Unwanted "ENTER" Network connection keeps appearing (RESOLVED)

**matth** · 29-10-2006

Hello,
I think I have some sort of backdoor on my PC, I found a new network connection called "Enter", and even though I keep deleting it, it reappears. I scanned my drives using norton and it found some dialer threats, which I deleted but these too keep reappearing. My dial up broadband also keeps disconnecting at 15min intervals, which I think might be connected to this problem.

Any advice on what to do would be greatly appreciated!
Matt

**VopThis** · 31-10-2006

We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

Download and install AVG Anti-Spyware 7.5 (AVG AS - formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).

Click the Download BUTTON. On the next page click the Download now BUTTON.
Save and then install (Run) from the save location.
Open/Run AVG Anti-Spyware
Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install

**matth** · 31-10-2006

Hi,
Firstly, thanks very much for your post.
I did what you recommended, and installed all the programs in before posting list.
I've included the reports where applicable for each, and my Hijack this log, taken after all the scans.

AVG Anti-Virus found:
Trojan horse Generic2.FDF
"" Downloader.Generic2.NEA
"" Dialer.COH
""Dialer.28.A
""Dialer.28.A
"" Downloader.Zlob.CP

(can't figure out how to Copy and paste reports from AVG, but I can tell you the paths if you need to know)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:09:41 30/10/2006

+ Scan result:

C:\Documents and Settings\Matt\Local Settings\Temp\tzl144.tmp -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{80DC5C79-2A86-4CC1-9CD1-1BF7D6883F58}\RP118\A0034656.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{80DC5C79-2A86-4CC1-9CD1-1BF7D6883F58}\RP118\A0035024.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{80DC5C79-2A86-4CC1-9CD1-1BF7D6883F58}\RP118\A0034657.dll -> Adware.Zango : Cleaned.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\SJ1JEUN9\srvuaz[1].exe -> Dialer.InstantAccess.k : Cleaned.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\SU0L8V21\srvqst[1].exe -> Dialer.InstantAccess.k : Cleaned.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\QEJ7U0A6\srvnxn[1].exe -> Dialer.InstantAccess.k : Cleaned.
:mozilla.185:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atoc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@marksandspencer .122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2 o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.134:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.111:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Error during cleaning.
:mozilla.112:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.184:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.36:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.106:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.149:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.152:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.17:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.65:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.70:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.100:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.107:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.108:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-debenhams.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-harleymed.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.hitslin k[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.87:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.88:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.34:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.35:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.164:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.165:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.166:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.85:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.162:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.163:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8z7l6crw.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Matt\Local Settings\Temp\mst29E.tmp -> Trojan.Agent.aae : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 16:32:30, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\ pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Business Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\ pchbutton.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Home Computing.lnk = C:\Program Files\BT Home Computing\BTHomeComputing.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {A77253F0-D55D-48DE-8F91-D2A7C105D2B5} - http://www.btopenworld.com/default (file missing) (HKCU)
O9 - Extra button: BT - {FA55F03C-91B0-4A36-B316-B144A244A095} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F96A7A9-DEEC-48E3-BF52-22398183DA7F}: NameServer = 62.6.40.162 194.74.65.69
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

The mysterious ENTER connection has not come back since,
although I have noticed an unknown program running.
I have included a screendump of it's icon, in case anyone can identify it. I found it when pressing alt+tab to get through different windows.

Thanks for your help, if you need any more info please let me know.
Matt

**matth** · 31-10-2006

Sorry,I can't seem to post the aforementioned screenshot, I click on manage attachments and nothing happens.

**VopThis** · 02-11-2006

You appear to running two (2) real-time antivirus tool components (Norton, AVG). If so, please disable or remove one of them to avoid performance and other compatibility issues.

Download, and run the following tool in SAFE MODE:

Clean out TEMPORARY FILES procedures:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

Don't install any Toolbars, or other programs, should it ask you!
Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Do not run CCleaner until requested later.

Run CCleaner in SAFE MODE (reboot tapping the F8 key after the beep).
Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

Uncheck ‘Cookies’ option (advisable)
Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
Click the ‘Analyse’ button.
Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

Run CCleaner in SAFE MODE and reboot.

Please re-run your antivirus tool listing any unresolved virus files still reported present (and their complete path location).

**matth** · 02-11-2006

Hi,

I followed the above instructions and there were no threats reported on any of the scans. I think everything is clean now.

Interestingly, A fully paid up and updated Norton antivirus (without AVG or any other antivirus program installed) did not detect the threats, it was only AVG free that detected anything.

Anyway, your help is greatly appreciated.

Best regards,

Matt

**VopThis** · 03-11-2006

Fix the following items in HijackThis, if still present:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)

Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.5.0_08\… or higher

REBOOT and post your latest HijackThis log for review.

**matth** · 03-11-2006

Hi
What were those two items in the log that needed fixing?

Thanks again,

Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 18:40:30, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\ pchbutton.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Business Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\ pchbutton.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {A77253F0-D55D-48DE-8F91-D2A7C105D2B5} - http://www.btopenworld.com/default (file missing) (HKCU)
O9 - Extra button: BT - {FA55F03C-91B0-4A36-B316-B144A244A095} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162383829546
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**VopThis** · 04-11-2006

What were those two items in the log that needed fixing?

They represented orphaned or unwanted remnant registry entries. See, for example,
http://www.castlecops.com/modules.ph...F-000874180BB3

To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.

ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.

(Windows XP)

FOLDER LOCATION: c:\System Volume Information\_restore….

To Turn OFF System Restore.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Click Apply.

REBOOT.

To Turn ON System Restore.

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
Create new System Restore points.

(Windows ME)

FOLDER LOCATION: c:\_RESTORE\TEMP\….

See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
- http://www.securityfocus.com/news/11273
  If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.
Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
In addition to using Ad-aware, consider using another free malware scanning/removal program :
Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1

AVG Anti-Spyware : http://free.grisoft.com/doc/20/lng/us/tpl/v5

Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1
Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
*** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
- If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
- IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
  http://www.spywarewarrior.com/uiuc/resource.htm
A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
- Run the HiJackThis tool and select ‘Open the Misc Tools section’.
- Next select ‘Open host file manager’ button.
- Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
- Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
  
  EXCERPT:
  
  #start of lines added by WinHelp2002
  # [Misc A - Z]
  127.0.0.1 phpadsnew.abac.com
  127.0.0.1 a.abnad.net
  127.0.0.1 e.abnad.net
  127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
  .
  .
  .
  #end of lines added by WinHelp2002

*Remember just like your primary anti-virus software, it is important to:
Keep all of these programs up-to-date (using auto-updates where possible), and

Use them on a regular (minimum weekly) basis.

REALITY CHECK:

Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?
SEE: The Dangers of Popularity (for Popular SEARCH TERMS):
http://blog.siteadvisor.com/2006/08/...pularity.shtml

The correlation of search term popularity and search term riskiness illustrates how malicious activity tends to follow and exploit consumer behavior. Users demand "free," and bad actors flock to fill corresponding search results with their deceptive offerings. All too often, users don't realize the detrimental consequences of these sites until their systems crash from spyware or their inboxes become choked with spam.

ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying email attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.

In general, always research any unfamiliar links or products that you might want to access or download. In particular, the SiteAdvisor site and other links listed in my signature have continued to make a significant difference to my clients’ PC health due to better-informed browsing habits and choices. Peer-to-Peer and FREE download sites add a level of risk that many should seriously take into account and adjust their behavior accordingly.

Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly.

Those that continue to want to use 'BitTorrent','Bearshare', ‘Morpheus’ or other P2P applications, can expect to see the possibility of more malware issues (such as bad executables):

http://www.siteadvisor.com/sites/bearshare.com

You would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware - formally known as EWIDO (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime). No combination of tools, however, can ever be completely fail-safe for all possible issues.

Unwanted "ENTER" Network connection keeps appearing (RESOLVED)

Unwanted "ENTER" Network connection keeps appearing (RESOLVED)

Similar Threads

"wireless network connection doesn't have a valid IP configuration"

"Buttons" not appearing on some websites !! Facebook most recent

Unable to update or install programs b/c "No Internet Connection"

Wireless connection says "no connectivity" when I start Windows

Please Hurry, "wireless" area local network unplugged