Forum Home
Press F1
Thread ID: 69460	2006-06-02 05:56:00	task manager wont open... help!	lisamarie01 (6731)	Press F1

Post ID	Timestamp	Content	User
459999	2006-06-02 05:56:00	when i use ctrl alt del i get a message administrator has disabled task manager which i havent lol can anyone tell me how to get it working again? thanks	lisamarie01 (6731)
460000	2006-06-02 06:14:00	Sounds like you've been hit by a trojan or worm. Get the file in my sig below and post the log here.	Speedy Gonzales (78)
460001	2006-06-02 06:24:00	ok also nortons is showing a file main.exe has a trojan horse virus but it wont let me delete it and it wont delete it itself, any help wold be appreciated, here is the file hijackthis gave me. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\STOPzilla!\SZServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Personal Firewall\IAMAPP.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Messenger\msmsgs.exe C:\sonic\SONIC3K.EXE C:\Program Files\Outlook Express\msimn.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.703\SysMe ch6.exe C:\Program Files\Netscape\Netscape Browser\netscape.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe C:\Program Files\TuneUp Utilities 2006\RegistryCleaner.exe C:\Program Files\hijackthis\HijackThis.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\OPScan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.trademe.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.trademe.co.nz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = as.starware.com hdO6EN4K7Fr6PlNMuJPLoAiMrf6YnWQ+sBKEEeHTd6rol9aR+H QTI9sAMpP11B4GWAioy3TgSCQtW9/6d94iZCyu/4f/aI20eLKjI4+a9/xis2mSZthJkUNIxILHr5b4gDDSneuEX9jTw== R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = as.starware.com ZPVHpsQNL4zuoWUieqPhZq50bY28mU R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:4098 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: ScriptInocUI Class - - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "www.trademe.co.nz"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\iict9w0q.slt\prefs.j s) N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\iict9w0q.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O2 - BHO: (no name) - {56A961C7-1B2C-412A-BC95-743766E55B38} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7064A9D5-7258-4F2B-84FA-1B9DC6F2AEEA} - C:\WINDOWS\system32\RDOCURSd.DLL O2 - BHO: (no name) - {8AAC67CA-1232-BEBA-B639-0BDD546C5B33} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O4 - HKLM\..\Run: [RIVGQ11w] C:\PROGRA~1\rqrppxux\bcgFCcBN.exe O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .exe: C:\Program Files\Netscape\Netscape Browser\PLUGINS\NpDam.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - www.symantec.com O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - www.symantec.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www.symantec.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - forumchat.compuserve.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - www.napster.com O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h17000.www1.hp.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {C6E43B37-19DF-4F36-AA7F-55B46032588C} (FotopostWeb.CustomerUploader) - fotopost.co.nz O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www.symantec.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - anu.popcap.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - h20179.www2.hp.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - activex.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8CE0ACB4-98DC-490C-87A9-D78F60E15DD3}: NameServer = 202.27.158.40 202.27.156.72 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8F58E6-E875-49D4-AF88-CAE9DF886C1D}: NameServer = 192.168.1.254 O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: ldr64 - C:\WINDOWS\ O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Trialware Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE O23 - Service: Norton Personal Firewall Trialware Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Norton Personal Firewall Trialware Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe	lisamarie01 (6731)
460002	2006-06-02 06:49:00	Turn system restore off, boot into safe modem run hijackthis again tick these entries and tick fix checked. C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.703\SysMe ch6.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = as.starware.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = as.starware.com R3 - URLSearchHook: ScriptInocUI Class - - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {56A961C7-1B2C-412A-BC95-743766E55B38} - (no file) O2 - BHO: (no name) - {7064A9D5-7258-4F2B-84FA-1B9DC6F2AEEA} - C:\WINDOWS\system32\RDOCURSd.DLL O2 - BHO: (no name) - {8AAC67CA-1232-BEBA-B639-0BDD546C5B33} - (no file) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (file missing) Get the removal tool for this here (www.symantec.com) If you cant get to the Symantec site, this is the link (securityresponse.symantec.com) here. Also, follow the info on the Symantec site above. DON'T tick these entries in Hijackthis. See if the removal tool from Symantec fixes these entries. (The hijack entries) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net ************************************ O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file) O20 - Winlogon Notify: ldr64 - C:\WINDOWS\ The entry below maybe this (securityresponse.symantec.com) O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe	Speedy Gonzales (78)
460003	2006-06-02 06:56:00	Hi Download haxfix . exe ( . telenet . be/marcvn/tools/haxfix . exe" target="_blank">users . telenet . be)and save it to your desktop . Double click on haxfix . exe to install haxfix . (standard installation path is c:\program Files\haxfix) Checkmark "Create a desktop icon" Click "Next" When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed Click "Finish" A red "dos window" (dos box) will open with options: 1 . Make logfile 2 . Run auto fix 3 . Run manual fix E . Exit Haxfix Open this folder program files > haxfix and double click on fix . bat (or double click on fix . bat desktop icon) Close all other open windows since this step requires a reboot Select option 3 . Run manu fix by typing 3 and then pressing "Enter"This message will appear: echo Insert the haxdoorkey, and then press Enter: Type or paste the following: ldr When this is a valid choice, the key will be added to delete . There is the possibility to add a new key: Yes (type Y) or No (type N) TYPE NO . Followed by this message: Haxdoorkey xxxx added to delete . Do you want to add a new haxdoorkey? Press Y for YES or N for NO again TYPE NO and then press Enter: (if necessary press Y and insert an other one) Type N for No and press "Enter" The computer will reboot After reboot a logfile will open > (c:haxfix . txt) Post the contents of the logfile together with a new HijackThis log . [/list] ================================== You will need to remove NEW . NET . This is best done via Add/Remove . In some cases removing it can cause problems connecting to the net, so download WinsockFix now and keep it handy . If there is no entry, download and run the New . net uninstaller from here . newdotnet . com/removal . html . " target="_blank">www . newdotnet . com Reboot afterwards . Download WinsockFix ( . greyknight17 . com/spy/WinsockFix . zip" target="_blank">www . greyknight17 . com) and unzip it . Then double-click on it to run it should you have problems . ==================================== Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . R3 - URLSearchHook: ScriptInocUI Class - - (no file O2 - BHO: (no name) - {56A961C7-1B2C-412A-BC95-743766E55B38} - (no file) O2 - BHO: (no name) - {7064A9D5-7258-4F2B-84FA-1B9DC6F2AEEA} - C:\WINDOWS\system32\RDOCURSd . DLL O2 - BHO: (no name) - {8AAC67CA-1232-BEBA-B639-0BDD546C5B33} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O20 - Winlogon Notify: ldr64 - C:\WINDOWS\ O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd . exe Open Windows Explorer and delete the following highlighted file/s C:\WINDOWS\system32\nvsvcd . exe Reboot and Post a new HJT log when done	Pancake (6359)
460004	2006-06-02 07:12:00	Had to do a quick edit on that one..some parts were missing.Make sure you run that Haxdor if nothing else...Should you run into trouble we can use the Auto Fix but that sometimes fails.....	Pancake (6359)
1