Cant reactivate Norton

S

slw

New Member
I had Norton on my computer before but canceled it because I left the country, now I am back and trying to reinstall it but I keep getting ERROR 112.
I keep getting adware stuff popping up all the time. I was told that this can block Norton from being Installed. I have treid using Spybot and AVG to get rid of this stuff but still got it. So any advice please. Thanks.
 
Why Norton? It's one of the worst antivirus programs I have ever seen or had. Better use AVG or NOD32 or even the AVIRA.. But not the Norton..
 
I think the majority of advice you will get, will be to remove norton altogether and install a decent antivirus. You aren't doing yourself any favours by using it.
 
I use Norton Internet Security and seriously, I have no problem with it.

The guy isn't asking if there is a better anti-virus out there, he's asking for help re-installing it...

Anyway Download Hijackthis and post your log in this topic.
 
When I first read the title, my first thought was "good".

But seriously, there are free alternatives that are better and less resource heavy than Norton.
 
webbenji said:
I use Norton Internet Security and seriously, I have no problem with it.

The guy isn't asking if there is a better anti-virus out there, he's asking for help re-installing it...
Click to expand...


But if its possible for people to advise of a better solution then surely thats the sensible thing to do. Some of the detection rate tests for Norton have been nothing short of Abysmal at times. Too many reviews have found its detection rate to be in the low eighty percent or below that! AVG is by no means perfect but it does provide a higher detection rate and thus a better solution.

There are others out there that would improve on it further too
 
Not sure if this is the log , but its the only thing it gave me'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:29 PM, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\dvteqhtA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stacy\Local Settings\Temporary Internet Files\Content.IE5\M90ZQ1E5\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by105fd.bay105.hotmail.msn.c...beda3486a2203bcb9b6270cd09b42f9a11f8d671f6b5b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2194380C-BBF3-4E67-5495-877C19DF6F00} - C:\Program Files\Internet Explorer\qukado.dll (file missing)
O2 - BHO: (no name) - {430FDEB2-DDF1-4B8D-85E7-97A9E9022E69} - C:\Program Files\Common Files\mexo4444.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\khffcbb.dll
O2 - BHO: (no name) - {8A645418-E43A-499F-80D2-5994B4CAD75B} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B5C8140-3AF4-447E-AF9E-AA4538F1E635} - C:\WINDOWS\system32\njayjbwe.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ohb Class - {C1AA87B1-FE12-4937-A09C-1B7B869D913B} - C:\WINDOWS\system32\tb22.dll (file missing)
O2 - BHO: (no name) - {C51AEEDF-34A4-4C1A-99CD-1B84D764E590} - C:\Program Files\Common Files\mexo83122.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gmlkbvty.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [dvteqhtA] C:\WINDOWS\dvteqhtA.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hlgemayn.dll",forkonce
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C39C29AB-57DC-11D4-8D78-00008371DDA6} (CLoCompression Class) - http://206.221.241.169:81/comp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O20 - Winlogon Notify: khffcbb - C:\WINDOWS\SYSTEM32\khffcbb.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rntjpbum.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\rteseri.html
O24 - Desktop Component 1: (no name) - http://grahamwatson.com/2002/koppenberg/koppen/image8.jpg

--
End of file - 13145 bytes
 
slw said:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by105fd.bay105.hotmail.msn.c...beda3486a2203bcb9b6270cd09b42f9a11f8d671f6b5b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com



O2 - BHO: (no name) - {2194380C-BBF3-4E67-5495-877C19DF6F00} - C:\Program Files\Internet Explorer\qukado.dll (file missing)

O2 - BHO: (no name) - {430FDEB2-DDF1-4B8D-85E7-97A9E9022E69} - C:\Program Files\Common Files\mexo4444.dll

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\khffcbb.dll
O2 - BHO: (no name) - {8A645418-E43A-499F-80D2-5994B4CAD75B} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: (no name) - {9B5C8140-3AF4-447E-AF9E-AA4538F1E635} - C:\WINDOWS\system32\njayjbwe.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gmlkbvty.dll
O4 - HKLM\..\Run: [dvteqhtA] C:\WINDOWS\dvteqhtA.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O20 - Winlogon Notify: khffcbb - C:\WINDOWS\SYSTEM32\khffcbb.dll
Click to expand...

In grey you need to look at the URL. If you recognize them it's fine, if not I'll tell you what to do.
In Blue I suspect those to be spywares
In Yellow, those are file missings, we'll get rid of them later
In Red those are what I believe to be malwares.

O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\rteseri.html
O24 - Desktop Component 1: (no name) - http://grahamwatson.com/2002/koppenberg/koppen/image8.jpg
Click to expand...

I have never seen these kind of 024, they must be checked by someone more professional than me first.

You had a lot of malware!

So to start here is what you are going to do:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then rename Hijackthis to something random.exe and post a new log.
 
Thanks, not sure what you meant by "Then rename Hijackthis to something random.exe and post a new log"


ComboFix 07-08-09.3 - "stacy" 2007-08-09 17:03:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\stacy\APPLIC~1.\fnts~1
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\FJGMFJQR\www.broadcaster.com
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\stacy\APPLIC~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\stacy\MYDOCU~1.\sks~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mexo4444.dll
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Internet Explorer\rteseri.html
C:\Program Files\poolsv
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\b103.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\cddxstve.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\cvpaljgf.exe
C:\WINDOWS\system32\ddcyvwt.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\w717.exe
C:\WINDOWS\system32\ecbibrru.exe
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\fccbbbx.dll
C:\WINDOWS\system32\feklttky.dll
 
sorry didnt copy the whole log.

ComboFix 07-08-09.3 - "stacy" 2007-08-09 17:03:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\stacy\APPLIC~1.\fnts~1
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\FJGMFJQR\www.broadcaster.com
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\stacy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\stacy\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\stacy\APPLIC~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\stacy\MYDOCU~1.\sks~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mexo4444.dll
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Internet Explorer\rteseri.html
C:\Program Files\poolsv
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\b103.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\cddxstve.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\cvpaljgf.exe
C:\WINDOWS\system32\ddcyvwt.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\w717.exe
C:\WINDOWS\system32\ecbibrru.exe
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\fccbbbx.dll
C:\WINDOWS\system32\feklttky.dll
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fohksemy.exe
C:\WINDOWS\system32\gmlkbvty.dll
C:\WINDOWS\system32\hlgemayn.dll
C:\WINDOWS\system32\jbtaffye.dll
C:\WINDOWS\system32\jbuwqcwx.exe
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jmvhcpff.exe
C:\WINDOWS\system32\khffcbb.dll
C:\WINDOWS\system32\koiralcr.exe
C:\WINDOWS\system32\lcqtwjjg.dll
C:\WINDOWS\system32\mkaxcxtg.exe
C:\WINDOWS\system32\mktxxfcn.exe
C:\WINDOWS\system32\nyameglh.ini
C:\WINDOWS\system32\oarvigtj.exe
C:\WINDOWS\system32\oekkskhh.exe
C:\WINDOWS\system32\oufafwrs.ini
C:\WINDOWS\system32\pdejhvqd.dll
C:\WINDOWS\system32\pjuhavkj.dll
C:\WINDOWS\system32\qrxtbkid.exe
C:\WINDOWS\system32\rxytgwew.exe
C:\WINDOWS\system32\srwfafuo.dll
C:\WINDOWS\system32\ssqollj.dll
C:\WINDOWS\system32\vfjqlhfl.exe
C:\WINDOWS\system32\wrtbttil.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-09 17:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 14:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-09 09:31 <DIR> d-------- C:\searchplugins
2007-08-09 09:30 <DIR> d-------- C:\Program Files\Crawler
2007-08-08 11:54 <DIR> d-------- C:\Program Files\Rogers Client CD
2007-08-05 08:04 120,852 --a------ C:\WINDOWS\system32\njayjbwe.dll
2007-08-04 15:24 <DIR> d-------- C:\Program Files\Veoh Networks
2007-08-04 07:43 886,352 -r-hs---- C:\WINDOWS\dvteqhtA.exe
2007-08-04 07:43 <DIR> d-------- C:\Temp
2007-08-03 02:44 <DIR> d--hs---- C:\found.000
2007-07-10 18:36 <DIR> d--hs---- C:\WINDOWS\c3RhY3k


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 10:52 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 10:42 --------- d-------- C:\Program Files\Yahoo!
2007-08-08 12:54 --------- d-------- C:\Program Files\HRAI
2007-08-08 11:57 --------- d-------- C:\Program Files\Rogers
2007-08-05 15:12 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-05 15:12 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-05 15:12 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-05 15:12 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-05 15:12 --------- d-------- C:\Program Files\Symantec
2007-08-05 14:34 --------- d-------- C:\Program Files\Google
2007-08-04 16:02 --------- d-------- C:\Program Files\Picasa2
2007-08-04 15:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 15:38 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-03 15:38 56 -r-hs---- C:\WINDOWS\system32\0B8664E02F.sys
2007-06-16 22:38 --------- d-------- C:\DOCUME~1\stacy\APPLIC~1\Corel
2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-12 01:54:58 88 --sh--r C:\WINDOWS\system32\2FE064860B.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2194380C-BBF3-4E67-5495-877C19DF6F00}]
C:\Program Files\Internet Explorer\qukado.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5C8140-3AF4-447E-AF9E-AA4538F1E635}]
2007-08-05 08:04 120852 --a------ C:\WINDOWS\system32\njayjbwe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1AA87B1-FE12-4937-A09C-1B7B869D913B}]
C:\WINDOWS\system32\tb22.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C51AEEDF-34A4-4C1A-99CD-1B84D764E590}]
C:\Program Files\Common Files\mexo83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 15:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 17:51]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"dvteqhtA"="C:\WINDOWS\dvteqhtA.exe" [1989-12-12 10:10]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 23:58]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-07-31 17:12]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-04-25 10:46]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-04-25 10:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-25 00:47:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\rteseri.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
S3 LHidUsbK;SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
S3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
S3 SQTECH905C;ViviCam 35;C:\WINDOWS\system32\Drivers\Capt905c.sys
S3 SQTECH9080;MegaCam(PID_9080_00);C:\WINDOWS\system32\Drivers\Capt9080.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\stacy\LOCALS~1\Temp\tni55.tmp


Contents of the 'Scheduled Tasks' folder
2006-08-03 12:43:55 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-08-04 01:05:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - stacy.job - C:\PROGRA~1\Yahoo!\NAV\NAVW32.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 17:20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001c9

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-09 17:26:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 17:26

--- E O F ---
 
Ok you do have a few spyware.

Have you run scans for the programs here ( spybot and SuperAntiSpyware)?
 
You must log in or register to reply here.
Back
Top