I got a critical error message, and now i get symantec security alerts

**dpham001** · 27-02-2006

Can someone look at my hijack this log and tell me what's up?

Logfile of HijackThis v1.99.1
Scan saved at 9:41:17 AM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\unzipped\vboydx7\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**Neal** · 02-03-2006

Welcome to DAL,

Sorry but you seemed to escape the attention of myself and VopThis.

If you are still around let's do this first.

Please download, install, and update the NEW free version of Ewido trojan scanner:
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log please.

again our apologies.

**dpham001** · 02-03-2006

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:29:19 AM, 3/2/2006
+ Report-Checksum: 54DD84D0

+ Scan result:

:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Doubleclick : Ignored
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Counted : Ignored
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Counted : Ignored
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Mediaplex : Ignored
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adbrite : Ignored
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Trafic : Ignored
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Clubdicecasino : Ignored
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Clubdicecasino : Ignored
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Clubdicecasino : Ignored
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adserver : Ignored
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adserver : Ignored
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adserver : Ignored
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adbrite : Ignored
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Adbrite : Ignored
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Cpvfeed : Ignored
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Overture : Ignored
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Qksrv : Ignored
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Qksrv : Ignored
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Spylog : Ignored
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Tradedoubler : Ignored
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Ne : Ignored
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Ignored
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Reliablestats : Ignored
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Reliablestats : Ignored
:mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Reliablestats : Ignored
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Reliablestats : Ignored
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm5a0g3m.default\coo kies.txt -> TrackingCookie.Reliablestats : Ignored
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored

::Report End

**dpham001** · 02-03-2006

Logfile of HijackThis v1.99.1
Scan saved at 11:33:10 AM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Winamp\Winamp.exe
C:\unzipped\vboydx7\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**Neal** · 02-03-2006

Welcome back,

Go ahead and run Ewido again and stay with it and remove all those things it found they need to go.

Whay does the error message say?

What does symantec say on the alerts?

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main check all EXCEPT COOKIES
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and check everything EXCEPT FIREFOX COOKIES AND FIREFOX SAVED PASSWORDS
Click the Empty Selected button.

If you use Opera browser

Click Opera at the top and check everything EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
* Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

**dpham001** · 03-03-2006

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 02, 2006 10:01:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 3/03/2006
Kaspersky Anti-Virus database records: 168917
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 48158
Number of viruses found: 4
Number of infected objects: 147
Number of suspicious objects: 2
Duration of the scan process: 00:53:02

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0277508F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07A64EF1.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11395FA6.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\12272F0B.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\182D3424 Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\19FE3E94.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A2969D2.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FF92905.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3055453D.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\32523B84.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\331E2793.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\345009AA.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36942E19.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\369E2C0E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36AB5400.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36AE7DFC.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36B127F9.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36B87BF1.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36BB25EE.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36BE4FEA.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36C523E3.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36CB77DC.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36CF21D8.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36D24BD5.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36DF73C6.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36EF45B4.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36FC6DA6.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\370017A2.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\370D3F94.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37173D89.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\371A6786.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\371D1182.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37203B7E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37270F77.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\372A3974.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\372D6370.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37310D6C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37376165.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37440957.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37513148.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37555B45.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37580541.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\375B2F3E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\375E593A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37620337.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37652D33.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3768572F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\376B012C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\376F2B28.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37725525.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37757F21.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\377C531A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\377F7D16.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3786510F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37897B0B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\378C2508.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37937901.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37994CF9.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\379C76F6.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37A020F2.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37A34AEF.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37A674EB.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37AD48E4.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37B072E0.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37BD1AD2.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37CA42C4.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37D76AB5.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37E168AA.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37E412A7.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37E83CA3.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37EB66A0.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37F13A98.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37F56495.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37F80E91.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37FB388E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38053683.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\380C0A7C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38125E74.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38150871.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\381C5C6A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38265A5F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38362C4D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38402A42.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3843543F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\384A2837.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\395C6F0A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39624302.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\397D12E6.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\399A0CC5.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39A060BE.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39A734B7.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39AA5EB3.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39B132AC.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39C42E97.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39C85893.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39CB028F.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39CE2C8C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39D50085.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39D82A81.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39DB547D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39DE7E7A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39F94E5D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A131E40.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A197239.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A1D1C35.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A204632.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A23702E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A2A4427.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A2D6E24.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A301820.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3ABD2585.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B4932EB.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B4C5CE7.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B5904D9.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B6302CE.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B6D00C3.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B7D52B1.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B914E9C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B9E768D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BA1208A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BA44A86.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BB51C74.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BB84671.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BBB706D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BBF1A69.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BD96A4D.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BDC1449.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BDF3E46.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BE26842.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BE6123E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BE93C3B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BEC6637.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BF01034.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BF33A30.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BFD3825.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C030C1E.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3E486D8A.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49D82989.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4EBB4474.bak Infected: Backdoor.Win32.SdBot.aad skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\549C569C.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\56355197.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\576733AD.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5A314B06.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61C50D95.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65C20704.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6DBC3F9B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71B8390B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CE27F02.exe Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP74\A0032481.COM Infected: Backdoor.Win32.SdBot.aad skipped

Scan process completed.

**Neal** · 03-03-2006

Hi,

What does the error message say?

What does symantec say on the alerts?

Are you still getting the error reports?

You can empty Norton quarantine.

Post a new hijackthis log with feedback please.

**dpham001** · 06-03-2006

It says:

Your computer is at risk in the following areas

Virus protection is turned off

Open your norton product to resolve these issues.

When i open norton, it says an internal error has occured.

Logfile of HijackThis v1.99.1
Scan saved at 6:38:51 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\vboydx7\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**Neal** · 06-03-2006

Is your copy of Norton up to date meaning subscription current?

If it has expired consider getting a free anti-virus program, there are two that is really good.

Your log is clean. May be a problem with Norton.

* Download finditnt2000xp.zip.
www.thatcomputerguy.us/downloads/finditnt2000xp.zip

* Unzip the contents of finditnt2000xp.zip to a convenient location.
* Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
* A command prompt will open and it will search your computer for malicious files.
* Once it has finished a Notepad window will pop up with output.txt.
* Copy the entire contents of output.txt into your next post.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

**dpham001** · 07-03-2006

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Owner\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 7C37-1B31

Directory of C:\WINDOWS\System32

10/27/2005 02:00 PM <DIR> dllcache
03/23/2005 10:17 AM <DIR> Microsoft
09/30/1999 06:21 PM 166,672 mstext35.dll
09/28/1999 08:42 PM 1,050,896 msjet35.dll
09/09/1999 09:06 PM 252,688 msexcl35.dll
09/09/1999 09:06 PM 168,720 msltus35.dll
08/25/1999 01:57 PM 415,504 msrepl35.dll
06/10/1999 08:34 AM 123,664 msjint35.dll
06/10/1999 08:34 AM 24,848 msjter35.dll
06/07/1999 05:59 PM 250,128 mspdox35.dll
04/25/1999 04:00 PM 287,504 Msxbse35.dll
04/25/1999 04:00 PM 252,176 Msrd2x35.dll
10 File(s) 2,992,800 bytes
2 Dir(s) 45,241,495,552 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 7C37-1B31

Directory of C:\WINDOWS\System32

10/27/2005 02:00 PM <DIR> dllcache
03/23/2005 10:11 AM 488 logonui.exe.manifest
03/23/2005 10:11 AM 488 WindowsLogon.manifest
03/23/2005 10:11 AM 749 nwc.cpl.manifest
03/23/2005 10:11 AM 749 sapi.cpl.manifest
03/23/2005 10:11 AM 749 ncpa.cpl.manifest
03/23/2005 10:11 AM 749 wuaucpl.cpl.manifest
03/23/2005 10:11 AM 749 cdplayer.exe.manifest
7 File(s) 4,721 bytes
1 Dir(s) 45,241,495,552 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 7C37-1B31

Directory of C:\WINDOWS\System32

------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 7C37-1B31

Directory of C:\WINDOWS\System32

08/04/2004 11:00 AM 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 45,241,491,456 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c, 00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c, 6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c, 6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c, 6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c, 6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

------------- Locate.com Results -------------

No matches found.

-------- Strings.exe Qoologic Results --------

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\ling_ling_1.scr: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: (AsPack2k)
C:\WINDOWS\system32\MRT.exe: (ASPack 1.00b)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.1)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.12)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.000)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.001)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11x)
C:\WINDOWS\system32\MRT.exe: ASPack2000
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.ex e"
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

I got a critical error message, and now i get symantec security alerts

I got a critical error message, and now i get symantec security alerts

Similar Threads

Critical System Error message

Critical softwrap error

Error with Symantec Corporate Edition 9 (Auto-Protect)

Disabled Symantec and blocking access to many security websites

Symantec Secureport error