ukchickk
2006-09-28, 12:25
hi, i have 2 problems,
number 1 I have a dialer.trojan on my laptop which i have attempted miserably to remover using nroton's advice...also when i start up my lappy or open a browser i get a installer come up asking to install a spyware remover program, saying i have spyware on my laptop and to use this to remove it.. Sensible me has always declined, i will upload hijackthis log, panda log and what norton found. Any help on remving this would be great. did do the whole system restore off, safe mode removal, reboot etc thing... thnx
ukchickk
2006-09-28, 12:28
I meant to say i will put them in a reply not upload them.. sorry..
NORTON SUMMARY:-
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\WINDOWS\TEMP\win24.tmp,Action taken: Automatically deleted
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\C1SNO7KB\srvhqd[1].exe,Action taken: Repair failed,Action taken: Access denied
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\WINDOWS\TEMP\winDB.tmp,Action taken: Automatically deleted
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\KL6JSX6F\srveqh[1].exe,Action taken: Repair failed,Action taken: Access denied
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\WINDOWS\TEMP\win6D.tmp,Action taken: Automatically deleted
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\0LYFOTYF\srvieh[1].exe,Action taken: Repair failed,Action taken: Access denied
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\WINDOWS\TEMP\win13.tmp,Action taken: Automatically deleted
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\65XYJ2T8\srvjwi[1].exe,Action taken: Repair failed,Action taken: Access denied
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\G9EFO9MN\srvazy[1].exe,Risk category: Dialer,Action taken: Access denied
Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: Low,Stealth: Medium,Action taken: Removed,Description: Affected areas:
1 Files:
c:\documents and settings\Julie\local settings\Temp\win1E.tmp - Deleted
1 Processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE - Terminated
8 Registry keys:
HKEY_USERS\S-1-5-21-1942456698-1357240913-2238828907-500\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_USERS\S-1-5-21-1942456698-1357240913-2238828907-1005\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant - Repaired
HKEY_USERS\S-1-5-21-1942456698-1357240913-2238828907-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired
HKEY_USERS\S-1-5-21-1942456698-1357240913-2238828907-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired
1 Additional areas:
Unknown - Deleted
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\DOCUME~1\Julie\LOCALS~1\Temp\win1E.tmp,Risk category: Adware,Action taken: Access denied
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\632J21MN\wlzip32[1].exe,Risk category: Adware,Action taken: Access denied
Source: C:\WINDOWS\system32\gebbbab.dll,Action taken: Automatically deleted
Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas:
1 Additional areas:
Unknown - Deleted
Source: C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\E6G51KY0\cht-pb1[1]\cht-pb1.exe,Action taken: Repair failed,Action taken: Access denied
PANDA ACTIVE SCAN:-
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Julie\Cookies\julie@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Julie\Cookies\julie@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Julie\Cookies\julie@com[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Julie\Cookies\julie@microsofteup.112.2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Julie\Cookies\julie@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Julie\Cookies\julie@tribalfusion[1].txt
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Temp\win15.tmp.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Temp\win47.tmp.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Temp\win6C.tmp.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Temp\win77.tmp.exe
ukchickk
2006-09-28, 12:29
HIJACKTHIS:-
Logfile of HijackThis v1.99.1
Scan saved at 11:20:51, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {50B8EF84-D4F8-72FD-F005-09FDEF1034C7} - C:\WINDOWS\system32\qdjwten.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: .protected
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159434800656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
This is all the logs..
ukchickk
2006-09-28, 12:31
i ran spybot in safemode after updating.. it found nothing
LonnyRJones
2006-10-04, 06:41
Hello
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {50B8EF84-D4F8-72FD-F005-09FDEF1034C7} - C:\WINDOWS\system32\qdjwten.dll
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fallow the instruction in this article
http://forums.spybot.info/showthread.php?t=4015
then post the logs mentioned
Manualy delete these three files
C:\WINDOWS\system32\qdjwten.dll
C:\WINDOWS\system32\ixfivgg.dll
C:\WINDOWS\SYSTEM32\winzoa32.dll
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
REBOOT afterwards!
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.