Possibly got Malware

GreyCell1988 · July 23, 2008

Getting some popups randomly coming up, can you guys pls have a wee look at my Log? Thanks =)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:46, on 23/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\RivaTuner v2.09\RivaTuner.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files (x86)\Xfire\xfire.exe

C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft.com durchsuchen

LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft.com durchsuchen

LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Microsoft.com durchsuchen

LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 75.125.96.162 nprotect.lineage2.com

O1 - Hosts: 75.125.96.162 l2testauthd.lineage2.com

O1 - Hosts: 75.125.96.162 l2authd.lineage2.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common

Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)

\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)

\Free Download Manager\iefdm2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)

\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Common Files\Portrait

Displays\Shared\DT_startup.exe" -HPW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0

\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe"

"/LOWDISKSPACE C"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart

/startifwork

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)

\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4

\program\quickstart.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)

\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)

\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)

\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32

\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file

missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)

\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)

\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)

\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program

Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common

Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file

missing)

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files

(x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32

\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files

(x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files

(x86)\Norton Internet Security\isPwdSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files (x86)\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero

BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common

Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64

\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files

(x86)\Cyberlink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32

\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32

\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -

C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files (x86)\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files

(x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32

\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32

\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -

C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -

C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown

owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12122 bytes

Tony D · July 23, 2008

I'm not comfortable enough with logs to offer advice, but I think BHO (no name) items aren't a good thing.

BHO: Browser Helper Object - adds functionality to your browser. If there's no name associated with it, I'm suspicious. Hopefully the malware folks here will correct my post if need be.

RandyL · July 23, 2008

Sorry Grey but we have temporarily suspended hjt support. However random popups are a sign you might be infected. Run these scans to check please.

Your computer could be infected with Malware.

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
It is a combination of the words malicious and software.
The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Required Cleanup Steps
1. Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled
2. Run a Temporary file and cache cleaner (ATF)
3. Run 2 Anti-Malware scanners (Listed Below)
4. Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below)
5. Clear out old System Restore points
6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested.

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

Disable Spybot Search & Destroys' TEA TIMER: (if installed)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

__________________________________________________

STEP 2

Follow these instructions carefully.
Download ATF-Cleaner from
Snapfiles.com
to remove un-needed temporary files from your computer that may contain malware.
You can also download it from
Majorgeeks.com
When you run ATF-Cleaner, check the items as shown below for Main.
For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
NOTE:
If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
Then click on "Empty Selected".

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

Install and run the free version (not the Professional version) of SUPERAntiSpyware from
SUPERAntiSpyware.com
- Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
- You do not have to send them your e-mail address, just click next.
- You can leave the automated check for updates on.
- You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
- DO NOT
  allow SUPERAntiSpyware to protect your Home Page settings.
- On the
  Top Left
  select the
  Scan your computer
  button.
- Make sure there is a CHECK MARK on all
  Fixed Drives
  .
- Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.

__________________________________________________

STEP 4

Install and run
Malwarebytes' Anti-Malware
from
Malwarebytes - (direct download)
- Accept all defaults for the installer
- Allow the program to update the definitions
- Click on the
  Quick Scan
  and click Next.
- If any items are found allow it to clean them and then Reboot your computer.

__________________________________________________

STEP 5

Run an online scan with ESET from
Free Virus Scan: Use ESET's Online Antivirus Scanner
- You
  must
  use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
- If your computer is running Window's Vista, then you
  must first
  start Internet Explorer as an Administrator. To do so, right-click on the
  Internet Explorer
  icon in the Start Menu and select "
  Run as administrator
  " from the popup context menu.
- Accept the terms and click "Start".
- Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
- Click "Start" to begin the scan.
- When completed restart your computer

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to

Extreme Tech Support - Free PC Help

and tell us how the computer seems to be operating.

At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

Dalo Harkin · July 24, 2008

Getting some popups randomly coming up, can you guys pls have a wee look at my Log? Thanks =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:46, on 23/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RivaTuner v2.09\RivaTuner.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft.com durchsuchen

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft.com durchsuchen

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Microsoft.com durchsuchen

LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 75.125.96.162 nprotect.lineage2.com
O1 - Hosts: 75.125.96.162 l2testauthd.lineage2.com
O1 - Hosts: 75.125.96.162 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common

Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)

\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)

\Free Download Manager\iefdm2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)

\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Common Files\Portrait

Displays\Shared\DT_startup.exe" -HPW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe"

"/LOWDISKSPACE C"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart

/startifwork
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)

\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4

\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files

(x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)

\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)

\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)

\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32

\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file

missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)

\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)

\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)

\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program

Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common

Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file

missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files

(x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32

\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files

(x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files

(x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files (x86)\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64

\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files

(x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32

\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32

\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -

C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files (x86)\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files

(x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32

\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32

\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -

C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -

C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown

owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12122 bytes

I would also have a look at your startup items and see if there is anything suspicious lurking in there - FYI Daemon tools is known to cause lots of problems - and Norton is NOT very good in terms of protection as you have found out - if you bought Norton then its up to you whether to keep it or not but AVIRA is much better and NOD32 is better still.

GreyCell1988 · July 24, 2008

OK thanks for your help guys, much appreciated, i'll look into Avira also, it looks decent.

Dalo Harkin · July 24, 2008

Also as a side note - see if windows live onecare supports 64bit - thats the one I use and its very very good and can be purchased from any etailer for around £20 a year

GreyCell1988 · July 24, 2008

Ya i used onecare trial on my old pc, i might look into that as all round it was excellent, thanks Dalo :)

Goku · August 2, 2008

This thread appears to be solved and is now closed

If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator

-- Goku

Sign In

Possibly got Malware

Recommended Posts

GreyCell1988

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Tony D

RandyL

Dalo Harkin

GreyCell1988

Dalo Harkin

GreyCell1988

Goku

Join the conversation

Browse

Activity

Site Info