Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    10
    Points
    0

    Default systemdoctor/ winantivirus problem; hope somebody can help!

    Hello everybody! I'm new to this forum and I hope somebody can help me with a problem I have with my computer: I have the "systemdoctor/winantivirus" problem...

    I've tried googling for solutions, but found none that worked, so hopefully somebody can give me some specific advice for my case here. I found that most of the time you're asked to post a HijackThis log, so I'll do so too: I closed all my browser windows and generated the following list:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:18:14, on 10-7-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Alarm\Alarm Tray.exe
    C:\Program Files\AnalogX\POW\pow.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home Versie 1.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - blank (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [443e6a01.exe] C:\Documents and Settings\Ronnie\Local Settings\Application Data\443e6a01.exe
    O4 - HKCU\..\Run: [54b187fe.exe] C:\Documents and Settings\Ronnie\Local Settings\Application Data\54b187fe.exe
    O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: @Home - {377DEE45-F94A-4C9A-A6B1-3D40DB14DE80} - http://www/ (file missing) (HKCU)
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/bi.../GoogleNav.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g29973312.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    After googling so much, I think I recognize some of the malicious content, but I haven't dared touching it though...

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    please Download win32delfkil.exe from :-

    http://users.telenet.be/marcvn/tools/win32delfkil.exe

    1. Save it on your desktop.

    2. Double click on win32delfkil.exe and install it. (yes I know it's in a foreign language)

    3. This willcreate a new folder on your desktop called win32delfkil

    4. Close all windows, open the win32delfkil folder and double click on the fix.bat file

    5. Follow the prompts...

    6. It will ask you to shut down your system using the power button, please do so when asked. (if you shut down any other way, the fix will fail)

    Next run the HJT program, check the following files to have HJT fix:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

    O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)

    O4 - HKCU\..\Run: [443e6a01.exe] C:\Documents and Settings\Ronnie\Local Settings\Application Data\443e6a01.exe

    O4 - HKCU\..\Run: [54b187fe.exe] C:\Documents and Settings\Ronnie\Local Settings\Application Data\54b187fe.exe

    O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe

    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g29973312.dll


    Press the fixed check button. Close the HJT

    Re boot the PC.

    Find and delete the following if found:

    C:\WINDOWS\system32\compstuic.dll...File

    C:\Documents and Settings\Ronnie\Local Settings\Application Data\443e6a01.exe...File

    C:\Documents and Settings\Ronnie\Local Settings\Application Data\54b187fe.exe...File

    C:\WINDOWS\system32\clc.exe...File

    C:\WINDOWS\g29973312.dll...File

    Re boot the PC.

    Post the contents of the logfile c\windelf.txt and a New HJT log.

    BG











    _________________

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    10
    Points
    0

    Default

    Hi there bm, first of all I'd like to thank you for your help: I think it's a great thing you guys are doing!

    But anyway, back to business... I'll post the windelf log and a new hijackthis log, and then I'll provide you with some feedback of some things that didn't go exactly as expected: it didn't give me any problems, but it might be useful for others with the same problem, you never know.

    Windelf log:
    ************************
    * WIN32DELFKIL LOGFILE *
    ************************
    by Marckie


    BEFORE RUNNING WIN32DELFKIL
    ***************************

    File(s) found in Windows directory
    ----------------------------------
    g29973312.dll
    g314468.dll
    Gotham Girls.dll
    compstuic.dll

    File(s) found in system32 folder
    --------------------------------
    admparsel.dll

    Export SharedTaskScheduler key
    ------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorie├źn"
    "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
    "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"


    sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
    ---------------------------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
    @="C:\\WINDOWS\\g29973312.dll"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
    @="C:\\WINDOWS\\g29973312.dll"
    "ThreadingModel"="Apartment"


    sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE
    ---------------------------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\admparsel.dll"
    "ThreadingModel"="Apartment"



    Notify key
    ----------
    subkey cfgmngr32 is present!



    AFTER RUNNING WIN32DELFKIL
    **************************

    File(s) found in Windows directory
    ----------------------------------
    g29973312.dll
    g314468.dll
    Gotham Girls.dll

    File(s) found in system32 folder
    --------------------------------
    Export SharedTaskScheduler key
    ------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorie├źn"



    Notify key
    ----------


    New Hijack This log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:36:48, on 11-7-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Alarm\Alarm Tray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AnalogX\POW\pow.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home Versie 1.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - blank (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: @Home - {377DEE45-F94A-4C9A-A6B1-3D40DB14DE80} - http://www/ (file missing) (HKCU)
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/bi.../GoogleNav.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Remarks I have:
    Well the first thing that didn't go as expected, was that Windelf didn's ask me to shut down using the power button: it rebooted my system automatically. I checked windelf's "Info.txt" and it seems that this is just a new feature on a new version, so no problems there really.

    Second thing was, that after Hijack This again, I couldn't find the lines O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing) and O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g29973312.dll. The first one seemed to be fixed by Windelf already, the second one you asked me to delete manually later on, so those were fixed eventually too, just in a slightly different manner.

    After rebooting, I deleted all the files I could find of your list. There was another file just beside C:\WINDOWS\g29973312.dll, namely g314468.dll, which seems to be an evil brother or sister, but I left it alone for now untill somebody who knows a little more about computers tells me otherwise... :wink:

    I'm not telling you this to say: "hey your method isn't 100% as you described it", because I know every computer is different, but I know feedback can be very useful, so that's why I'm just telling you the things that went a little bit different for me.

    Anyway: thanx for the help so far, hope to hear from you soon what traces still need to be fixed!

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    I'd just like to draw your attention to this part of the WIN32DELFKIL log...

    AFTER RUNNING WIN32DELFKIL
    **************************

    File(s) found in Windows directory
    ----------------------------------
    g29973312.dll
    g314468.dll
    Gotham Girls.dll

    You deleted this ... g29973312.dll ... OK

    this ... g314468.dll ... I presume is the "twin" ... delete it as well ...

    No idea what this is :- Gotham Girls.dll ... but it could also be windelf as the program listed it...

    Please go here :-

    http://virusscan.jotti.org/

    Upload this file from your computer :-

    C:\WINNT\Gotham Girls.dll

    copy & paste the above bold line into the "File to upload and scan" box...

    or click the browse button and browse to the file on your computer...

    Then click the submit button


    Post back the results

    & post a new hijackthis log...

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Jul 2006
    Posts
    10
    Points
    0

    Default

    Is it my imagination or did this post change since last night? I checked it last night, and I seem to remember there already was a reply, asking me to tell if the clean-up had worked, asking me to post the info.txt of Windelf and advising me to update my java... I figured it was already 11 pm so I'd do this this morning...

    I appreciate more help of course, but I'll also answer the questions of this "ghost post" I read yesterday:

    The Info.txt of Windelf (basically just a ReadMe):

    ********************
    * WIN32DELFKIL.EXE *
    ********************

    win32delfkil.exe removes Trojan-Downloader.Win32.Delf.pa, also known as Trojan.Stwoyle, from the computer.

    Use this tool on your own risk.

    Unzip the files to your desktop. A new folder will be created: win32delfkil.
    Close all open windows and save all your documents.
    Open the win32delfkil folder and double click on fix.bat.
    If the computer does not reboot automatically when the batfile is finished, you'll need to reboot your computer manually, by turning the power off and then back on.

    At this moment the random filenames q*.dll and g*dll in the windowsdirectory are NOT deleted.(* = random numbers)
    After rebooting, you can delete these files by using windows explorer and looking for the files. Rightclick on the files and choose "delete".

    A Logfile is saved in c:\windelf.txt

    If the tool doesn't work, there will be probably a new clsid under Sharedtaskscheduler and / or a new notify key.


    BHO's which are being deleted:
    ----------------------------
    {B212D577-05B7-4963-911E-4A8588160DFA}
    {6AC3806F-8B39-4746-9C38-6B01CB7331FF}
    {0976BE78-EA53-4DD6-91E6-E6175940032B}
    {405132A4-5DD1-4BA8-A181-95C8D435093A}
    {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
    {7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
    {16875E09-927B-4494-82BD-158A1CD46BA0}
    {C7CF1142-0785-4B12-A280-B64681E4D45E}
    {8D82BB89-B58C-4F21-9C5D-377F65947806}
    {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
    {826B2228-BC09-49F2-B5F8-42CE26B1B711}
    {826B2228-BC09-49F2-B5F8-42CE26B1B712}
    {C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
    {FCADDC14-BD46-408A-9842-111111111111}
    {E412F14A-E998-4543-9E7A-1031A3189A87}
    {D8569837-3CD6-4AD7-9A77-65975B581925}
    {08DF42F3-792D-4944-941B-512582B87219}
    {11111111-2222-408A-9842-CDBE1C6D37EB}
    {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB}
    {7507739F-BC2E-4DC3-B233-816783C25DC9}
    {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
    {0B5F7FDF-0717-45BF-B49D-695F3168C7FE}
    {621D36CC-09F4-44F6-BA4C-C8FBEAA00207}
    {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C}
    {062492AF-392E-479D-BF52-A7A4BCA00307}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00307}
    {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302}

    Notify keys which are being deleted:
    ------------------------------------
    style2
    Style32
    st3
    st3i
    gg
    gggg
    ggggg
    gs
    st3d
    browsela
    cfgmngr32

    Sharedtaskscheduler keys which are being deleted:
    -------------------------------------------------
    {B212D577-05B7-4963-911E-4A8588160DFA}
    {6AC3806F-8B39-4746-9C38-6B01CB7331FF}
    {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
    {7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
    {16875E09-927B-4494-82BD-158A1CD46BA0}
    {C7CF1142-0785-4B12-A280-B64681E4D45E}
    {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
    {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB}
    {86AA461F-2A5B-4889-B543-E1BBA6746D61}
    {31EE3286-D785-4E3F-95FC-51D00FDABC01}
    {0B5F7FDF-0717-45BF-B49D-695F3168C7FE}
    {B29BE267-3A64-4F7E-8A57-75FB5E900506}
    [259BA022-2005-45E9-A965-10EDB9C00605}
    {B29BE267-3A64-4F7E-8A57-75FB5E900503}

    Run keys which are being deleted:
    ---------------------------------
    ClearCookies
    AlexaToolbar

    Files which are being deleted:
    ------------------------------
    windows\q*_disk.dll (or WINNT\q*_disk.dll)
    windows\adsldpb*.dll (or WINNT\adsldpb*.dll)
    windows\slassac.dll (or WINNT\slassac.dll)
    windows\cc.exe (or winnt\cc.exe)
    windows\alt.exe (or WINNT\alt.exe)
    windows\mpatrol.dll (or WINNT\mpatrol.dll)
    windows\netdde.dll (or WINNT\netdde.dll)
    windows\prflbmsgp32.dll (or WINNT\prflbmsgp32.dll)
    windows\admparsel.dll (or WINNT\admparsel.dll)
    windows\compstuib.dll (or WINNT\compstuib.dll)
    windows\compstuic.dll (or WINNT\compstuic.dll)
    system32\winstyle2.dll
    system32\winstyle3.dll
    system32\winstyle32.dll
    system32\prflbmsgp32.dll
    system32\st3.dll
    system32\browsela.dll
    system32\admparsel.dll
    system32\cfgmngr32.dll
    system32\cfgmngr321.dll
    system32\hk.dll
    system32\compstuia.dll

    ---------------
    Version History
    ---------------
    Version: 1.0

    Version: 1.1
    Fix for windows 2000 if shutdown.exe is not present.

    Version: 1.2
    new bho and Sharedtaskscheduler key added: clsid {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

    Version 1.3
    new bho and Sharedtaskscheduler key added: clsid {7A7E6D97-B492-4884-9ABB-C31281DCC4F2}

    version 1.4
    new bho and Sharedtaskscheduler key added: clsid {16875E09-927B-4494-82BD-158A1CD46BA0}

    Version: 2.0
    Logfile added: After running the tool you can find logfile in c:\windelf.txt)
    Fixed the automatically reboot for windows 2000.

    Version: 2.1
    new bho and Sharedtaskscheduler key added: clsid {C7CF1142-0785-4B12-A280-B64681E4D45E}

    Version: 2.11
    new bho added: clsid {8D82BB89-B58C-4F21-9C5D-377F65947806}

    Version: 2.2
    new bho and Sharedtaskscheduler key added: clsid {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
    new key under notify: st3

    Version: 2.21
    new key under notify: st3i

    Version: 2.30
    new keys under notify: gg and gggg
    new bho's: {826B2228-BC09-49F2-B5F8-42CE26B1B717} and {826B2228-BC09-49F2-B5F8-42CE26B1B712}
    If the notifykey gg is present you need to reboot manually, by turning the power off and then back on.

    Version: 2.31
    new key under notify: ggggg
    new bho: clsid {C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}

    Version: 2.32
    new key under notify: gs

    version: 2.33
    run key added: ClearCookies
    new file: C:\WINDOWS\cc.exe
    added a few older CLSID's (thanks to Ton)

    version: 2.34
    new files: adsldpbe.dll
    new bho: {7507739F-BC2E-4DC3-B233-816783C25DC9}

    version: 2.35
    new random files in windows directory: g*.dll

    version: 2.36
    run key added: AlexaToolbar
    new file: c:\windows\alt.exe

    version: 2.37
    new file added: st3d.dll
    new notify key: st3d
    new sharedtaskkey: {86AA461F-2A5B-4889-B543-E1BBA6746D61}

    version: 2.38
    new notify key: browsela
    new sharedtaskkey: {31EE3286-D785-4E3F-95FC-51D00FDABC01}
    new file added: c:\windows\system32\browsela.dll
    If the notifykey browsela is present you need to reboot manually, by turning the power off and then back on.

    version: 2.39
    new file: C:\WINDOWS\adsldpbf.dll
    new bho added: {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}

    version: 2.40
    Fixed the hard reboot. The computer will reboot automaticly.

    version: 2.41
    new file: C:\WINDOWS\adsldpbg.dll

    version: 2.42
    added to find and delete windows\adsldpb*.dll (or WINNT\adsldpb*.dll)

    version: 2.43
    new file: windows\admparsel.dll and system32\admparsel.dll
    new sharedtaskkey: {0B5F7FDF-0717-45BF-B49D-695F3168C7FE}
    new bho's: {0B5F7FDF-0717-45BF-B49D-695F3168C7FE}, {621D36CC-09F4-44F6-BA4C-C8FBEAA00207}, {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C}

    Version: 2.44
    new file: system32\cfgmngr32.dll
    new sharedtaskkey: {B29BE267-3A64-4F7E-8A57-75FB5E900506}
    new notifykey: cfgmngr32

    Version: 2.45
    new files: system32\hk.dll and system32\cfgmngr321.dll

    Version: 2.50
    new method to get the sharedtakskey

    Version: 2.52
    new files: compstuia.dll, compstuib.dll, compstuic.dll
    new bho's: {062492AF-392E-479D-BF52-A7A4BCA00307},{A4F94C0C-54A7-4DB1-9AF3-B22E63D00302}, {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303}, {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304}, {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305}, {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306}, {A4F94C0C-54A7-4DB1-9AF3-B22E63D00307} and {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302}
    new sharedtaskkeys: [259BA022-2005-45E9-A965-10EDB9C00605} and {B29BE267-3A64-4F7E-8A57-75FB5E900503}

    -------------------------
    Contact: marcvn@gmail.com
    -------------------------

    Worked?
    And the help you guys gave me seems to have helped: I find this difficult to say really, because the Winantivirus/Systemdoctor pop-ups seemed to happen irradically; I can't really say "it happens when I refresh a browser window" or something like that, so I can't duplicate a specific event to see if it will happen again... But I haven't seen a Winantivirus pop-up for since I did as you guys told to me, so so far so good; I'm gonna put my hand in the fire and say it's fixed! Thanks alot!

    As for the updating my java part: I'll google around and find a way to do so.

    Now for the new post:
    I did see the part in Windelf about g314468.dll and Gotham Girls.dll; that's why I presumed g314468.dll was malicious too, but I wasn't sure, because the other file it found, Gotham Girls.dll, is just a part of a screensaver I have installed (Poison Ivy, Cat Woman and Harley Quinn from the Batman cartoon ;o)

    But to be certain it isn't infected, I scanned it as you suggested; it wasn't in C:\WINNT\ but in C:\WINDOWS\ however. Again, just letting you know of minor differences in my specific case only to help. Here's the result of the scan:


    File: Gotham_Girls.dll
    Status: OK
    MD5 0409b45f5f6eec43651dd7a62bb6d5d1
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    And here's a new HiJackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:07:15, on 12-7-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Alarm\Alarm Tray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\AnalogX\POW\pow.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home Versie 1.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - blank (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: @Home - {377DEE45-F94A-4C9A-A6B1-3D40DB14DE80} - http://www/ (file missing) (HKCU)
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/bi.../GoogleNav.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Thanks for your help so far; I can think of nicer ways to spend my time than digging through a stranger's HiJackThis log, so thank you for all your trouble!

  6. #6
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Is it my imagination or did this post change since last night?
    No, it was not your imagination, there was a post there from me. I was doing a minor edit, I changed a couple of words, got distracted (on the phone will elderly mother). When back some minutes later, for some unknown reason went back to instead of me hitting my "edit" button I hit the "delete" button.

    Yes I did ask to see the directions, as I have not tried the program-Thanks for submitting them. Yes, I did mention/gave instructions on Java, the one you have is really outdated.

    Once Steamwiz finishes with the problem, I am sure he will advised how to update Java.

    Sorry for the confusion I caused.

    BG

  7. #7
    Member
    Join Date
    Jul 2006
    Posts
    10
    Points
    0

    Default

    That's okay, I figured something like that was going one.
    But any more suggestions? I did as Steamwiz asked; the Gotham Girls.dll doesn't seem to be infected or anything, and I deleted the g314468.dll.

    Oh, and I also updated my Java; I checked and it was last updated in 2004! I set it to update automatically, but I guess something must have gone wrong the last two years... Anyway, that's fixed now; set it to update on a day and time that my computer will probably be in use 9 out of 10 times.

    Oh, and I actually *did* get a malicious pop-up again from some kind of bogus anti-virus/spyware "manufacturer", but I think that was just a pop-up from a website, not from something on my system. But I'd appreciate it if somebody could check the HiJackThis log again? To be on the safe side, I made a new one:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:03:11, on 15-7-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alarm\Alarm Tray.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AnalogX\POW\pow.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home Versie 1.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - blank (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: @Home - {377DEE45-F94A-4C9A-A6B1-3D40DB14DE80} - http://www/ (file missing) (HKCU)
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/bi.../GoogleNav.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Sorry to be flooding this post like this...

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Everything looks good to me. A couple of entries maybe considered just clutter, or it could be a minor problem with the HJT program, so we will leave them.

    As you say, Gotham Girls.dll appears OK and you know what it is, so leave it.

    As far as the Pop Up, yes probably from the site you were visiting, and it got through your pop up stopper. But, I know that you are smart enough not to click on it I too, will once in awhile get one that makes it past my pop up stopper.

    BG

  9. #9
    Member
    Join Date
    Jul 2006
    Posts
    10
    Points
    0

    Default

    Okay, thank you for all the help Basementgeek and you too of course Steamwiz.

    I'll consider the problem fixed, since I haven't had any Winantivirus/Systemdoctor since I fixed the things Basementgeek told me about in his first reply. Except for the one I mentioned, but that was probably not related to my Systemdoctor problem.

    Thanks again for all your time and effort, I really appreciate it!!

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You're very welcome

    Glad we could help :wink:

    I'll lock this thread now that it is resolved...

    Should the original poster require it re-opening, please PM a moderator ... thanks

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -