.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031376.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031383.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031393.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031401.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031408.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031421.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031431.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031432.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031441.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031452.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031459.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031477.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031484.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031493.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031500.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031507.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031559.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031573.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031584.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031588.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031596.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031671.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031688.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031738.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031758.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031759.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031760.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032610.dll
Infected! C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032611.dll
Attempting to delete infected files...
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028555.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028555.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028604.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP33\A0028604.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029648.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029648.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029656.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029656.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029814.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029814.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029815.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP34\A0029815.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029846.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029846.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029847.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP36\A0029847.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030862.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030862.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030877.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030877.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030878.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030878.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030916.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP37\A0030916.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030932.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030932.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030939.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030939.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030950.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030950.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030963.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030963.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030968.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP38\A0030968.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031336.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031336.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031337.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP41\A0031337.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031365.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031365.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031376.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031376.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031383.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031383.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031393.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031393.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031401.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031408.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP42\A0031408.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031421.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031421.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031431.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031431.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031432.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP43\A0031432.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031441.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031441.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031452.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031452.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031459.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP44\A0031459.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031477.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031477.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031484.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031484.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031493.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031493.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031500.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031500.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031507.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP46\A0031507.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031559.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031559.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031573.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031573.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031584.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031584.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031588.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031588.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031596.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031596.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031671.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031671.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031688.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031688.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031738.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031738.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031758.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031758.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031759.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031759.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031760.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP47\A0031760.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032610.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032610.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032611.dll
C:\System Volume Information\_restore{58EFD359-FC99-4B23-8FBF-D9E6F3D70A95}\RP48\A0032611.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AFEE7F04-7AC3-419D-8778-7D2563628D6D}"
HKCR\Clsid\{AFEE7F04-7AC3-419D-8778-7D2563628D6D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3A47C35B-E7F4-4CCA-AC9A-B5532F8F353F}"
HKCR\Clsid\{3A47C35B-E7F4-4CCA-AC9A-B5532F8F353F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1E1BD457-AB6A-4444-BAC4-AAC45B6F16CB}"
HKCR\Clsid\{1E1BD457-AB6A-4444-BAC4-AAC45B6F16CB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{48211A2B-25DC-41A3-A0B3-398E3AF43980}"
HKCR\Clsid\{48211A2B-25DC-41A3-A0B3-398E3AF43980}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E210C1CD-DE2A-4C84-9C47-C6BC090AE10C}"
HKCR\Clsid\{E210C1CD-DE2A-4C84-9C47-C6BC090AE10C}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
disco zippy
2006-06-04, 15:21
hi Loony
not to sure if you wanted the log from look2me or hijack this log??
so i have posted both.
i will be active most of the day.
Logfile of HijackThis v1.99.1
Scan saved at 2:16:15 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Damian\Desktop\anti virus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rfzylm] C:\Program Files\Common Files\??crosoft.NET\w?wexec.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Tuup] "C:\WINDOWS\system32\PPATCH~1\msiexec.exe" -vt yazr
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8274802E-D555-455D-8B35-B469D9DB4153}: NameServer = 80.225.248.50 80.225.248.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
LonnyRJones
2006-06-04, 15:39
Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
O4 - HKCU\..\Run: [Rfzylm] C:\Program Files\Common Files\??crosoft.NET\w?wexec.exe
====================================
Hit fix checked and close Hijackthis.
Download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip).
Unzip it to it’s own folder (c:\BFU)
It must be unzipped to the c:\BFU folder (Or the drive windows is installed to, which is normaly C:\)
Rightclick on this link and choose save target as, save sidekickFix.bat to that BFU folder.
====
http://downloads.subratam.org/Lon/sidekickFix.bat
====
Close all browsers, explorer folder's then Run sidekickFix.bat
Choose yes and fallow the prompts, when prompted to restart the PC do so.
After the PC has restarted and you are here at the forum make and post a hijackthis log.
disco zippy
2006-06-04, 16:31
i followed instructions. but im not to sure if anything worked??
i placed ticks on the ones you said on hijack this.
after i place the ticks, all i need to do is fix selected yes??? is that right??
i downloaded brute force and followed what you said, i think it worked it told me that the system would shut down for the changes to take effect.
this is the new log from hjt
Logfile of HijackThis v1.99.1
Scan saved at 3:25:21 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rfzylm] C:\Program Files\Common Files\??crosoft.NET\w?wexec.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Tuup] "C:\WINDOWS\system32\PPATCH~1\msiexec.exe" -vt yazr
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8274802E-D555-455D-8B35-B469D9DB4153}: NameServer = 80.225.248.50 80.225.248.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
LonnyRJones
2006-06-04, 16:44
"after i place the ticks, all i need to do is fix selected yes??? is that right??"
Look at the instructions , it say's
Start Hijackthis and place a check next to these items If there.
====================================
Hit fix checked and close Hijackthis.
Repeat the instructions posted above Including the bfu and sidekickfix part again after turning off adwatch
Open AdAware Se.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you can see two checkable items called Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck those boxes.
disco zippy
2006-06-04, 17:31
this is the new log
i turned off the settings on ad-watch. and ran hjt again and bfu.
Logfile of HijackThis v1.99.1
Scan saved at 4:28:11 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8274802E-D555-455D-8B35-B469D9DB4153}: NameServer = 80.225.248.50 80.225.248.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
LonnyRJones
2006-06-04, 17:38
Looks better :)
It appears you turn adwatch back on / turn it off again and fix these items using hijackthis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com (http://searchbar.findthewebsiteyouneed.com/)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://searchbar.findthewebsiteyouneed.com/)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com (http://www.findthewebsiteyouneed.com/)
Later when we are completly finished turn adwatch back on
Why do you have both stopzilla and Panicware's Pop-Up Stopper Free Edition ?
disco zippy
2006-06-04, 17:47
sorry did'nt realize i had turned ad-watch back on.
i had to try and stop the pop-ups and panic-ware popup stopper was'nt stopping any thing, so i put stopzilla on the day after i put my first post on here, just to make the web useable. it stopped them but its only a unregistered version.
cheers for all your help m8 anyway. is it looking any better.
Logfile of HijackThis v1.99.1
Scan saved at 4:41:03 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8274802E-D555-455D-8B35-B469D9DB4153}: NameServer = 80.225.248.50 80.225.248.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
LonnyRJones
2006-06-04, 17:53
Looks ok
Uninstall one of those antivirus programs, i suggest you keep Nod32 and uninstall norton.
disco zippy
2006-06-04, 18:51
seems to be working fine. no pop-ups and running faster
thanks for all your help, top stuff
cheers:bigthumb:
LonnyRJones
2006-06-09, 05:57
Pc still running ok ?
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
As the problem appears to be resolved this topic will be archived. :)
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.
Glad we could help.