Well, about a week ago I was hacked and got multiple trojans. In a panic I installed norton, which then got corrupted. I then spent the next 3 days tring to fix my computer back up with Edwino, Vundo Fix, and other programs.

For the most part, the computer is running alright, it seems a little slow, and theres this popup that sometimes comes up for "Winantivirus" and "Drivecleaner" whenever I boot up firefox or try to search my windows drive.

Hopefully you can help me out, I would greatly appreciate it.

(Heres a copy of my hijack this log taken today)

Logfile of HijackThis v1.99.1
Scan saved at 6:48:13 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double01.com/forums
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Steam] C:\WINDOWS\system32\cmd.exe /c start "Steam" /low "C:\Program Files\Steam\Steam.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143579661077
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144519316656
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1FD6215-9768-49CA-840C-CD6E0B1873B8}: NameServer = 64.233.217.3,64.233.217.5
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

This is my first time dealing with this sort of help, I apologize if I did anything incorrectly.

Oh, and I apologize about this double post, but I cannot fully uninstall Norton Antivirus as well. I've learned that Norton isn't really worth the money.

Hello Willy[001],

Welcome to Safer Networking Forums :)

Most probably you are dealing with the latest version of Vundo, which targets HijackThis so HijackThis doesn't show its related entries in a log.
Please navigate to your HijackThis folder. Rename your hijackthis.exe to analyse.exe
Reboot.

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "Blue Screen of Death" which is an expected/necessary part of the process.
Do not be concerned.
Just reboot if your system "jams".

To confirm successful deletion, and determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It is found on the Desktop. Also please post a new HijackThis log and let me know how your computer is running. :)

Thanks,
tea

Alright Bro, heres the VBG.txt


[09/15/2006, 22:18:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Willy\Desktop\VirtumundoBeGone.exe" )
[09/15/2006, 22:18:17] - Detected System Information:
[09/15/2006, 22:18:17] - Windows Version: 5.1.2600, Service Pack 2
[09/15/2006, 22:18:17] - Current Username: Willy (Admin)
[09/15/2006, 22:18:17] - Windows is in NORMAL mode.
[09/15/2006, 22:18:17] - Searching for Browser Helper Objects:
[09/15/2006, 22:18:17] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[09/15/2006, 22:18:17] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/15/2006, 22:18:17] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/15/2006, 22:18:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/15/2006, 22:18:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/15/2006, 22:18:17] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/15/2006, 22:18:17] - BHO 5: {81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD} ()
[09/15/2006, 22:18:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:17] - Checking for HKLM\...\Winlogon\Notify\awvtu
[09/15/2006, 22:18:17] - Found: HKLM\...\Winlogon\Notify\awvtu - This is probably Virtumundo.
[09/15/2006, 22:18:17] - Assigning {81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD} MSEvents Object
[09/15/2006, 22:18:17] - BHO list has been changed! Starting over...
[09/15/2006, 22:18:17] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[09/15/2006, 22:18:17] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/15/2006, 22:18:17] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/15/2006, 22:18:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/15/2006, 22:18:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/15/2006, 22:18:17] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/15/2006, 22:18:17] - BHO 5: {81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD} (MSEvents Object)
[09/15/2006, 22:18:17] - ALERT: Found MSEvents Object!
[09/15/2006, 22:18:17] - BHO 6: {a43385f0-7113-496d-96d7-b9b550e3fcca} ()
[09/15/2006, 22:18:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:17] - No filename found. Continuing.
[09/15/2006, 22:18:17] - Finished Searching Browser Helper Objects
[09/15/2006, 22:18:17] - *** Detected MSEvents Object
[09/15/2006, 22:18:17] - Trying to remove MSEvents Object...
[09/15/2006, 22:18:18] - Terminating Process: IEXPLORE.EXE
[09/15/2006, 22:18:18] - Terminating Process: RUNDLL32.EXE
[09/15/2006, 22:18:19] - Disabling Automatic Shell Restart
[09/15/2006, 22:18:19] - Terminating Process: EXPLORER.EXE
[09/15/2006, 22:18:19] - Suspending the NT Session Manager System Service
[09/15/2006, 22:18:19] - Terminating Windows NT Logon/Logoff Manager
[09/15/2006, 22:18:19] - Re-enabling Automatic Shell Restart
[09/15/2006, 22:18:19] - File to disable: C:\VundoFix Backups\awvtu.dll
[09/15/2006, 22:18:19] - Renaming C:\VundoFix Backups\awvtu.dll -> C:\VundoFix Backups\awvtu.dll.vir
[09/15/2006, 22:18:19] - File successfully renamed!
[09/15/2006, 22:18:19] - Removing HKLM\...\Browser Helper Objects\{81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD}
[09/15/2006, 22:18:19] - Removing HKCR\CLSID\{81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD}
[09/15/2006, 22:18:19] - Adding Kill Bit for ActiveX for GUID: {81199C2F-7BD8-4EE8-85A7-D3ED8CE903BD}
[09/15/2006, 22:18:19] - Deleting ATLEvents/MSEvents Registry entries
[09/15/2006, 22:18:19] - Removing HKLM\...\Winlogon\Notify\awvtu
[09/15/2006, 22:18:19] - Searching for Browser Helper Objects:
[09/15/2006, 22:18:19] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[09/15/2006, 22:18:19] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/15/2006, 22:18:19] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/15/2006, 22:18:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:19] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/15/2006, 22:18:19] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/15/2006, 22:18:19] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/15/2006, 22:18:19] - BHO 5: {a43385f0-7113-496d-96d7-b9b550e3fcca} ()
[09/15/2006, 22:18:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2006, 22:18:19] - No filename found. Continuing.
[09/15/2006, 22:18:19] - Finished Searching Browser Helper Objects
[09/15/2006, 22:18:19] - Finishing up...
[09/15/2006, 22:18:19] - A restart is needed.
[09/15/2006, 22:18:26] - Attempting to Restart via STOP error (Blue Screen!)

Next Post is the Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 10:20:09 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\unzipped\hijackthis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double01.com/forums
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Steam] C:\WINDOWS\system32\cmd.exe /c start "Steam" /low "C:\Program Files\Steam\Steam.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143579661077
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144519316656
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1FD6215-9768-49CA-840C-CD6E0B1873B8}: NameServer = 64.233.217.3,64.233.217.5
O20 - Winlogon Notify: h618 - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Also, any idea how to get rid of norton, and if theres anything really slowing me down here, can you point them out?

Thanks for the help!

Hello,

Make sure you've uninstalled everything to do with Symantec/Norton via Add/Remove Programs first.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm <----if you know what this is and you have it set here on purpose, then leave it alone.
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O20 - Winlogon Notify: h618 - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following folders:

C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Norton AntiVirus
C:\Program Files\Symantec

Reboot your computer.


* Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Navigate to your Prefetch folder and empty everything in there. Not the folder itself! This might make it a little slower to start at first, but give it a couple of reboots and it should be all right. Let me know how it goes. :)

Thanks,
tea

Well, there wasn't a Symantec folder, I think I may have deleted that one at an earlier point. I cleaned up everything like you said, hopefully things should be running fine.

There is one little problem, it's probably not malware, as I've had this problem for a long time...sometimes when I boot up my PC, it freezes on the Blue Dell Logo, and I have to turn it off, and reboot it. Is this something I should just leave alone and deal with, or is there an easy solution?

Aside from that, thanks for the quick help!

- A Word from the Nature Boy Ric Flair...."Woooooooooooooo!"

Hello,

Let's check that then. :)

Have your installation CD or equivalent available in case SFC (System File Checker) needs to replace a damaged file.
To run the system file checker, press Start, Run, and then type in , or copy and paste:

SFC /scannow

This causes SFC to scan your system immediately. SFC can take a few minutes to run. As I said above, have your installation CD or equivalent available in case SFC needs to replace a damaged file.

Let me know how you come out. :)

Regards,
tea

I had bought this PC off of one of my friends, and the only installation CD's that came along with it are:

"Applications" Dell Tools CD for Reinstalling Dell-Installed Software

A Seagate Install Disc

"Operation System" Reinstallation CD Microsoft Windows XP Home Edition (BUT it also says "Only use this CD to reinstall the operating system on a DELL computer. This CD is not for reinstallation of programs or drivers.)

So before I do anything I'd like to know if the Operating System CD Should still be used.

Hello,

To be honest, I'm not sure. Let me look and see what other options we have, and I'll try to find the answer to your question. :)

Regards,
tea

Hello,

Are you ready to shoot me? :oops: If you're still having problems, then go ahead and use the disc you have. It'll tell you if it's not the right one. :)

Regards,
tea

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.