Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: already discussed but need more help  (Read 25692 times)

0 Members and 1 Guest are viewing this topic.

niklad13

    Topic Starter


    Rookie

    already discussed but need more help
    « on: January 30, 2008, 08:29:19 PM »
    check this out, its an already posted by someone and i have the same kind of problem

    http://www.computerhope.com/forum/index.php/topic,49359.0.html

    i download and run the file and restart the pc but the problem is not fixed yet. As soon as i hit enter/go after writing webpage address in addressbar, the status bar of browse shows Done right next moment.

    but my internet can work in "safe mode with network" mode.

    another computer works perfect with the same network and has no problem
    mine is HP pacilion dv1000, with 1 gb RAM, 80 gb /hdd, wireless bla blabla,   
    i use office scan , spydoctor,IE7 and firefox.(i uninstall ie7 and firefox and reinstall them too)
    i do have gzmrotate.dll error since six months but it didnt gave me problem so i gave up on it.

    and this problem starts coming up just a days before after i uninstall some printer software(hp deskjat 4100) from my pc.

    please help

    Broni


      Mastermind
    • Kraków my love :)
    • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: already discussed but need more help
    « Reply #1 on: January 30, 2008, 09:45:55 PM »
    gzmrotate.dll is AdRotator/IconAds Adware

    Said that...

    1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
    Note: This Scanner is for Internet Explorer Only
       1.  You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
       2. If it wants to install an ActiveX component allow it
       3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
       4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
       5. After initialization is complete uncheck\untick "Remove found threats"
       6. Check\tick "Scan unwanted applications"
       7. Click the "Scan" button
       8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
    Post ESET's log.

    2. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    Print these instructions out.

        * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
        * An icon will be created on your desktop. Double-click that icon to launch the program.
        * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
        * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

        * Open SUPERAntiSpyware.
        * Under "Configuration and Preferences", click the Preferences button.
        * Click the Scanning Control tab.
        * Under Scanner Options make sure the following are checked (leave all others unchecked):
              o Close browsers before scanning.
              o Scan for tracking cookies.
              o Terminate memory threats before quarantining.
        * Click the "Close" button to leave the control center screen.
        * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
        * On the left, make sure you check C:\Fixed Drive.
        * On the right, under "Complete Scan", choose Perform Complete Scan.
        * Click "Next" to start the scan. Please be patient while it scans your computer.
        * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
        * Make sure everything has a checkmark next to it and click "Next".
        * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
        * If asked if you want to reboot, click "Yes".
        * To retrieve the removal information after reboot, launch SUPERAntispyware again.
              o Click Preferences, then click the Statistics/Logs tab.
              o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
              o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
              o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
        * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    3. Download HijackThis:
    http://www.snapfiles.com/get/hijackthis.html
    Post HijackThis log.

    niklad13

      Topic Starter


      Rookie

      Re: already discussed but need more help
      « Reply #2 on: January 31, 2008, 09:01:54 PM »
      the superantispyeare didnt create log file after full scan.
      so i am scanning again. it takes much longer time

      what if it wont create log even after second scanning?
      what should i do?

      Broni


        Mastermind
      • Kraków my love :)
      • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: already discussed but need more help
      « Reply #3 on: January 31, 2008, 09:51:14 PM »
      In that case, just post new HJT log.

      niklad13

        Topic Starter


        Rookie

        Re: already discussed but need more help
        « Reply #4 on: February 01, 2008, 05:21:45 PM »
        ok fortunately second time everything ran good and here are all three log files

        i can not paste all files together and i don't see any attachment link so i am just sending you all three log files one by one
        -----------------------------------------------------
        1.eset online scanner log file

        # version=4
        # OnlineScanner.ocx=1.0.0.56
        # OnlineScannerDLLA.dll=1, 0, 0, 51
        # OnlineScannerDLLW.dll=1, 0, 0, 51
        # OnlineScannerUninstaller.exe=1, 0, 0, 49
        # vers_standard_module=2840 (20080131)
        # vers_arch_module=1.063 (20080117)
        # vers_adv_heur_module=1.060 (20070601)
        # EOSSerial=b69ff18111be7344a135ef899e9f61e0
        # end=finished
        # remove_checked=false
        # unwanted_checked=true
        # utc_time=2008-02-01 12:24:23
        # local_time=2008-01-31 06:24:23 (-0600, Central Standard Time)
        # country="United States"
        # osver=5.1.2600 NT Service Pack 2
        # scanned=588622
        # found=9
        # scan_time=3684
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip   multiple infiltrations   FF8D3671268D614A5642B8429790AB3C
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe   multiple infiltrations   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »setup_rightonadz.exe   Win32/Adware.TrafficSol application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »setup_rightonadz.exe »NSIS »gzmrotate.dll   Win32/Adware.TrafficSol application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »ads_3.3.exe   Win32/Adware.Ezula application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »ads_3.3.exe »NSIS »ý¤€   Win32/Adware.Ezula application   00000000000000000000000000000000
        C:\WINDOWS\system32\Indt2.sys   a variant of Win32/TrojanClicker.VB.NDJ trojan   B21B3C65F52CD5F2F2F98CE7E8D6A5F1
        C:\WINDOWS\system32\ndt2.sys   a variant of Win32/TrojanDownloader.Delf.DSX trojan   2DC65B0A64AB15CA71B5A4765B79E24F
        C:\WINDOWS\system32\perfs.exe   probably a variant of Win32/TrojanDownloader.Delf.OBC trojan   9BB4E0BB21526233F55BF308CBE2720B


        niklad13

          Topic Starter


          Rookie

          Re: already discussed but need more help
          « Reply #5 on: February 01, 2008, 05:23:10 PM »
          log file from super antispyware



          --------------------------


          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 02/01/2008 at 01:02 AM

          Application Version : 3.9.1008

          Core Rules Database Version : 3392
          Trace Rules Database Version: 1384

          Scan type       : Complete Scan
          Total Scan Time : 03:05:01

          Memory items scanned      : 541
          Memory threats detected   : 0
          Registry items scanned    : 8061
          Registry threats detected : 13
          File items scanned        : 115145
          File threats detected     : 7

          Trojan.TrafficNinjaBiz
             HKLM\Software\Classes\CLSID\{F31B3634-12AA-41ca-B021-0685C3B3E4CA}
             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31B3634-12AA-41ca-B021-0685C3B3E4CA}
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\InprocServer32
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\InprocServer32#ThreadingModel
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\ProgID
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\Programmable
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\TypeLib
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\VersionIndependentProgID

          Trojan.Downloader-Gen
             HKLM\System\ControlSet001\Services\perfmons
             C:\WINDOWS\SYSTEM32\PERFS.EXE
             HKLM\System\ControlSet002\Services\perfmons
             HKLM\System\CurrentControlSet\Services\perfmons

          Adware.Tracking Cookie
             C:\Documents and Settings\Ranpariya\Cookies\ranpariya@hitbox[2].txt
             C:\Documents and Settings\Ranpariya\Cookies\[email protected][1].txt

          Adware.AdRotator/RightOnz
             HKLM\Software\Microsoft\Windows\CurrentVersion\Run#hid_start [ C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify ]

          Trojan.Unclassified/Perfs
             C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP426\A0069519.EXE

          Trojan.Downloader-Gen/Suspicious
             C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP429\A0070580.EXE

          Trojan.Downloader-Gen/INDT2
             C:\WINDOWS\SYSTEM32\INDT2.SYS

          Rootkit.NDT2
             C:\WINDOWS\SYSTEM32\NDT2.SYS
          -------------------------------------------------------------


          niklad13

            Topic Starter


            Rookie

            Re: already discussed but need more help
            « Reply #6 on: February 01, 2008, 05:24:04 PM »
            hijackthis log file

            ------------------------

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 6:10:17 PM, on 2/1/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Safe mode with network support

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Spyware Doctor\svcntaux.exe
            C:\Program Files\Spyware Doctor\swdsvc.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Spyware Doctor\SDTrayApp.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
            O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
            O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
            O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
            O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
            O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
            O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
            O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
            O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
            O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
            O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
            O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
            O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
            O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
            O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
            O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
            O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
            O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe



            Broni


              Mastermind
            • Kraków my love :)
            • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: already discussed but need more help
            « Reply #7 on: February 01, 2008, 05:43:43 PM »
            You need to rerun HJT. It should be run in Normal, not Safe Mode.

            niklad13

              Topic Starter


              Rookie

              Re: already discussed but need more help
              « Reply #8 on: February 03, 2008, 09:53:47 AM »
              ok here is the hjt log file in normal mode
              since i cant post this file in one mail i am gonna send you in two parts

              1st part
              -----
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 12:09:33 AM, on 2/3/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.exe
              C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Spyware Doctor\svcntaux.exe
              C:\Program Files\Spyware Doctor\swdsvc.exe
              C:\Program Files\Spyware Doctor\SDTrayApp.exe
              C:\WINDOWS\System32\PAStiSvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\WINDOWS\system32\NOD32upd.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\HPQ\SHARED\HPQWMI.exe
              C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
              C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
              C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
              O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
              O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



              niklad13

                Topic Starter


                Rookie

                Re: already discussed but need more help
                « Reply #9 on: February 03, 2008, 09:54:32 AM »
                2nd part
                ----------

                O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
                O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                --
                End of file - 10685 bytes

                Broni


                  Mastermind
                • Kraków my love :)
                • Thanked: 614
                  • Computer Help Forum
                • Computer: Specs
                • Experience: Experienced
                • OS: Windows 8
                Re: already discussed but need more help
                « Reply #10 on: February 03, 2008, 11:34:12 AM »
                *** You need to update your Java: http://www.java.com/en/download/index.jsp
                Uninstall all previous versions of Java through Add\Remove.

                1. Print this post out, since you won't have an access to it, at some point.

                2. Close all windows, except for HijackThis.

                3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

                - O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
                - O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
                - *O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                - *O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                - *O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                - O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                - *O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                - O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                - O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                - O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
                - O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
                - *O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                - *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE



                4. Click on "Fix checked" button.

                5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

                6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

                7. Delete following files/folders (if present):

                - search your computer for NOD32upd.exe file; if found, delete

                8. Turn off System Restore:

                - Windows XP:
                   1. Click Start.
                   2. Right-click the My Computer icon, and then click Properties.
                   3. Click the System Restore tab.
                   4. Check "Turn off System Restore".
                   5. Click Apply.   
                   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
                   7. Click OK.
                - Windows Vista:
                   1. Click Start.
                   2. Right-click the Computer icon, and then click Properties.
                   3. Click on System Protection under the Tasks column on the left side
                   4. Click on Continue on the "User Account Control" window that pops up
                   5. Under the System Protection tab, find Available Disks
                   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
                   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
                   8. Click OK

                9. Restart in Normal Mode.

                10. Turn System Restore on.

                11. Post new HijackThis log.

                niklad13

                  Topic Starter


                  Rookie

                  Re: already discussed but need more help
                  « Reply #11 on: February 03, 2008, 09:52:17 PM »
                  1st part
                  -----------------------
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 10:48:38 PM, on 2/3/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.exe
                  C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\WINDOWS\System32\PAStiSvc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                  C:\WINDOWS\System32\alg.exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
                  C:\WINDOWS\system32\LVCOMSX.EXE
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
                  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  C:\WINDOWS\system32\NOD32upd.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\Program Files\HPQ\SHARED\HPQWMI.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
                  C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
                  C:\WINDOWS\system32\wbem\wmiprvse.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                  O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                  O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                  O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab

                  niklad13

                    Topic Starter


                    Rookie

                    Re: already discussed but need more help
                    « Reply #12 on: February 03, 2008, 09:52:54 PM »
                    2nd part
                    -----------------
                    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                    O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                    O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                    O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                    --
                    End of file - 9820 bytes

                    Broni


                      Mastermind
                    • Kraków my love :)
                    • Thanked: 614
                      • Computer Help Forum
                    • Computer: Specs
                    • Experience: Experienced
                    • OS: Windows 8
                    Re: already discussed but need more help
                    « Reply #13 on: February 03, 2008, 10:16:59 PM »
                    Quote
                    6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

                    7. Delete following files/folders (if present):

                    - search your computer for NOD32upd.exe file; if found, delete
                    Did you find that file?

                    niklad13

                      Topic Starter


                      Rookie

                      Re: already discussed but need more help
                      « Reply #14 on: February 04, 2008, 02:14:52 PM »
                      yes i found one file and i delete it and then i ran hjt and post that log file.
                      should i go ahead and try to find that file again?

                      Broni


                        Mastermind
                      • Kraków my love :)
                      • Thanked: 614
                        • Computer Help Forum
                      • Computer: Specs
                      • Experience: Experienced
                      • OS: Windows 8
                      Re: already discussed but need more help
                      « Reply #15 on: February 04, 2008, 07:26:11 PM »
                      *** Download, and run LSPFix: http://www.cexx.org/lspfix.htm

                      *** Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)  to your desktop.

                          * Double-click mbam-setup.exe and follow the prompts to install the program.
                          * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
                          * If an update is found, it will download and install the latest version.
                          * Once the program has loaded, select Perform full scan, then click Scan.
                          * When the scan is complete, click OK, then Show Results to view the results.
                          * Be sure that everything is checked, and click Remove Selected.
                          * When completed, a log will open in Notepad.
                          * Post that log back here.

                      Be sure to restart the computer.

                      The log can also be found here:
                      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
                      Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

                      *** Post new HJT log.

                      niklad13

                        Topic Starter


                        Rookie

                        Re: already discussed but need more help
                        « Reply #16 on: February 05, 2008, 08:02:22 PM »

                        Malwarebytes' Anti-Malware 1.02
                        Database version: 320

                        Scan type: Full Scan (C:\|)
                        Objects scanned: 129448
                        Time elapsed: 25 minute(s), 43 second(s)

                        Memory Processes Infected: 0
                        Memory Modules Infected: 0
                        Registry Keys Infected: 2
                        Registry Values Infected: 1
                        Registry Data Items Infected: 0
                        Folders Infected: 0
                        Files Infected: 1

                        Memory Processes Infected:
                        (No malicious items detected)

                        Memory Modules Infected:
                        (No malicious items detected)

                        Registry Keys Infected:
                        HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                        HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                        Registry Values Infected:
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                        Registry Data Items Infected:
                        (No malicious items detected)

                        Folders Infected:
                        (No malicious items detected)

                        Files Infected:
                        C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.

                        niklad13

                          Topic Starter


                          Rookie

                          Re: already discussed but need more help
                          « Reply #17 on: February 05, 2008, 08:05:33 PM »
                          Malwarebytes' Anti-Malware 1.02
                          Database version: 320

                          Scan type: Full Scan (C:\|)
                          Objects scanned: 129448
                          Time elapsed: 25 minute(s), 43 second(s)

                          Memory Processes Infected: 0
                          Memory Modules Infected: 0
                          Registry Keys Infected: 2
                          Registry Values Infected: 1
                          Registry Data Items Infected: 0
                          Folders Infected: 0
                          Files Infected: 1

                          Memory Processes Infected:
                          (No malicious items detected)

                          Memory Modules Infected:
                          (No malicious items detected)

                          Registry Keys Infected:
                          HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                          Registry Values Infected:
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                          Registry Data Items Infected:
                          (No malicious items detected)

                          Folders Infected:
                          (No malicious items detected)

                          Files Infected:
                          C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.

                          Broni


                            Mastermind
                          • Kraków my love :)
                          • Thanked: 614
                            • Computer Help Forum
                          • Computer: Specs
                          • Experience: Experienced
                          • OS: Windows 8
                          Re: already discussed but need more help
                          « Reply #18 on: February 05, 2008, 08:12:29 PM »
                          I need new HJT log.

                          niklad13

                            Topic Starter


                            Rookie

                            Re: already discussed but need more help
                            « Reply #19 on: February 05, 2008, 09:08:25 PM »
                            i am sorry.
                            1st part
                            ----------
                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 10:06:14 PM, on 2/5/2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                            Boot mode: Safe mode with network support

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Spyware Doctor\svcntaux.exe
                            C:\Program Files\Spyware Doctor\swdsvc.exe
                            C:\Program Files\Spyware Doctor\SDTrayApp.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                            O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                            O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                            O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                            O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                            O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                            O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                            O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                            O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

                            niklad13

                              Topic Starter


                              Rookie

                              Re: already discussed but need more help
                              « Reply #20 on: February 05, 2008, 09:09:10 PM »
                              2nd part
                              ------------
                              O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                              O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                              O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                              O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                              O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                              O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                              O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                              O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                              O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                              O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                              O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                              O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                              O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                              O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                              O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                              O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                              O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                              O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                              O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                              O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                              --
                              End of file - 8573 bytes

                              Broni


                                Mastermind
                              • Kraków my love :)
                              • Thanked: 614
                                • Computer Help Forum
                              • Computer: Specs
                              • Experience: Experienced
                              • OS: Windows 8
                              Re: already discussed but need more help
                              « Reply #21 on: February 05, 2008, 09:14:58 PM »
                              Quote
                              i am sorry.
                              It's OK. Don't worry...

                              You ran HJT in Safe Mode. I need the log from Normal Mode.

                              niklad13

                                Topic Starter


                                Rookie

                                Re: already discussed but need more help
                                « Reply #22 on: February 05, 2008, 09:29:47 PM »
                                i am sorry again. i am really frustrated with this problem. just your help is keeping me up.


                                Logfile of Trend Micro HijackThis v2.0.2
                                Scan saved at 10:25:58 PM, on 2/5/2008
                                Platform: Windows XP SP2 (WinNT 5.01.2600)
                                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                                Boot mode: Normal

                                Running processes:
                                C:\WINDOWS\System32\smss.exe
                                C:\WINDOWS\system32\csrss.exe
                                C:\WINDOWS\system32\winlogon.exe
                                C:\WINDOWS\system32\services.exe
                                C:\WINDOWS\system32\lsass.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\WINDOWS\System32\svchost.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\WINDOWS\Explorer.EXE
                                C:\WINDOWS\system32\svchost.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                C:\WINDOWS\system32\spoolsv.exe
                                C:\WINDOWS\Explorer.exe
                                C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                C:\Program Files\Bonjour\mDNSResponder.exe
                                C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                C:\WINDOWS\System32\svchost.exe
                                C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                C:\WINDOWS\System32\svchost.exe
                                C:\Program Files\Spyware Doctor\svcntaux.exe
                                C:\Program Files\Spyware Doctor\swdsvc.exe
                                C:\Program Files\Spyware Doctor\SDTrayApp.exe
                                C:\WINDOWS\System32\PAStiSvc.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                C:\WINDOWS\system32\wbem\wmiprvse.exe
                                C:\WINDOWS\System32\alg.exe
                                C:\WINDOWS\system32\hkcmd.exe
                                C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
                                C:\WINDOWS\system32\LVCOMSX.EXE
                                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                                C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
                                C:\WINDOWS\system32\wbem\wmiprvse.exe
                                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                                C:\WINDOWS\system32\ctfmon.exe
                                C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
                                C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                C:\WINDOWS\system32\NOD32upd.exe
                                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                                C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                C:\WINDOWS\system32\wuauclt.exe
                                C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
                                C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
                                C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
                                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                                C:\PROGRA~1\LINKSY~1\LinksysAdvisor.exe

                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                                O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                                O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                                O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                                O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                                O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                                O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                                O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

                                niklad13

                                  Topic Starter


                                  Rookie

                                  Re: already discussed but need more help
                                  « Reply #23 on: February 05, 2008, 09:30:24 PM »
                                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                                  O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                                  O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                                  O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                  O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                                  O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                                  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                  O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                                  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                                  O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                                  O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                  O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                                  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                                  O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                  O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                                  O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                                  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                                  O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                                  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                                  O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                  O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                  O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                                  O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                                  --
                                  End of file - 9917 bytes

                                  Broni


                                    Mastermind
                                  • Kraków my love :)
                                  • Thanked: 614
                                    • Computer Help Forum
                                  • Computer: Specs
                                  • Experience: Experienced
                                  • OS: Windows 8
                                  Re: already discussed but need more help
                                  « Reply #24 on: February 05, 2008, 09:48:06 PM »
                                  I understand your frustration...We'll get you going, don't worry....

                                  Go Start>Run, type in:
                                  regedit
                                  Click OK.
                                  Registry Editor will open.
                                  Go File>Export, and save your registry to safe location.

                                  Navigate to:
                                  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
                                  In right pane, you'll see Microsoft SpA Service. Right click on it, click Delete

                                  Navigate to:
                                  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
                                  In right pane, you'll see Microsoft SpA Service. Right click on it, click Delete

                                  Navigate to:
                                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
                                  In right pane, you'll see Microsoft SpA Service. Right click on it, click Delete

                                  Close Registry Editor.

                                  Restart into Safe Mode, and perform another search for: NOD32upd.exe. Delete, if found.

                                  Restart in Normal Mode. Post new HJT log.

                                  niklad13

                                    Topic Starter


                                    Rookie

                                    Re: already discussed but need more help
                                    « Reply #25 on: February 05, 2008, 10:44:07 PM »
                                    i didnt find microsoft spa services at
                                    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run


                                    hijack log file
                                    ---------
                                    Logfile of Trend Micro HijackThis v2.0.2
                                    Scan saved at 11:41:34 PM, on 2/5/2008
                                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                                    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                                    Boot mode: Normal

                                    Running processes:
                                    C:\WINDOWS\System32\smss.exe
                                    C:\WINDOWS\system32\csrss.exe
                                    C:\WINDOWS\system32\winlogon.exe
                                    C:\WINDOWS\system32\services.exe
                                    C:\WINDOWS\system32\lsass.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\Explorer.EXE
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                    C:\WINDOWS\system32\spoolsv.exe
                                    C:\WINDOWS\Explorer.exe
                                    C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                    C:\Program Files\Bonjour\mDNSResponder.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                    C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\Program Files\Spyware Doctor\svcntaux.exe
                                    C:\Program Files\Spyware Doctor\swdsvc.exe
                                    C:\WINDOWS\System32\PAStiSvc.exe
                                    C:\Program Files\Spyware Doctor\SDTrayApp.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                    C:\WINDOWS\system32\wbem\wmiprvse.exe
                                    C:\WINDOWS\System32\alg.exe
                                    C:\WINDOWS\system32\hkcmd.exe
                                    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
                                    C:\WINDOWS\system32\LVCOMSX.EXE
                                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                                    C:\WINDOWS\system32\wbem\wmiprvse.exe
                                    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
                                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                                    C:\WINDOWS\system32\ctfmon.exe
                                    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
                                    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                    C:\WINDOWS\system32\NOD32upd.exe
                                    C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
                                    C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                                    C:\WINDOWS\system32\wuauclt.exe
                                    C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
                                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                                    C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE

                                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                                    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                                    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                                    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

                                    niklad13

                                      Topic Starter


                                      Rookie

                                      Re: already discussed but need more help
                                      « Reply #26 on: February 05, 2008, 10:45:21 PM »
                                      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                                      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                                      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                                      O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                                      O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                                      O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                                      O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                      O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                                      O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                                      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                                      O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                                      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                                      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                                      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                      O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                                      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                                      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                      O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                                      O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                                      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                                      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                                      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                                      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                      O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                      O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                                      O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                                      --
                                      End of file - 9876 bytes

                                      Broni


                                        Mastermind
                                      • Kraków my love :)
                                      • Thanked: 614
                                        • Computer Help Forum
                                      • Computer: Specs
                                      • Experience: Experienced
                                      • OS: Windows 8
                                      Re: already discussed but need more help
                                      « Reply #27 on: February 05, 2008, 10:57:46 PM »
                                      Was it present at two other locations?

                                      niklad13

                                        Topic Starter


                                        Rookie

                                        Re: already discussed but need more help
                                        « Reply #28 on: February 06, 2008, 02:56:13 PM »
                                        i found the same Microsoft SPA services you told me to check and i also delete them.

                                        Broni


                                          Mastermind
                                        • Kraków my love :)
                                        • Thanked: 614
                                          • Computer Help Forum
                                        • Computer: Specs
                                        • Experience: Experienced
                                        • OS: Windows 8
                                        Re: already discussed but need more help
                                        « Reply #29 on: February 06, 2008, 06:41:55 PM »
                                        Open Registry Editor.
                                        Navigate to two more keys:
                                        - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                        In right pane, you'll see Microsoft SpA Service. Right click on it, click Delete
                                        - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                        In right pane, you'll see Microsoft SpA Service. Right click on it, click Delete

                                        Double check three locations, listed in my post #24, if Microsoft SpA Service didn't reappear. If so, delete.

                                        Restart computer in Safe Mode, and re-search for NOD32upd.exe file. Delete, if exist.

                                        Restart in Normal Mode. Post new HJT log.

                                        niklad13

                                          Topic Starter


                                          Rookie

                                          Re: already discussed but need more help
                                          « Reply #30 on: February 06, 2008, 08:12:28 PM »
                                          i dont have any policies folder in currentversion folder
                                           HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


                                          ---------------


                                          Logfile of Trend Micro HijackThis v2.0.2
                                          Scan saved at 9:07:31 PM, on 2/6/2008
                                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                                          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                                          Boot mode: Normal

                                          Running processes:
                                          C:\WINDOWS\System32\smss.exe
                                          C:\WINDOWS\system32\csrss.exe
                                          C:\WINDOWS\system32\winlogon.exe
                                          C:\WINDOWS\system32\services.exe
                                          C:\WINDOWS\system32\lsass.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\System32\svchost.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\Explorer.EXE
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                          C:\WINDOWS\system32\spoolsv.exe
                                          C:\WINDOWS\Explorer.exe
                                          C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                          C:\Program Files\Bonjour\mDNSResponder.exe
                                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                          C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                          C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                          C:\Program Files\Spyware Doctor\svcntaux.exe
                                          C:\Program Files\Spyware Doctor\swdsvc.exe
                                          C:\Program Files\Spyware Doctor\SDTrayApp.exe
                                          C:\WINDOWS\System32\PAStiSvc.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                          C:\WINDOWS\System32\alg.exe
                                          C:\WINDOWS\system32\hkcmd.exe
                                          C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
                                          C:\WINDOWS\system32\LVCOMSX.EXE
                                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                          C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
                                          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                                          C:\WINDOWS\system32\ctfmon.exe
                                          C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
                                          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                          C:\WINDOWS\system32\wbem\wmiprvse.exe
                                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                          C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                          C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
                                          C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
                                          C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
                                          C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                                          C:\WINDOWS\system32\wbem\wmiprvse.exe

                                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                                          O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                          O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                                          O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                                          O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                                          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                                          O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                                          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                                          O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

                                          niklad13

                                            Topic Starter


                                            Rookie

                                            Re: already discussed but need more help
                                            « Reply #31 on: February 06, 2008, 08:12:56 PM »
                                            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                                            O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                                            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                            O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                                            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                            O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                                            O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                                            O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                                            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                                            O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                                            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                            O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                                            O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                                            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                                            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                                            O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                            O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                            O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                            O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                                            O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                                            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                                            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                                            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                                            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                                            O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                                            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                                            O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                                            O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                                            O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                                            --
                                            End of file - 9508 bytes

                                            Broni


                                              Mastermind
                                            • Kraków my love :)
                                            • Thanked: 614
                                              • Computer Help Forum
                                            • Computer: Specs
                                            • Experience: Experienced
                                            • OS: Windows 8
                                            Re: already discussed but need more help
                                            « Reply #32 on: February 06, 2008, 08:20:21 PM »
                                            Very nice. All clean.

                                            You may checkmark this line in HJT:
                                            - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                            and let HJT fix it, since you don't need SAS as a startup.

                                            Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
                                            Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

                                            How is your computer doing?

                                            niklad13

                                              Topic Starter


                                              Rookie

                                              Re: already discussed but need more help
                                              « Reply #33 on: February 06, 2008, 08:31:36 PM »
                                              i do have ccleaner.com v2.02.527
                                              do i steel need slim version ?

                                              Broni


                                                Mastermind
                                              • Kraków my love :)
                                              • Thanked: 614
                                                • Computer Help Forum
                                              • Computer: Specs
                                              • Experience: Experienced
                                              • OS: Windows 8
                                              Re: already discussed but need more help
                                              « Reply #34 on: February 06, 2008, 08:32:58 PM »
                                              Not really. Slim version just comes without Google bar, or whatever bar it is.

                                              niklad13

                                                Topic Starter


                                                Rookie

                                                Re: already discussed but need more help
                                                « Reply #35 on: February 06, 2008, 08:37:57 PM »
                                                Ggaaaaaaaaaaaaaaallllllllllllliiiiiiiii iiiiiiiiiii!
                                                 YOU ARE THE MAN

                                                ITS WORKING AS BRAND NEW

                                                but i would like to know what was the problem and how can i avoide same problem happening in future?





                                                Broni


                                                  Mastermind
                                                • Kraków my love :)
                                                • Thanked: 614
                                                  • Computer Help Forum
                                                • Computer: Specs
                                                • Experience: Experienced
                                                • OS: Windows 8
                                                Re: already discussed but need more help
                                                « Reply #36 on: February 06, 2008, 08:43:02 PM »
                                                I'm glad, you're happy, but you have to spell this:
                                                Quote
                                                Ggaaaaaaaaaaaaaaallllllllllllliiiiiiiii iiiiiiiiiii!
                                                for me  ??? ??? :o :o ;D

                                                niklad13

                                                  Topic Starter


                                                  Rookie

                                                  Re: already discussed but need more help
                                                  « Reply #37 on: February 06, 2008, 08:47:33 PM »
                                                  but what should i do to avoid this in future?

                                                  what did i have done which created that stupid problem?


                                                  please answer

                                                  Broni


                                                    Mastermind
                                                  • Kraków my love :)
                                                  • Thanked: 614
                                                    • Computer Help Forum
                                                  • Computer: Specs
                                                  • Experience: Experienced
                                                  • OS: Windows 8
                                                  Re: already discussed but need more help
                                                  « Reply #38 on: February 06, 2008, 09:02:32 PM »
                                                  It's almost impossible to pin-point what was your exact problem, since your computer had several infections.
                                                  It's almost impossible to prescribe fool-proof protection, but there are some general rules.
                                                  Read here: http://www.bleepingcomputer.com/tutorials/tutorial82.html

                                                  I'd also recommend one extra piece of protection...
                                                  Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
                                                  It won't interfere with your antivirus, nor firewall.

                                                  niklad13

                                                    Topic Starter


                                                    Rookie

                                                    Re: already discussed but need more help
                                                    « Reply #39 on: February 07, 2008, 08:36:04 PM »
                                                    so i have Hijackthis, Superantispyware, Threatfire and Malwarebytes' Anti-maleware and ccleaner on my PC
                                                    do i need to carry all of them.????

                                                    the reason why is they are in my system startup/systemtry and making my pc a bit slower at startup

                                                    please advice

                                                    Broni


                                                      Mastermind
                                                    • Kraków my love :)
                                                    • Thanked: 614
                                                      • Computer Help Forum
                                                    • Computer: Specs
                                                    • Experience: Experienced
                                                    • OS: Windows 8
                                                    Re: already discussed but need more help
                                                    « Reply #40 on: February 07, 2008, 09:04:05 PM »
                                                    The only program from the above list, which you should have as a startup is ThreatFire, which gives you real-time protection.
                                                    All others can be disabled as startups, because they are OFF-line scanner. No need to have them running all the time.