hjt log

**jholland1964** · 11-10-2006, 10:58 PM

What happens when you try to go to those two websites?

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

**philentropy** · 11-10-2006, 11:28 PM

Originally Posted by jholland1964

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

I did these steps

**jholland1964** · 11-11-2006, 12:09 AM

You may think I am having you redo certain things, the problem is you have not told me for sure earlier if you followed a specific step. When given steps you are not following them in the order given. There are reasons for doing these items in certain order.
Download, install and update this 30 day free trial of Trojan Hunter
Do NOT run it yet.

Update your Nortons. Do NOT run it yet.

Update the AVG anti-spy program. Do NOT run it yet.

Now when you ran this latest HJT scan you had entirely TOO many processes running in the background, many I had not seen before in your other logs;
Limewire for instance. Turn this off and don't run it whle running HJT or cleaning the computer. Which also could be where some of your problems have arisen from...P2P sharing can bring in a lot of nasty items.
Firefox. This is your browser of course but the first rule when running HJT is close all browsers.
RealOnePlayer Updater...totally unnecessary and can be run manually.
Alcohol Soft
uTorrent
Digidesign
Windows Messenger
MAFWTaskbarApplication
Gear CD Burning Software

Turn off all of the above when you run your next HJT scan.

Now Reboot to SAFE MODE.
First run your Norton program, full system scan. Have it FIX whatever is found.
Next run the Trojan Hunter program. Have it fix whatever is found.
Next run the AVG program. Have it fix whatever is found.

Reboot the computer to NORMAL MODE. Make ABSOLUTELY CERTAIN that all of the noted programs above are TURNED OFF and run a new HJT scan. Save the log and post it here along with the latest AVG log.

**philentropy** · 11-14-2006, 06:07 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:02 AM 11/12/2006

+ Scan result:

HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Dvx -> Adware.Delfin : Cleaned.
:mozilla.26:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.147:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.30:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.103:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:10:49 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

**philentropy** · 11-14-2006, 06:09 PM

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: C:\Documents and Settings\biko\Application Data\??mantec
Found NTFS alternate data stream: C:\Documents and Settings\biko\Desktop\IE7BETA3- -nib21.rar
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7. 0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.V sa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b0 3f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5 f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Xml\1.0.5000.0__b77a5 c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_4d04b668\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_971e429b\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. Web.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. XML.dll
C:\WINNT\system32\drivers\sptd.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\sptd7997.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\vaxscsi.sys Not scanned (in use by another application)
No trojan files found
18233 files scanned in 15417 seconds

**jholland1964** · 11-14-2006, 06:20 PM

Turn off the following programs for the time being;
Windows Defender
BitTorrent
Digidesign

Also, stop Trojan Hunter from running in the background. We just wanted to use the scanner portion of the program.

Was the Trojan Hunter run in SAFE MODE? The trojan is still there in your HJT log. Did you run the HJT scan before or after you ran Trojan Hunter?

Reboot to SAFE MODE. Run Trojan Hunter again. Have it fix whatever is found.
Still in SAFE MODE
go to "C":\WINNT\system32\
Look for and delete this file wfxqhv.exe

Reboot to Normal Mode.
Run HJT again and place a checkmark next to the following entry if it still remains;
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
When you have placed the checkmark click the FIX button.
Exit HJT.
Reboot. Run HJT again and post the NEW log here.

**philentropy** · 11-15-2006, 06:37 PM

What do you mean "turn off" (Digidesign, Bittorent and WindowsDefender)? I deleted Bittorent from C:\Program Files.

Yes, Trojan Hunter run in SAFE MODE. No, I Did not run the HJT scan before or after you ran Trojan Hunter.

Logfile of HijackThis v1.99.1
Scan saved at 8:03:29 AM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\MAFWTray.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: C:\Documents and Settings\John\Application Data\??mantec
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\IE7BETA3-WindowsXP-x86-enu.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\Peff030-RB303.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\8-BIT.Magic.ZX.Spectrum.and.C64.refill.zip:Zone.Iden tifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\808_and_909_drum_samples.zip:Zone.Identifier:$D ATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\808_Reason_Drum_Kit.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\additive_V10.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\analognightdemo.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7. 0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.V sa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b0 3f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5 f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Xml\1.0.5000.0__b77a5 c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_4d04b668\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_971e429b\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. Web.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. XML.dll
C:\WINNT\system32\drivers\sptd.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\sptd7997.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\vaxscsi.sys Not scanned (in use by another application)
No trojan files found
18424 files scanned in 15944 seconds

Thread: hjt log

Thread Tools

Display

Hybrid View

Here are all of the posts

Thread Information

Users Browsing this Thread

Posting Permissions