# My computer's starts up slowly & internet problem



## Rise

When i turn on my computer it takes approx 2 minutes for all my icons to show after the welcome screen. I have norton firewall,anti-virus, microsoft anti spyware, spybot, aol anti-spyware.I think thats all the safety programmes. Also i get a warning every time I reboot in the taskbar a warning pops up saying my antivirus is turned off but after a few seconds it goes away & recently after awhile surfing the net it stops bring up web pages and i have to sign off/ On again. When i do a spybot check it says a registry key has been changed htkey_local_machine_\software\microsoft\securitycenter\firewalldisablenotify!=dword:0

Any help will be appreciated thanks


----------



## LITHIUM

i am having the same problem so can someone help us


----------



## Buzz1927

http://www.computerforum.com/showthread.php?t=24672


----------



## Rise

I went to panda scan thing and went for it to download but it wont it says i have an internet connection problem or not enough disk space


----------



## Buzz1927

Just post the Hijackthis log.


----------



## Rise

Logfile of HijackThis v1.99.1
Scan saved at 00:37:51, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\iain murray\Local Settings\Temp\wz9186\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolb...cess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm22745GB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30e78b4d7d58eccb5314/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128031103890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{185925C1-2BDA-4D87-BAAD-F3DC571D6234}: NameServer = 205.188.146.145
O17 - HKLM\System\CS3\Services\Tcpip\..\{185925C1-2BDA-4D87-BAAD-F3DC571D6234}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\IAINMU~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## Rise

Any help?


----------



## Buzz1927

Download the trial version of *Spy Sweeper* from *Here*

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on *Options > Sweep Options * and check *Sweep all Folders on Selected drives.* Check *Local Disc C*. Under *What to Sweep*, check every box.

Click on *Sweep* and allow it to fully scan your system.

When the sweep has finished, click *Remove*. Click *Select All* and then *Next*

From *'Results'*, select the *Session Log* tab.  Click *Save to File* and save the log somewhere convenient.

Exit *Spy Sweeper.*

Restart the computer and post a new Hijackthis log,and say how things are now.


----------



## Rise

will do thanks


----------



## Rise

Logfile of HijackThis v1.99.1
Scan saved at 17:13:20, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\iain murray\Local Settings\Temp\wzf2e2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolb...cess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm22745GB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30e78b4d7d58eccb5314/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128031103890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\IAINMU~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Do you want the sweeper session log?


----------



## Buzz1927

I might want to see the Spysweeper log, how big is it?

Move Hijackthis to a permanent folder e.g. C:\HJT.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.
*
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm22745GB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30e78b4d...p/RdxIE601.cab*

Close all open windows and browsers, and hit "Fix Checked".

Download: *CCleaner* (freeware)
http://www.majorgeeks.com/download4191.html
Once installed, run *CCleaner* click the Windows [tab]
Select the following:





Next: click *Options* click the *Advanced*tab.
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click *Run Cleaner* (bottom right) then *Exit*

Then restart and say how things are now.


----------



## Rise

the sweeper log isnt that big really


----------



## Buzz1927

Ok, post the log. Are things any better after Spysweeper?


----------



## Rise

Logfile of HijackThis v1.99.1
Scan saved at 17:59:47, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\iain murray\Desktop\HijackThis.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolb...cess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128031103890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\IAINMU~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## Buzz1927

Ok, can you post the Spysweeper log, thanks.


----------



## Rise

********
16:45: |       Start of Session, 08 March 2006       |
16:45: Spy Sweeper started
16:45: Sweep initiated using definitions version 625
16:45: Starting Memory Sweep
16:48: Memory Sweep Complete, Elapsed Time: 00:03:21
16:48: Starting Registry Sweep
16:48:   Found Adware: systemprocess
16:48:   HKLM\software\system process\  (8 subtraces) (ID = 860391)
16:48:   HKLM\software\system process\ || modid (ID = 860392)
16:48:   HKLM\software\system process\ || started (ID = 860395)
16:48:   HKLM\software\system process\ || installed (ID = 860396)
16:48:   HKLM\software\system process\ || lastupdatetime (ID = 860398)
16:48:   HKLM\software\system process\files\  (3 subtraces) (ID = 860399)
16:48:   HKLM\software\system process\files\ || system.dat (ID = 860400)
16:48:   HKLM\software\system process\files\ || ustart.exe (ID = 860402)
16:48:   HKLM\software\system process\files\ || p.dat (ID = 860403)
16:48:   HKLM\software\microsoft\windows\currentversion\uninstall\startup\  (2 subtraces) (ID = 860412)
16:48:   Found Trojan Horse: trojan-downloader-conhook
16:48:   HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\req\  (5 subtraces) (ID = 1124648)
16:48:   HKU\S-1-5-21-73586283-1035525444-839522115-1004\software\system process\  (1 subtraces) (ID = 860389)
16:48:   HKU\S-1-5-21-73586283-1035525444-839522115-1004\software\system process\ || lastptime (ID = 860390)
16:48: Registry Sweep Complete, Elapsed Time:00:00:14
16:48: Starting Cookie Sweep
16:48:   Found Spy Cookie: 2o7.net cookie
16:48:   iain [email protected][1].txt (ID = 1958)
16:48:   Found Spy Cookie: atlas dmt cookie
16:48:   iain [email protected][2].txt (ID = 2253)
16:48:   Found Spy Cookie: webtrendslive cookie
16:48:   iain [email protected][2].txt (ID = 3667)
16:48:   Found Spy Cookie: adserver cookie
16:48:   iain [email protected][1].txt (ID = 2142)
16:48: Cookie Sweep Complete, Elapsed Time: 00:00:03
16:48: Starting File Sweep
16:48:   Found Adware: 180search assistant/zango
16:48:   c:\program files\search-assistant (ID = -2147480560)
17:05: File Sweep Complete, Elapsed Time: 00:16:23
17:05: Full Sweep has completed.  Elapsed time 00:20:04
17:05: Traces Found: 37
17:07: Removal process initiated
17:08:   Quarantining All Traces: 180search assistant/zango
17:08:   Quarantining All Traces: trojan-downloader-conhook
17:08:   Quarantining All Traces: systemprocess
17:08:   Quarantining All Traces: 2o7.net cookie
17:08:   Quarantining All Traces: adserver cookie
17:08:   Quarantining All Traces: atlas dmt cookie
17:08:   Quarantining All Traces: webtrendslive cookie
17:08: Removal process completed.  Elapsed time 00:00:07
********
16:44: |       Start of Session, 08 March 2006       |
16:44: Spy Sweeper started
16:44: Sweep initiated using definitions version 625
16:44: Starting Memory Sweep
16:44:   Sweep Canceled
16:44: Memory Sweep Complete, Elapsed Time: 00:00:15
16:44: Traces Found: 0
16:45: |       End of Session, 08 March 2006       |
********
16:42: |       Start of Session, 08 March 2006       |
16:42: Spy Sweeper started
16:43: Your spyware definitions have been updated.
16:44: |       End of Session, 08 March 2006       |


----------



## Buzz1927

Thanks, seen a few things that didn't show in the log. Any problems now?


----------



## Rise

Not at the moment i don't think, my computer takes time but that may be due to norton starting. The virus not on warning has dissappeared and so far no website jams.  Although i had limewire on my computer a while ago do you know the registry keys to fully delete it. My aoldial.exe sometimes doesnt shut down when i turn of my computer and have to force quit any ideas? Im doing a panda scan 

I found 

Cookie/Cqi-Bin
cookie/com.com
cookie/hitbox
cookie/ tribalfusion
cookie/myaffilateprogam


----------



## Buzz1927

Just cookies, nothing to worry about. 

For Limewire..

# Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\limeshop, delete it and reboot the machine immediately.

# Remove these registry items (if present) with RegEdit:
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\limeshop preferences
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9e11dbbf317d89b4f92af7d63ab22d26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a8cebe6cec02c7d40a450c6455a6ad2e
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\c0da82cffcfbb79419d1189c955ee262
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\limeshop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bet.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\browserpage.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.jar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\money.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\root\magnet10\options.js
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limeshop.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limewire
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\microsoft\internet explorer\menuext\limeshop preferences
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire


----------



## Rise

i found limewire in hkey_local_machine\magnet\handlers\limewire

hkey_local_machine\software\mircosoft\windows\currentversion\installer\folders


See if I goto regedit & use find limewire and delete everything it comes up? will that do


----------



## Buzz1927

Or just run a registry cleaner.


----------



## Rise

where do i get one? What one would you recommend. Theres one on that CCleaner i installed. What boxes should i keep ticked? thanks


----------



## Buzz1927

I use Regseeker.
http://www.majorgeeks.com/download2579.html


----------



## Rise

ive downloaded the one you use & used clean registry it isnt scanning anything but has a stop button still in the bottom right how do i clean it? I can select all the entries as well


----------



## Buzz1927

Select "Clean the registry" then "ok". When it finishes , choose "select all", then right-click one of the entries, select "delete selected items".


----------



## Rise

it says Nom De Fichier incorrect


----------



## Buzz1927

Uninstall that one and download it from here.
http://www.snapfiles.com/get/regseeker.html


----------



## Rise

still says the same thing


----------



## Buzz1927

Try Regscrubxp.
http://www.majorgeeks.com/download.php?det=2048


----------



## Rise

its ok i downloaded another 1 and deleted all folders of reg seeker & it worked.


----------



## Rise

Hi again my computer has started giving me that anti virus warning again & my aol broadband check keeps appering when i turn my computer on. I ran a spy sweeper again but only found cookies. Could you run over another hijack log please

Logfile of HijackThis v1.99.1
Scan saved at 14:17:12, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\iain murray\My Documents\My Received Files\Unused\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolb...cess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128031103890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Also should i just dump norton it couldnt even find the virus the first time?


----------



## Buzz1927

Download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it.  Follow the prompts to scan your system for viruses.  
Then please post for me the log of infected files from the BOTTOM panel of the scan window.

And yes, dump Norton.


----------



## Rise

i ran that test and it came up with this

Object "w32/rbot-ank Email-Flooder" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "w32/rbot-ank Email-Flooder" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "hotbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.


whatever they are.


----------



## sidthereal

http://www.symantec.com/avcenter/venc/data/adware.clipgenie.html

clipgenie Spyware/Adware can be detected by norton, and you have norton anti virus....are you sure you have updated definitions and norton is working fine?


----------



## Rise

it says im fully updated but how can you tell if its working fine?


----------



## sidthereal

maybe these things are found in your system restore files.
have you deleted the system restore files?


----------



## sidthereal

This would explain something about your Norton not working.

W32/Rbot-ANK modifies Windows HOSTS file in attempt to prevent access to the following anti-virus and security related sites:

avp.com
ca.com
*customer.symantec.com*
dispatch.mcafee.com
download.mcafee.com
f-secure.com
kaspersky-labs.com
kaspersky.com
*liveupdate.symantec.com
liveupdate.symantecliveupdate.com*
mast.mcafee.com
mcafee.com
microsoft.com
my-etrust.com
nai.com
*networkassociates.com*
pandasoftware.com
rads.mcafee.com
secure.nai.com
*securityresponse.symantec.com*
sophos.com
symantec.com
trendmicro.com
*update.symantec.com*
updates.symantec.com
us.mcafee.com
viruslist.com
viruslist.com
virustotal.com
www.avp.com
www.ca.com
www.f-secure.com
www.grisoft.com
www.kaspersky.com
www.mcafee.com
www.microsoft.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.pandasoftware.com
www.sophos.com
*www.symantec.com*
www.trendmicro.com
www.viruslist.com
www.virustotal.com 

Okay lets try Ewido Security Suite, which you can download from here


		Code:
	

http://download.ewido.net/ewido-setup.exe

update the Ewido, run a full system scan in safe mode and lets see if this helps.


----------



## midi_junkie

format youve got virii.


----------



## sidthereal

midi_junkie said:
			
		

> format youve got virii.


and why should he not try fixing the problem instead of formatting his drive?


----------



## Rise

i aint formatting its a waste of my time


----------



## Rise

safe mode how do we do that again hold something at the start up


----------



## sidthereal

you can do tht by constantly tapping F8
or use a method I adopt.
go to run and type Msconfig
then go to Boot.ini
And click safe mode.
on restart the computer goes into safe mode. To go to normal boot up just uncheck the safe mode option


----------



## Rise

ok done but no luckfinding anything


----------



## Rise

ive now ran microsoft antispyware in safe mode and still cant find anything. everytime i open norton anti virus or my firewall it says error for a few seconds then changes to fine


----------



## sidthereal

Rise said:
			
		

> ive now ran microsoft antispyware in safe mode and still cant find anything. everytime i open norton anti virus or my firewall it says error for a few seconds then changes to fine


microsoft.com

Did you read the post i said about the worm?? even microsost.com is affected by it..MS antispyware wont work.
Did you download and run Ewido security suite like i asked you too? 
DO SO! If it still doesnt work, we move onto manual cleaning.


----------



## Rise

sidthereal said:
			
		

> microsoft.com
> 
> Did you read the post i said about the worm?? even microsost.com is affected by it..MS antispyware wont work.
> Did you download and run Ewido security suite like i asked you too?
> DO SO! If it still doesnt work, we move onto manual cleaning.




I thought id try it anyway yes i ran ewido in safe mode it found nothing


----------



## sidthereal

ok..lets get rid of this W32/Rbot-ANK first.
Use the following instructions 
1.Create a restore point on your pc
2.Download PROCESS EXPLORER freeware to see what processes are running
  from http://www.sysinternals.com/Utilities/ProcessExplorer.html
3. find and kill immediatly process “mswinsck.exe” 
4. delete the file “mswinsck.exe” located in C:\Windows\System (seup the computer to show hidden files and system files)
5. Delete the following enteries in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Winsock
mswinsck.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Winsock
mswinsck.exe

HKCU\SYSTEM\CurrentControlSet\Control\Lsa
Microsoft Winsock
mswinsck.exe

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Microsoft Winsock
mswinsck.exe

HKCU\Software\Microsoft\OLE
Microsoft Winsock
mswinsck.exe

HKLM\SOFTWARE\Microsoft\Ole
Microsoft Winsock 

Reboot the computer.

To remove Powerreg scheduler take the following steps
   1.  Kill these running processes with Task Manager:
      %DeskTop%\startup\powerreg scheduler v3.exe
      %Profile%\start menu\programs\startup\powerreg scheduler.exe
      %Profile%\start menu\programs\startup\powerreg schedulerv2.exe
      %Startup%\powerreg scheduler v3.exe
      %Startup%\powerreg scheduler.exe
      %SystemRoot%\desktop\startup\powerreg scheduler.exe
      %SystemRoot%\start menu\programs\startup\powerreg scheduler v3.exe
      %SystemRoot%\start menu\programs\startup\powerreg scheduler.exe

   2. Remove these files (if present) with Windows Explorer:
      %DeskTop%\startup\powerreg scheduler v3.exe
      %DeskTop%\startup\webshots.lnk
      %Profile%\start menu\programs\startup\powerreg scheduler.exe
      %Profile%\start menu\programs\startup\powerreg schedulerv2.exe
      %ProgramFiles%\powerreg
      %Startup%\powerreg scheduler v3.exe
      %Startup%\powerreg scheduler.exe
      %SystemRoot%\desktop\startup\powerreg scheduler.exe
      %SystemRoot%\start menu\programs\startup\image.lnk
      %SystemRoot%\start menu\programs\startup\norton disk doctor.lnk
      %SystemRoot%\start menu\programs\startup\powerreg scheduler v3.exe
      %SystemRoot%\start menu\programs\startup\powerreg scheduler.exe

   3. Remove these directories (if present) with Windows Explorer:
      %DeskTop%\startup

update your spysweeper programme and ewido security suite.

Now download smitrem from 
http://noahdfear.geekstogo.com/click counter/click.php?id=1
and save to desktop.
Double click on the file to extract it to c:\smitrem.

Now reboot to safemode and Open the c:\smitrem  folder and double click the RunThis.bat file to start the tool.

Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.

When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.

And now run a full scan of both ewido and Spysweeper, and they should remove the remaining malware in the computer.
run a fresh MWAV scan and post the log.


----------



## Rise

i cant find mswinsck.exe anywhere


----------



## sidthereal

sigh....
okay, open hijackthis
click on open misc tools section
then click open process manager
refresh the processes
and if you find the mswinsck.exe process kill it.
and then go ahead with the other instructions.

Else, Id suggest, you clear your previous system restores and then scan your registry and hard drives for  mswinsck.exe


----------



## Rise

how do i clear my system restores?


----------



## Rise

its not there either


----------



## sidthereal

post the log

Also, to delete the system restore files, you have to disable system restore on the drives.
this can be done thus ways :
go to control panel>System>System restore> click turn off system restore
this will delete all past system restore files.

Additionaly, try and delete the other virus for which instructions have been posted


----------



## sidthereal

I dont know if this would help, but no harm in trying it
download Stinger from 
http://download.nai.com/products/mcafee-avert/stng260.exe

When the download is complete, navigate to the folder that contains the downloaded Stinger file, and run it

 If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned.

Click the Scan Now button to begin scanning the specified drives/directories.


----------



## Rise

rocess list saved on 13:41:40, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid]	[full path to filename]		[file version]	[company name]
520	C:\WINDOWS\System32\smss.exe		5.1.2600.2180	Microsoft Corporation
796	C:\WINDOWS\system32\winlogon.exe		5.1.2600.2180	Microsoft Corporation
840	C:\WINDOWS\system32\services.exe		5.1.2600.2180	Microsoft Corporation
852	C:\WINDOWS\system32\lsass.exe		5.1.2600.2180	Microsoft Corporation
996	C:\WINDOWS\system32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1088	C:\Program Files\Windows Defender\MsMpEng.exe		1.1.1051.0	Microsoft Corporation
1132	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1384	C:\Program Files\Common Files\Symantec Shared\ccProxy.exe		103.0.7.2	Symantec Corporation
1572	C:\WINDOWS\Explorer.EXE		6.0.2900.2180	Microsoft Corporation
1596	C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe		103.0.7.2	Symantec Corporation
1608	C:\Program Files\Norton Personal Firewall\ISSVC.exe		8.0.2.5	Symantec Corporation
1644	C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe		5.5.1.6	Symantec Corporation
1672	C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe		1.0.1.47	Symantec Corporation
1696	C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe		103.0.7.2	Symantec Corporation
1988	C:\WINDOWS\system32\spoolsv.exe		5.1.2600.2696	Microsoft Corporation
200	C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe		2.6.6.3	America Online, Inc.
224	C:\Program Files\ewido anti-malware\ewidoctrl.exe		3.0.0.1	ewido networks
236	C:\Program Files\ewido anti-malware\ewidoguard.exe		3.0.0.1	ewido networks
464	C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe		11.0.16.2	Symantec Corporation
496	C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe		11.0.16.2	Symantec Corporation
536	C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE		18.0.0.62	Symantec Corporation
632	C:\WINDOWS\system32\nvsvc32.exe		6.14.10.8421	NVIDIA Corporation
696	C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE		18.0.0.62	Symantec Corporation
1156	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1332	C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe		1.8.54.478	Symantec Corporation
1236	C:\WINDOWS\SOUNDMAN.EXE		5.0.0.2	Avance Logic, Inc.
1244	C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe		50.0.146.0	Hewlett-Packard Co.
1336	C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe		2.223.0.0	HP
1392	C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe		1.0.0.1	Hewlett-Packard
1568	C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe		2.3.0.162	Hewlett-Packard
2116	C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe		2.6.0.162	
2648	C:\Program Files\Common Files\AOL\ACS\AOLDial.exe		2.6.6.3	America Online, Inc
1512	C:\Program Files\QuickTime\qttask.exe		6.5.0.48	Apple Computer, Inc.
3816	C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe		5.0.30.7	Sun Microsystems, Inc.
3900	C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe		4.0.7.0	GlobespanVirata, Inc.
3908	C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe			
3916	C:\Program Files\VoyagerTest\fts.exe		1.0.2.2	Friendly Technologies
656	C:\Program Files\Common Files\Symantec Shared\ccApp.exe		103.0.7.2	Symantec Corporation
2700	C:\Program Files\Windows Defender\MSASCui.exe		1.1.1051.0	Microsoft Corporation
3116	C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe		1.3.6.0	America Online, Inc.
3140	C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe		1.3.6.0	America Online, Inc.
3268	C:\Program Files\Microsoft AntiSpyware\gcasServ.exe		1.0.0.701	Microsoft Corporation
3740	C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe		1.0.0.701	Microsoft Corporation
2300	c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe			
2344	C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe		1.3.6.0	America Online, Inc.
2472	C:\WINDOWS\system32\RUNDLL32.EXE		5.1.2600.2180	Microsoft Corporation
2988	C:\PROGRA~1\AOL9~1.0\waol.exe		9.0.0.2	America Online, Inc.
2004	C:\PROGRA~1\AOL9~1.0\shellmon.exe		9.0.0.1	America Online, Inc.
2428	C:\Program Files\Common Files\AOL\aoltpspd.exe		1.1.1.0	America Online Inc
3640	C:\Program Files\AOL Companion\companion.exe		1.6.2.0	
3056	C:\Program Files\Messenger\msmsgs.exe		4.7.0.3001	Microsoft Corporation
2064	C:\Documents and Settings\iain murray\My Documents\My Received Files\Unused\HijackThis.exe		1.99.0.1	Soeperman Enterprises Ltd.


----------



## Rise

i found a powerregister folder and a 2 powerreg.dat 1 in C\:windows and another in doc and settings\name\application data\leadertech\powerregister is that what you wanted?


----------



## sidthereal

Rise said:
			
		

> i found a powerregister folder and a 2 powerreg.dat 1 in C\:windows and another in doc and settings\name\application data\leadertech\powerregister is that what you wanted?


hmm....before you take action on that file, 
did you delete the system restore points? If you did, just run another MWAV scan and see what pops up. I want to see if any changes have occured because of deleting the restore files.
Also did Stinger find anything?


----------



## Rise

ive ran another mwav and still got them. stinger found nothing


----------



## sidthereal

go ahead and delete the files you found in C: drive.

and also to remove clipgenie use the following instructions,
although I believe your taskmanager wont be showing the following entries. If you cant find the files on your pc just remove them from the registry.

To uninstall the program, click Start > Settings > Control Panel > Add/Remove Programs. From the programs list, select the entry ClipGenie,  click Change/Remove to uninstall it.

Follow these removal steps to manually remove this adware from your computer:

   1. Open Task Manager (by pressing CTRL+ALT+DEL) .
   2. From processes list, select and terminate the processes notify.exe and cg.exe.
   3. Click Start > Run, type 'regedit' to open the Regsitry Editor.
   4. Navigate to and delete the following registry keys:

      HKEY_CURRENT_USER\software\clipgenie
      HKEY_CURRENT_USER\software\traynotifier\clipgenie
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\clipgenie
      HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie
   5. Close Registry Editor.
   6. Use Windows EXplorer to open the Program Files directory (by default, this is C:\Program Files ), select and delete the folder clipgenie and all the files in it.


----------



## sidthereal

delete also:
1)HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run 
And also the following files
webinstall2
activeinstall.dll
activeinstall.inf
bikpreview.wmv
casinopreview.wmv
celebpreview.wmv
cg.exe
cg.ini
channels.ini
channels.js
clipgenie.cab
content.js
extpreview.wmv
f1_1.html
f1_2a.html
f1_2b_categories.html
f1_3.html
f2.html
f3_1.html
f3_2a_player.html
f3_2b.html
f3_3.html
f3_4a_files.html
f3_4b.html
f3_5.html
files.html
filestyles.css
fpo_player_body.html
fpo_player_nav.html
fpo_player_top.html
guistyles.css
help.html
helpbody.html
helpheader.html
launch.html
main.html
main_bottom.html
main_mid.html
main_top.html
mainpage_lownav_newbase.html
mainpage_nav_newbase.html
no_files.html
player.html
player_top.html
playerslices.htm
preview.html
previewheader.htm
pv_bikini.html
pv_celebs.html
pv_extreme.html
pv_groovy.html
pv_weird.html
scroller.swf
supportbody.html
wrdpreview.wmv
commonprograms+\clipgenie.lnk
programfilesdir+\clipgenie\cg.ini
programfilesdir+\clipgenie\clipgenie\channels.ini
programfilesdir+\clipgenie\clipgenie\media\channels\bikini\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\bikini\gui\pv_bikini.html
programfilesdir+\clipgenie\clipgenie\media\channels\casino\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\casino\gui\pv_casino.html
programfilesdir+\clipgenie\clipgenie\media\channels\celebs\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\celebs\gui\pv_celebs.html
programfilesdir+\clipgenie\clipgenie\media\channels\content.js
programfilesdir+\clipgenie\clipgenie\media\channels\extreme\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\extreme\gui\pv_extreme.html
programfilesdir+\clipgenie\clipgenie\media\channels\files.html
programfilesdir+\clipgenie\clipgenie\media\channels\groovy\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\groovy\gui\pv_groovy.html
programfilesdir+\clipgenie\clipgenie\media\channels\weird\gui\preview.html
programfilesdir+\clipgenie\clipgenie\media\channels\weird\gui\pv_weird.html
programfilesdir+\clipgenie\clipgenie\media\channelstyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\main\about.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\channels.js
programfilesdir+\clipgenie\clipgenie\media\gui\main\guistyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\main\help.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\launch.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_bottom.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_mid.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\main_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\mainpage_lownav_newbase.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\mainpage_nav_newbase.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\aboutheader.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\header.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\helpbody.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\helpheader.html
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\previewheader.htm
programfilesdir+\clipgenie\clipgenie\media\gui\main\support\supportbody.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_1.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_2a.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_2b_categories.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f1_3.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f2.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_1.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_2a_player.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_2b.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_3.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_4a_files.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_4b.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\f3_5.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\filestyles.css
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_body.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_nav.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\fpo_player_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\no_files.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\player.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\player_top.html
programfilesdir+\clipgenie\clipgenie\media\gui\player\playerslices.htm
programfilesdir+\clipgenie\clipgenie\media\gui\player\playerstyles.css
programfilesdir+\clipgenie\notify\notify.exe
programfilesdir+\clipgenie\user.ini
about.html
aboutheader.html
programfilesdir+\clipgenie\v1\cg.exe
programfilesdir+\clipgenie\webinstall.exe
programfilesdir+\scansoft\paperport\visioneer.exe

And run smitrem which I have posted earlier. We'l have to manually delete files.


----------



## Rise

how do i find them just use the search button?


----------



## Rise

i cant find any clip genie files using the search button


----------



## sidthereal

not in the registry either??


----------



## Rise

nope i followed that exact line you gave me


----------



## sidthereal

Did you run smitrem?


----------



## Rise

i cant find the smitrun folder in safe mode its on my desktop but when i go to safe mode its disappeared


----------



## sidthereal

okay..run the file in normal mode


----------



## Rise

ok done it didnt pop upsaying its found something


----------



## Rise

ive found winsock2 and winsock.dll


----------



## sidthereal

mswinsck.exe
its these you need to delete. Winsock and winsock.dll are legitimate progs


----------



## Rise

i cant find mswinsck.exe anywhere


----------



## sidthereal

hmm..can you find the following 

minibugtransporter.dl
minibug.exe

Click Start > Run , type the following commands:

regsvr32 /u %dir%\minibugtransporter.dll

Note: %dir% is a variable, replace it with the directory where the file minibugtransporter.dll resides.
Click Ok.

Delete the above two files


----------



## Rise

ive found minibugtransporter.dll in C:\program file\common files\real\weatherbug but no minibug.exe what next?


sorry im a dunce at computers


----------



## Rise

it says i type the directory wrong could you please tell me since i gave you it thanks


----------



## sidthereal

regsvr32 /u C:\Program Files\Common Files\Real\minibugtransporter.dll


----------



## Rise

it says loadlibary("C:\program") failed - the specific module could not be found


----------



## sidthereal

regsvr32 /u C:\Program Files\Common Files\Real\minibugtransporter


----------



## Rise

it says the same thing ive deleted that file anyway


----------



## sidthereal

ok...
Im really suprised none of the security software managed to detect or delete them..cos its basic adware you have there!
can you do a system scan on panda?


----------



## Rise

i was able to but now it wont dl again. i had this problem at the start of the trouble but after i removed a virus i could but now i cant.. maybe its because of that mswinsck.exe i cant find is there a tool to remove it?


----------



## sidthereal

in a  checklist
1.deleted all past restore points
2.Ran stinger
3.Ran smitrem
4.Ran Ewido Secuirty scan
5.Ran MWAV

we'l have to try and manually remove all the files, and then see how to proceed


----------



## Rise

that long list on page 5 or 4?the panda scans scanning my c drive. its found spyware  it didnt last time


----------



## sidthereal

For Cydoor.TOPicks
Kill the following processes
Program Files\topicks\bin\hthost.exe
Program Files\topicks\bin\idhost.exe
Program Files\topicks\bin\idmun.exe
Unregister the following DLLs and reboot
Program Files\topicks\bin\datamgr.dll
Program Files\topicks\bin\htcheck2.dll
Program Files\topicks\bin\htps.dll
Program Files\topicks\bin\idmcom.dll
Program Files\topicks\bin\idmup.dll
Program Files\topicks\bin\tpbar.dll
Program Files\topicks\bin\tpreg.dll
Delete these registry entries
HKEY_CLASSES_ROOT\clsid\{02cdb0ed-874a-4dcb-8d9f-c2e3b169f265}
HKEY_CLASSES_ROOT\clsid\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\clsid\{5c40012e-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\clsid\{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}
HKEY_CLASSES_ROOT\clsid\{9f8ac164-6826-4b52-8f65-9c31305e81cc}
HKEY_CLASSES_ROOT\clsid\{cbdb0279-9d76-48ac-abd3-8cb9a4d73d4a}
HKEY_CLASSES_ROOT\clsid\{d7cb5baf-18d9-46d4-8f72-909d409506fa}
HKEY_CLASSES_ROOT\datamgr32.actionmgr
HKEY_CLASSES_ROOT\datamgr32.actionmgr.1
HKEY_CLASSES_ROOT\datamgr32.datamgr1
HKEY_CLASSES_ROOT\datamgr32.datamgr1.1
HKEY_CLASSES_ROOT\fetchcomm.commfetch
HKEY_CLASSES_ROOT\fetchcomm.commfetch.1
HKEY_CLASSES_ROOT\htcheck2.checkpage
HKEY_CLASSES_ROOT\htcheck2.checkpage.1
HKEY_CLASSES_ROOT\htcheck2.chelpobj
HKEY_CLASSES_ROOT\htcheck2.chelpobj.1
HKEY_CLASSES_ROOT\htchecksvr.scanpage
HKEY_CLASSES_ROOT\htchecksvr.scanpage.1
HKEY_CLASSES_ROOT\idiumupdater.idiumsysupdater
HKEY_CLASSES_ROOT\idiumupdater.idiumsysupdater.1
HKEY_CLASSES_ROOT\interface\{5c40012f-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\interface\{dae6416e-491d-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\interface\{eb29cd69-7020-4d1d-a0be-72130dfba9f7}
HKEY_CLASSES_ROOT\typelib\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOT\typelib\{49d25a3f-28ef-4f38-bf7f-bc5fe6d39fa7}
HKEY_CLASSES_ROOT\typelib\{5c400120-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOT\typelib\{9a7cfeda-5911-4ef1-b49a-35c34230ffc1}
HKEY_CLASSES_ROOT\typelib\{be7613d4-7d09-4cf8-b747-6dff0564891e}
HKEY_LOCAL_MACHINE\software\classes\appid\htchecksvr2.exe\appid
HKEY_LOCAL_MACHINE\software\classes\clsid\{c6958acd-d866-4349-9f7b-fdb73384f697}\appid
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1.1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.topickreg1\curver
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\topicks
Remove the following files
Program Files\topicks\bin\datamgr.dll
Program Files\topicks\bin\fileversions.ini
Program Files\topicks\bin\htcheck2.dll
Program Files\topicks\bin\hthost.exe
Program Files\topicks\bin\htps.dll
Program Files\topicks\bin\idhost.exe
Program Files\topicks\bin\idmcom.dll
Program Files\topicks\bin\idmun.exe
Program Files\topicks\bin\idmup.dll
Program Files\topicks\bin\test.ini
Program Files\topicks\bin\topicks.reg
Program Files\topicks\bin\tpbar.dll
Program Files\topicks\bin\tpreg.dll
Program Files\topicks\bin\unwise.ini
Remove the following directories
Documents and Settings\UserName\local settings\temp\idseupdate


----------



## sidthereal

Rise said:
			
		

> that long list on page 5 or 4?the panda scans scanning my c drive. its found spyware  it didnt last time


your doing an online scan right?


----------



## Rise

yes from panda found 6 spyware and 2 hacking tools and potentially unwanted tools so far


----------



## sidthereal

k, update your spyweeper and Ewido Secuirty suite if possible.


----------



## Rise

i will after the scans finished its a quater the way through so another 20 mins and il get back to you ok thanks. will i run spy sweeper and ewios in safe mode?


----------



## Rise

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][1].txt 
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][2].txt 
Spyware:Cookie/Cgi-bin                                                          Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][2].txt 
Spyware:Cookie/Hitbox                                                           Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][2].txt 
Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][1].txt 
Spyware:Cookie/WebtrendsLive                                                    Not disinfected               C:\Documents and Settings\iain murray\Cookies\iain [email protected][2].txt 
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\iain murray\Desktop\smitRem\Process.exe                                                                                                                                                                                               
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\iain murray\Desktop\smitRem.exe[Process.exe]                                          

thats all i got


----------



## Rise

will i run both spy sweeper and ewios in safe mode?


----------



## Rise

cant find any of them dll


----------



## sidthereal

Rise said:
			
		

> will i run both spy sweeper and ewios in safe mode?


update and run in safe mode


----------



## Rise

ok il do it now


----------



## Rise

ok i updated and ran both in safe mode and it only found cookies on spy sweeper ewios found nothing


----------



## Rise

ive downloaded the microsoft malicous tool manually what would how could the worm change the download? pest cleaning by ppclean.exe is asking to start up will i allow it?


----------



## sidthereal

yeah allow it.
Also, attach your MWAV scan log. Not the result of the scan, but the log.
you should be able to save the log after a complete scan.


----------



## Rise

attach it to what this forum?


----------



## Rise

ok ive checked the log and came up with this 

Sun Mar 19 14:09:10 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sun Mar 19 14:09:11 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Mar 19 14:09:29 2006 => Offending Folder found: C:\Documents and Settings\All Users\Application Data\aol\c_aol 9.0\idb\bart\1024
Sun Mar 19 14:09:29 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.

Sun Mar 19 14:09:32 2006 => Offending file found: C:\Documents and Settings\All Users\Application Data\gtek\gtupdate\aupdate\channels\channels.ini
Sun Mar 19 14:09:32 2006 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken.

Sun Mar 19 14:09:33 2006 => Offending file found: C:\Documents and Settings\All Users\Application Data\symantec\common client\settings.dat
Sun Mar 19 14:09:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Sun Mar 19 14:09:34 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\Programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Mar 19 14:09:34 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.

Sun Mar 19 14:09:35 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Mar 19 14:09:35 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.


how would i get rid of these? thanks


----------



## sidthereal

okay according to the log, your norton disk doctor is infected,
now since other anti-virus/anti-malware programmes have not been able to disinfect the system, id recommend you uninstall norton disk doctor.

Additionaly, did you not remove all registry entries of Limewire? 
delete the infected key
go to
Run>regedit
>HKEY_LOCAL_MACHINE > SOFTWARE>MAGNET>HANDLERS>LIMEWIRE
Delete the following:
C:\Documents and Settings\All Users\Application Data\aol\c_aol 9.0\idb\bart\1024
C:\Documents and Settings\All Users\Application Data\gtek\gtupdate\aupdate\channels\channels.ini
C:\Documents and Settings\All Users\Application Data\symantec\common client\settings.dat

Reboot and please post a new HJT log and MWAV scan


----------



## Rise

i used regcleaner that was recommend by buzz, i didnt do it manually


----------



## sidthereal

Id advise you to stick to regcleaner, cos toying with the registry is not safe.
But in this case, youl have to manually delete the key(s)


----------



## Rise

Sun Mar 19 14:09:10 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!


these keys?


----------



## sidthereal

delete the infected key
go to
Run>regedit
>HKEY_LOCAL_MACHINE > SOFTWARE>MAGNET>HANDLERS>LIMEWIRE
Delete the following:
C:\Documents and Settings\All Users\Application Data\aol\c_aol 9.0\idb\bart\1024
C:\Documents and Settings\All Users\Application Data\gtek\gtupdate\aupdate\channels\channels.ini
C:\Documents and Settings\All Users\Application Data\symantec\common client\settings.dat

Reboot and please post a new HJT log and MWAV scan


----------



## Rise

ok im just left with this now


Sun Mar 19 14:09:10 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sun Mar 19 14:09:11 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.


will i delete these keys?


----------



## sidthereal

if u can find it yes,
but only after a backup


----------



## Rise

how do i back up?. ive found them. what firewall/anti virus would you recommend?


----------



## sidthereal

http://www.argentuma.com/backup/registry-backup.html


----------



## Rise

Scan saved at 21:40:32, on 19/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1133047187\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133047187\ee\AOLServiceHost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\iain murray\My Documents\My Received Files\Unused\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolb...cess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133047187\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128031103890
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


theres the hijack. mwav showed nothing. what is a good combo of anti virus and firewall?


----------



## sidthereal

congrats your system is clean from any malware now 
just continue with regular scans and a disk defrag for optimum performance and security.
A good free firewall is Zone Alarm and good Anti-virus range from Nod32 to AVG 
there is a freebies thread somewhere in the forum which discusses these issues.


----------



## Rise

thanks sid couldnt of done it without you, cheers for your time


----------



## sidthereal

no problemo mate.
Jut remember to clean up your pc regularly with Crap cleaner, use a good registry mechanic,
and Defrag regularly.


----------

