Desktop virus help

M

mikey

Following a recent hit on my pc from several files
infected with viruses, the desktop background is now white.


I Try to change desktop background via control
panel/Appearance and Themes - the Display
Properties/Desktop tab is available but i cant do anything but change
the color.
i see a bunch of my destop pictures but can not click them i also see a

html file that says Desktop.
I searched for the file and nothing has come up.
my desired desktop background is momentarily visible during windows
shutdown.


I have norton and it did say i had a virus but i got rid of it and im
really not sure what else to do at this point. i searched for similar
problems but can not find them


If you can help me Email me at (e-mail address removed)


Thank you Mikey




Logfile of HijackThis v1.99.1
Scan saved at 4:57:19 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Internet Explorer\shttps\http.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1132439762\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\autoupdatev2.exe
C:\Program Files\MTV Networks\Alerts\MTVNTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MTV Networks\Alerts\MTVNQueue.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keystone.exe
c:\program files\common files\aol\1132439762\ee\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ryan Zwan\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f305.mail.yahoo.com/ym/login?.rand=c7v91fimhlg0f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7}
- (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {19D93B24-E21E-2BE5-D350-64550DA82C4E} - (no
file)
O2 - BHO: (no name) - {1C0A9CE0-88C6-11d9-BD38-444553540000} - (no
file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
file)
O2 - BHO: (no name) - {6E8A3866-A4F1-AA01-D5E7-F10A767FF6E9} - (no
file)
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no
file)
O2 - BHO: (no name) - {862A06BF-930A-C5FA-7848-EBECDBE71AE5} - (no
file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ED045E50-1DD5-4FA1-B468-E624CC585D3A} - (no
file)
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} -
C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no
file)
O3 - Toolbar: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no
file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet
Explorer\shttps\http.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1132439762\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: MTV Alerts.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Weepee MP3 Bar -
{1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
O9 - Extra 'Tools' menuitem: Weepee MP3 Bar -
{1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: st3i - C:\WINDOWS\q5911680.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
(no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
(no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g
Wireless USB Network Adapter Service) - Unknown owner - C:\Program
Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
C

Carey Frisch [MVP]

Many viruses are designed to fatally corrupt and destroy the
operating system. You can always remove the virus file,
but the damage caused by the execution of the malicious
virus code has already been done. Try the following:

How to Perform a Windows XP Repair Install
http://www.michaelstevenstech.com/XPrepairinstall.htm

If the "Repair Install" is unsuccessful, then you need to
start from scratch and perform a "Clean Install".

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

Here's what you can do to enhance the security on your PC
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

Antivirus software: Frequently asked questions
http://www.microsoft.com/athome/security/protect/antivirus.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| Following a recent hit on my pc from several files
| infected with viruses, the desktop background is now white.
|
|
| I Try to change desktop background via control
| panel/Appearance and Themes - the Display
| Properties/Desktop tab is available but i cant do anything but change
| the color.
| i see a bunch of my destop pictures but can not click them i also see a
|
| html file that says Desktop.
| I searched for the file and nothing has come up.
| my desired desktop background is momentarily visible during windows
| shutdown.
|
|
| I have norton and it did say i had a virus but i got rid of it and im
| really not sure what else to do at this point. i searched for similar
| problems but can not find them
|
|
| If you can help me Email me at (e-mail address removed)
|
|
| Thank you Mikey
|
|
|
|
| Logfile of HijackThis v1.99.1
| Scan saved at 4:57:19 PM, on 11/21/2005
| Platform: Windows XP SP2 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
|
| Running processes:
| C:\WINDOWS\System32\smss.exe
| C:\WINDOWS\system32\winlogon.exe
| C:\WINDOWS\system32\services.exe
| C:\WINDOWS\system32\lsass.exe
| C:\WINDOWS\system32\svchost.exe
| C:\WINDOWS\System32\svchost.exe
| C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
| C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
| C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
| C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
| C:\WINDOWS\system32\spoolsv.exe
| C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
| C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
| C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
| C:\Program Files\Norton AntiVirus\navapsvc.exe
| C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
| C:\WINDOWS\system32\nvsvc32.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\Explorer.EXE
| C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
| C:\Program Files\Common Files\Real\Update_OB\realsched.exe
| C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
| C:\Program Files\Internet Explorer\shttps\http.exe
| C:\Program Files\Common Files\Symantec Shared\ccApp.exe
| C:\Program Files\Common Files\AOL\1132439762\ee\AOLSoftware.exe
| C:\WINDOWS\system32\ctfmon.exe
| C:\WINDOWS\system32\autoupdatev2.exe
| C:\Program Files\MTV Networks\Alerts\MTVNTray.exe
| C:\Program Files\WinZip\WZQKPICK.EXE
| C:\Program Files\MTV Networks\Alerts\MTVNQueue.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\system32\rundll32.exe
| C:\WINDOWS\system32\keystone.exe
| c:\program files\common files\aol\1132439762\ee\aim6.exe
| C:\Program Files\Internet Explorer\iexplore.exe
| C:\Program Files\Internet Explorer\iexplore.exe
| C:\Program Files\Messenger\msmsgs.exe
| C:\Documents and Settings\Ryan Zwan\Desktop\HijackThis1991.exe
|
| R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
| c:\secure32.html
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
| http://us.f305.mail.yahoo.com/ym/login?.rand=c7v91fimhlg0f
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
| c:\secure32.html
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
| c:\secure32.html
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
| c:\secure32.html
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
| c:\secure32.html
| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings,ProxyOverride = 127.0.0.1
| R3 - URLSearchHook: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7}
| - (no file)
| F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
| O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
| - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
| O2 - BHO: (no name) - {19D93B24-E21E-2BE5-D350-64550DA82C4E} - (no
| file)
| O2 - BHO: (no name) - {1C0A9CE0-88C6-11d9-BD38-444553540000} - (no
| file)
| O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
| file)
| O2 - BHO: (no name) - {6E8A3866-A4F1-AA01-D5E7-F10A767FF6E9} - (no
| file)
| O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no
| file)
| O2 - BHO: (no name) - {862A06BF-930A-C5FA-7848-EBECDBE71AE5} - (no
| file)
| O2 - BHO: Google Toolbar Helper -
| {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
| files\google\googletoolbar1.dll
| O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
| C:\Program Files\Norton AntiVirus\NavShExt.dll
| O2 - BHO: (no name) - {ED045E50-1DD5-4FA1-B468-E624CC585D3A} - (no
| file)
| O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} -
| C:\WINDOWS\system32\3DNATO~1.DLL
| O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no
| file)
| O3 - Toolbar: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no
| file)
| O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
| c:\program files\google\googletoolbar1.dll
| O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
| - C:\Program Files\Norton AntiVirus\NavShExt.dll
| O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
| C:\WINDOWS\system32\NvCpl.dll,NvStartup
| O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
| O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
| Files\QuickTime\qttask.exe" -atboottime
| O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
| Files\Real\Update_OB\realsched.exe" -osboot
| O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
| C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
| O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
| Files\Java\jre1.5.0_04\bin\jusched.exe
| O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
| O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet
| Explorer\shttps\http.exe
| O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
| Shared\ccApp.exe"
| O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
| C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
| O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
| Files\AOL\1132439762\ee\AOLSoftware.exe
| O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
| O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
| Files\Yahoo!\Messenger\ypager.exe -quiet
| O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
| O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
| O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
| Office\Office10\OSA.EXE
| O4 - Global Startup: MTV Alerts.lnk = ?
| O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
| Files\WinZip\WZQKPICK.EXE
| O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
| Toolbar\AIMBar.dll/aimsearch.htm
| O8 - Extra context menu item: &Google Search - res://c:\program
| files\google\GoogleToolbar1.dll/cmsearch.html
| O8 - Extra context menu item: &Translate English Word -
| res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
| O8 - Extra context menu item: Backward Links - res://c:\program
| files\google\GoogleToolbar1.dll/cmbacklinks.html
| O8 - Extra context menu item: Cached Snapshot of Page -
| res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
| O8 - Extra context menu item: E&xport to Microsoft Excel -
| res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
| O8 - Extra context menu item: Similar Pages - res://c:\program
| files\google\GoogleToolbar1.dll/cmsimilar.html
| O8 - Extra context menu item: Translate Page into English -
| res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
| C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
| O9 - Extra 'Tools' menuitem: Sun Java Console -
| {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
| Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
| O9 - Extra button: Weepee MP3 Bar -
| {1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
| O9 - Extra 'Tools' menuitem: Weepee MP3 Bar -
| {1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
| O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
| C:\Program Files\AIM\aim.exe
| O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
| (no file)
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
| C:\Program Files\Messenger\msmsgs.exe
| O9 - Extra 'Tools' menuitem: Windows Messenger -
| {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
| Files\Messenger\msmsgs.exe
| O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
| - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
| O12 - Plugin for .pdf: C:\Program Files\Internet
| Explorer\PLUGINS\nppdf32.dll
| O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
| http://photo.walgreens.com/WalgreensActivia.cab
| O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
| http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
| O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
| http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
| O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
| Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
| O20 - Winlogon Notify: st3i - C:\WINDOWS\q5911680.dll (file missing)
| O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
| (no file)
| O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
| (no file)
| O23 - Service: Adobe LM Service - Unknown owner - C:\Program
| Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
| O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
| Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
| O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g
| Wireless USB Network Adapter Service) - Unknown owner - C:\Program
| Files\Belkin\Belkin Wireless Network Utility\WLService.exe
| O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
| - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
| O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
| Corporation - C:\Program Files\Common Files\Symantec
| Shared\ccPwdSvc.exe
| O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
| Corporation - C:\Program Files\Common Files\Symantec
| Shared\ccSetMgr.exe
| O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
| Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
| O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
| Symantec Corporation - C:\Program Files\Norton
| AntiVirus\IWP\NPFMntor.exe
| O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
| Corporation - C:\WINDOWS\system32\nvsvc32.exe
| O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
| O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
| AntiVirus\SAVScan.exe
| O23 - Service: ScriptBlocking Service (SBService) - Symantec
| Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
| O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
| Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
| O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
| C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
| O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
| Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
 
D

David H. Lipman

From: "mikey" <[email protected]>

| Following a recent hit on my pc from several files
| infected with viruses, the desktop background is now white.
|
| I Try to change desktop background via control
| panel/Appearance and Themes - the Display
| Properties/Desktop tab is available but i cant do anything but change
| the color.
| i see a bunch of my destop pictures but can not click them i also see a
|
| html file that says Desktop.
| I searched for the file and nothing has come up.
| my desired desktop background is momentarily visible during windows
| shutdown.
|
| I have norton and it did say i had a virus but i got rid of it and im
| really not sure what else to do at this point. i searched for similar
| problems but can not find them
|
| If you can help me Email me at (e-mail address removed)
|
| Thank you Mikey
|

< snip >

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Additionally this is NOT the correct place to post HJT logs !

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }

That being said...

The following is more than suspicious and is most likely a Downloader Trojan.
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

Chances are what ever you have modified some Local policies affecting Active Desktop.

Start with the Multi AV Scanning Tool. It has been programmed to correct the modifications
made to Local Policies that malware often makes.

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm




* * * Please report back your results * * *
 
G

Guest

If the white desktop screen displayed "Active Desktop" or something similair
then the web page you visited install the website onto your desktop. A handy
stroke annoying feature.
To turn it off :
right click on desktop
select Properties
select Desktop tab
click Customise Desktop..
select web tab
MAKE sure all boxes are all unticked!

Click ok

Next time becarefull on the web or you'll get mugged!
James


mikey said:
Following a recent hit on my pc from several files
infected with viruses, the desktop background is now white.


I Try to change desktop background via control
panel/Appearance and Themes - the Display
Properties/Desktop tab is available but i cant do anything but change
the color.
i see a bunch of my destop pictures but can not click them i also see a

html file that says Desktop.
I searched for the file and nothing has come up.
my desired desktop background is momentarily visible during windows
shutdown.


I have norton and it did say i had a virus but i got rid of it and im
really not sure what else to do at this point. i searched for similar
problems but can not find them


If you can help me Email me at (e-mail address removed)


Thank you Mikey




Logfile of HijackThis v1.99.1
Scan saved at 4:57:19 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Internet Explorer\shttps\http.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1132439762\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\autoupdatev2.exe
C:\Program Files\MTV Networks\Alerts\MTVNTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MTV Networks\Alerts\MTVNQueue.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keystone.exe
c:\program files\common files\aol\1132439762\ee\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ryan Zwan\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f305.mail.yahoo.com/ym/login?.rand=c7v91fimhlg0f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7}
- (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {19D93B24-E21E-2BE5-D350-64550DA82C4E} - (no
file)
O2 - BHO: (no name) - {1C0A9CE0-88C6-11d9-BD38-444553540000} - (no
file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
file)
O2 - BHO: (no name) - {6E8A3866-A4F1-AA01-D5E7-F10A767FF6E9} - (no
file)
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no
file)
O2 - BHO: (no name) - {862A06BF-930A-C5FA-7848-EBECDBE71AE5} - (no
file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ED045E50-1DD5-4FA1-B468-E624CC585D3A} - (no
file)
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} -
C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no
file)
O3 - Toolbar: (no name) - {1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no
file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet
Explorer\shttps\http.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1132439762\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: MTV Alerts.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Weepee MP3 Bar -
{1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
O9 - Extra 'Tools' menuitem: Weepee MP3 Bar -
{1B48E2FA-DA0F-038B-0744-51A569F233C7} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: st3i - C:\WINDOWS\q5911680.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
(no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
(no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g
Wireless USB Network Adapter Service) - Unknown owner - C:\Program
Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problems with pops ups 6
Help Please With Annoying Popups - Highjack This File 9
IE 8 won't start 2
software installation problem ( complicated) 3
Nt Authority System Please Help!! 0
SVC host problem 3
Disappear, re-appear, Rundll32.dll, ieuser.exe, Virus, Bizarre... HELP!! 4
Slow Computer 2

Top