Member Avatar for ferrarilover

Hi

I have 2 logs, from a scan of my wife's laptop.

1) HJT

ogfile of HijackThis v1.99.1
Scan saved at 3:12:50 PM, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Jennifer Jolie\Local Settings\Temp\wzb965\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rvh.on.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: TChkBHO Class - {34D06734-3CFF-43CD-B10A-465E8C184CFE} - C:\WINDOWS\system32\wqdla.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


2) Antivirus scan from Symantec.com

59366 files scanned, 40 file(s) infected on your disk drives.

No viruses were detected in memory.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.

No viruses were detected in memory.
The scan was cancelled before finishing. To restart the scan, click here.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

Warning! The scan detected a virus that is active in your computer's memory.
The scan ended to prevent further infection.
You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.

No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
Note: The scan was cancelled before finishing. There may be more infected files on this computer.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

A scan has not been run. To start Virus Detection, click here.
C:\WINDOWS\Temp\Altnet\adm.exe is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\adm25.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\adm4.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\admdata.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\admdloader.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\admfdi.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\admprog.dll is infected with Adware.BDE
C:\WINDOWS\Temp\Altnet\dmfiles.cab is infected with Adware.Topsearch
C:\WINDOWS\Temp\Altnet\mysearch.cab is infected with Adware.MWSearch
C:\WINDOWS\Temp\Altnet\pmexe.cab is infected with Adware.Topsearch
C:\WINDOWS\Temp\Altnet\pmfiles.cab is infected with Adware.BDE
C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe is infected with Adware.InstaFinder
C:\WINDOWS\Temp\Adware\RXToolbar.exe is infected with Adware.RXToolbar
C:\WINDOWS\system32\moconfig.exe is infected with Adware.Wurldmedia
C:\WINDOWS\system32\uninstall.exe is infected with Adware.Wurldmedia
C:\WINDOWS\system32\wqdla.dll is infected with Adware.Wurldmedia
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL is infected with Adware.P2PNetworking
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe is infected with Adware.P2PNetworking
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll is infected with Adware.P2PNetworking
C:\Program Files\Uninstall Need2Find Bar.dll is infected with Adware.MWSearch
C:\Program Files\RXToolBar\RXToolBar.dll is infected with Adware.RXToolbar
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL is infected with Adware.MWSearch
C:\Program Files\Kazaa\TopSearch.dll is infected with Adware.TopSearch.B
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe is infected with Adware.InstaFinder
C:\Program Files\INSTAFINK\instafink.dll is infected with Adware.InstaFinder
C:\Program Files\Common Files\aahhnapl\lceltttn\fjcpptpt.exe is infected with Adware.GAIN
C:\Program Files\Common Files\aahhnapl\adblrldjej\nlcnphrch.exe is infected with Adware.GAIN
C:\Program Files\Altnet\Points Manager\sysdetect.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\adm25.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\adm4.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\adm4005.exe is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\admdata.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\admdloader.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\admfdi.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\admprog.dll is infected with Adware.BDE
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe is infected with Adware.Topsearch
C:\Program Files\Altnet\Download Manager\asmend.exe is infected with Adware.Topsearch
C:\Documents and Settings\Jennifer Jolie\Local Settings\Temp\asmfiles.cab is infected with Adware.Topsearch
C:\Documents and Settings\Jennifer Jolie\Local Settings\Temp\p2psetup.exe is infected with Adware.P2PNetworking
C:\Documents and Settings\Jennifer Jolie\Local Settings\Temp\__unin__.exe is infected with Adware.Topsearch


System is running XP and IE 6.0. No popup issues, but recent Incredimail/Outlook sending mail issues.

Thank you!
Chris

  • 2 Contributors
  • 4 Replies
  • 159 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by ferrarilover
Member Avatar for swatkat

Hi,
Download CCleaner and install it. Do not run it now!

Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.


Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Uninstall this Software from Add/Remove Programs in Control Panel, if found:-
Need2Find
WurldMedia
GAIN
Gator
Altnet
RXToolBar


Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O2 - BHO: TChkBHO Class - {34D06734-3CFF-43CD-B10A-465E8C184CFE} - C:\WINDOWS\system32\wqdla.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis. Delete these files:-
C:\WINDOWS\system32\moconfig.exe (do NOT delete the legitimate file msconfig.exe!)
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
C:\Program Files\Uninstall Need2Find Bar.dll
C:\Program Files\Kazaa\TopSearch.dll


Delete these folders:-
C:\Program Files\INSTAFINK
C:\WINDOWS\system32\P2P Networking
C:\Program Files\Common Files\aahhnapl
C:\Program Files\Altnet


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.


Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.

Member Avatar for ferrarilover

Ok, all tasks completed...here are the logs, starting with Kaspersky:

Tuesday, July 04, 2006 11:33:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/07/2006
Kaspersky Anti-Virus database records: 192506
Scan SettingsScan using the following antivirus databasestandardScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\
C:\
D:\ Scan StatisticsTotal number of scanned objects53265Number of viruses found2Number of infected objects10 / 0Number of suspicious objects0Duration of the scan process01:06:29
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Jennifer Jolie\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Jolie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jennifer Jolie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jennifer Jolie\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Jolie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Jolie\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jennifer Jolie\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\3D4A6F57.htm Infected: Exploit.VBS.Phel.a skipped C:\Program Files\Norton AntiVirus\Quarantine\3D571749.htm Infected: Exploit.VBS.Phel.a skipped C:\Program Files\Norton AntiVirus\Quarantine\6CA637D9/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped C:\Program Files\Norton AntiVirus\Quarantine\6CA637D9 ZIP: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\6CA637D9 CryptFF: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\6D1F4954/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped C:\Program Files\Norton AntiVirus\Quarantine\6D1F4954 ZIP: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\6D1F4954 CryptFF: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\737253F0.htm Infected: Exploit.VBS.Phel.a skipped C:\Program Files\Norton AntiVirus\Quarantine\738225DE.htm Infected: Exploit.VBS.Phel.a skipped C:\System Volume Information\_restore{89468B1C-A90B-436B-A9BD-AAAE1777125D}\RP366\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{1B291EFC-6427-479E-A1C9-1D694489C161}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.


************************************************************

and new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:35 PM, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Jennifer Jolie\Desktop\Repair\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rvh.on.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

*********************************************

Patiently awaiting your reply.

Thank you
Chris

Member Avatar for swatkat

Hi,

Sorry, it took me long time to reply. I wasn't able to come offline yesterday. By the way, the log looks clean :) Is the PC running fine?

Member Avatar for ferrarilover

Yes, thank you very much, working well now.

Chris

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.