17 replies to this topic

[XanaTos112]

hey i just have a few Qs bout this HJT log,its weird cause i usually keep my pc really clean with kaspersky,ad-aware,spybot,spywareblaster,HJT,and firewall,but when i ran it there trying to explain it to a friend i noticed these things which have never been there before

the only problem are in the O1s,everything else shud be fine

Logfile of HijackThis v1.99.1
Scan saved at 00:23:44, on 01/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gran Paradiso\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Marko.. n00b\Desktop\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 123spywar.com
O1 - Hosts: 1clickspyclean.com
O1 - Hosts: 1clicksuite.net
O1 - Hosts: 1spyware-removal.com
O1 - Hosts: 1spywarekiller.com
O1 - Hosts: 1stantivirus.com
O1 - Hosts: 1stspywar.com
O1 - Hosts: 2-AntiSpyware.com
O1 - Hosts: 209.50.251.182
O1 - Hosts: 3bsoftware.com
O1 - Hosts: 66.79.171.75
O1 - Hosts: actualresearch.com
O1 - Hosts: abletostop.com
O1 - Hosts: aboutblankremover.com
O1 - Hosts: accessvid.net
O1 - Hosts: acegates.com
O1 - Hosts: achtungachtung.com
O1 - Hosts: activexmediaobject.com
O1 - Hosts: activexsite.com
O1 - Hosts: activexsoftwares.com
O1 - Hosts: activexsource.com
O1 - Hosts: actualresearch.com
O1 - Hosts: ad-eliminator.com
O1 - Hosts: ad-soft.net
O1 - Hosts: ad-where.com
O1 - Hosts: ada-ware.com
O1 - Hosts: adarmor6.com
O1 - Hosts: adaware.com
O1 - Hosts: adbutcher.com
O1 - Hosts: addriller.com
O1 - Hosts: addwareremover.com
O1 - Hosts: addwere.com
O1 - Hosts: adekit.com
O1 - Hosts: adeliminator.net
O1 - Hosts: aderadicator.com
O1 - Hosts: adflusher.com
O1 - Hosts: adnuker.com
O1 - Hosts: adprotector.com
O1 - Hosts: adremovergold.com
O1 - Hosts: adscrub.com
O1 - Hosts: adstriker.com
O1 - Hosts: adszapper.com
O1 - Hosts: advancedsearchbar.com
O1 - Hosts: advertising.com
O1 - Hosts: adware-bazooka.com
O1 - Hosts: adware-business.com
O1 - Hosts: adware-gator.com
O1 - Hosts: adware-punisher.com
O1 - Hosts: adware-remover.net
O1 - Hosts: adware.com
O1 - Hosts: adware.privacy-solution.com
O1 - Hosts: adware.storesbiz.com
O1 - Hosts: adwarealert.com
O1 - Hosts: adwarebazooka.com
O1 - Hosts: adwarebgone.info
O1 - Hosts: adwareblaster.com
O1 - Hosts: adwareblocker.com
O1 - Hosts: adwarebutcher.com
O1 - Hosts: adwarecatch.com
O1 - Hosts: adwarecatcher.com
O1 - Hosts: adwarecheck.com
O1 - Hosts: adwarechecker.com
O1 - Hosts: adwarecops.com
O1 - Hosts: adwarecrusher.com
O1 - Hosts: adwaredelete.com
O1 - Hosts: adwaredeluxe.com
O1 - Hosts: adwaredetect.com
O1 - Hosts: adwaredetector.com
O1 - Hosts: adwareeradicator.com
O1 - Hosts: adwareeraser.com
O1 - Hosts: adwarefilter.com
O1 - Hosts: adwarefinder.com
O1 - Hosts: adwareflush.com
O1 - Hosts: adwareflusher.com
O1 - Hosts: adwareguard.com
O1 - Hosts: adwarehitman.com
O1 - Hosts: adwarehunter.com
O1 - Hosts: adwareindanger.com
O1 - Hosts: adwareinspector.com
O1 - Hosts: adwareisgone.com
O1 - Hosts: adwarepatrol.com
O1 - Hosts: adwarepolice.com
O1 - Hosts: adwarepro.com
O1 - Hosts: adwarepunisher.com
O1 - Hosts: adwareremover.ws
O1 - Hosts: adwareremovergold.com
O1 - Hosts: adwaresafe.com
O1 - Hosts: adwaresafety.com
O1 - Hosts: adwaresanitizer.com
O1 - Hosts: adwarescanner.com
O1 - Hosts: adwarescrub.com
O1 - Hosts: adwarescrubber.com
O1 - Hosts: adwaresheriff.com
O1 - Hosts: adwaresheriff.net
O1 - Hosts: adwareshield.com
O1 - Hosts: adwareshredder.com
O1 - Hosts: adwaresoft.com
O1 - Hosts: adwarespy.com
O1 - Hosts: adwarespyware.net
O1 - Hosts: adwarespywareremoval.com
O1 - Hosts: adwaresquash.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149635936250
O17 - HKLM\System\CCS\Services\Tcpip\..\{F589CB63-A413-49B8-A67A-47F9055B5166}: NameServer = 194.125.2.241 194.125.2.240
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\kasper~1\kasper~1.0\adialhk.dll,"c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: BBGHDWGO - Unknown owner - (no file)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

also why does:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
always pop up,even if i fix it?
and what is O23 - Service: BBGHDWGO - Unknown owner - (no file)
i dunno why the O1s all popped up recently,any idea why?dont usually visit anything that bad on the net.
running my spyware+av scans atm

[jurgenv]

Download the Hoster Here and unzip it to your desktop.
Next, open the Hoster

• Make sure that the "make hosts writable?" button in the upper right corner is checked
  
• Now, click on 'back up Host files'
  
• then click on 'Restore orginal host files'
  
• Finally, close the hoster

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  
• Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  
• Run AVG Anti-Spyware
  
• From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  
• Under "Reports
  
• Select "Automatically generate report after every scan"
  
• Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  
• Instead of Windows loading as normal, a menu should appear
  
• Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

• Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  
• AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  
• If you have any infections you will prompted, then select "Apply all actions"
  
• Next select the "Reports" icon at the top.
  
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.

[XanaTos112]

ok heres my info
when i ran Hoster,it seemed to clear up the problem.ran a HJT scan after it,and it was gone.
ran the other things u said,and did a full scan of my pc with Kaspersky.

heres my AVG LOG,it only really found tracking cookies,and one other adaware thing,the report is really long.

C:\WINDOWS\vgraph.dll -> Adware.Webdir : No action taken.
HKU\S-1-5-21-861567501-688789844-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : No action taken.
:mozilla.10:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\cerodhv2.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\cerodhv2.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

pretty much just repeats a load of tracking cookies with no action taken.the report is huge.the vgraph.dll seems the only important thing

heres my new HJT log,although it seems clean now :

Logfile of HijackThis v1.99.1
Scan saved at 19:51:18, on 01/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Gran Paradiso\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Marko.. n00b\Desktop\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149635936250
O17 - HKLM\System\CCS\Services\Tcpip\..\{F589CB63-A413-49B8-A67A-47F9055B5166}: NameServer = 194.125.2.240 194.125.2.241
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\kasper~1\kasper~1.0\adialhk.dll,"c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: BBGHDWGO - Unknown owner - (no file)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

and a few small Qs i have concerning my HJT log,
why does : R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
always pop up,even if i fix it?

and what is O23 - Service: BBGHDWGO - Unknown owner - (no file)
can i delete it?

any idea why i suddenly got all these O1 hosts things?

[jurgenv]

Quote

any idea why i suddenly got all these O1 hosts things?

Most likely added by malware, so are you sure you've deleted everything with AVG antispyware? Because the lag says 'no action taken'

[XanaTos112]

yeah i posted before i clicked on "recommended action",so they all gotten rid of now.wud u be able to answer the few small Qs i posted @ end of my HJT log,just always been curious bout those 2 things,and cant seem to find much about them online

[jurgenv]

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
  
• Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement".
  
• The page will refresh.
  
• Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
  
• Close any programs you may have running - especially any web browsers.
  
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

O23 - Service: BBGHDWGO - Unknown owner - (no file)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

Quote

and a few small Qs i have concerning my HJT log,
why does : R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
always pop up,even if i fix it?

When do they pop-up? Can you show me a screenshot?

[XanaTos112]

ah thanks for the java help,i was wondering if i cud remove the older java versions,got rid of em all now,shud i keep "java web start" ?

as for R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
say i run HJT,that pops up,i fix it and exit out of HJT.but say if i run it again later,in like a few days(dunno how long before it gets restored),that thing is restored,even though i didnt go into HJT and restore it.a SS will only show that thing not in my HJT scan...can send it if u want it but wont be helpful.

edit : some setting on some other program must be restoring that R0

[jurgenv]

Quote

as for R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
say i run HJT,that pops up,i fix it and exit out of HJT.but say if i run it again later,in like a few days(dunno how long before it gets restored),that thing is restored,even though i didnt go into HJT and restore it.a SS will only show that thing not in my HJT scan...can send it if u want it but wont be helpful.

It doesn't harm... It wouldn't really affect your browser neither system function. So I suggest you let it be.

Quote

ah thanks for the java help,i was wondering if i cud remove the older java versions,got rid of em all now,shud i keep "java web start" ?

Yes, remove that too and after that update.

[XanaTos112]

yea i didnt think it was harmful @ all,just decided to fix it since it didnt seem to point to anything,will leave it from now on.i was actually doing some scans to see what might restore it,turns out winaso registry optimiser was doing it,just in case u were curious also
gonna remove that java web start.thanks for all the help.have a pint on me

[jurgenv]

Ok, after updating Java post a new hijackthis log and please report how everything is working.

[XanaTos112]

everything is working fine,heres a new HJT log but shud be no problems,i know bit about HJT.

Logfile of HijackThis v1.99.1
Scan saved at 21:45:43, on 01/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Gran Paradiso\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Marko.. n00b\Desktop\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149635936250
O17 - HKLM\System\CCS\Services\Tcpip\..\{F589CB63-A413-49B8-A67A-47F9055B5166}: NameServer = 194.125.2.241 194.125.2.240
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\kasper~1\kasper~1.0\adialhk.dll,"c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

if you have any suggestions on things i can fix?will fixing the O9s cause any problems?or the O2 for java?

[jurgenv]

No nothing has to be fixed now, but I have a question, did you disabled eveything in msconfig in the startup tab?

[XanaTos112]

i havent disabled everything,i dont like many things running @ start up,like msn,quicktime,steam,kaspersky etc
i have important things run @ start up like rundll32 amecsa,nvcpl,nwiz etc,they just on HJT ignore list thats why u didnt see em

[jurgenv]

Please enable Kaspersky and clear the white list, because you're hiding things for me and that's not helpful.

[XanaTos112]

no i dont want kaspersky running on startup,my pc wud be too slow(its an old lame piece of junk already).not sure what you mean by the white list?your saying get rid of the things i added to the ignore list?do u want me to post the stuff on my ignore list/new HJT log,but theres nothing bad there

[jurgenv]

Please enable Kaspersky or you'll be asking for problems if you connect to the internet, or install a good and free alternative that doesn't slow down your computer.

Yes please put everything back so that I have a full view of what's going on.

[XanaTos112]

ill take my chances without it my pc security has generally been fine for a few years now.theres a lot of things that id have to restore in HJT,and im 100% positive that they were worth fixing.cheers for all the help though

[jurgenv]

Alright...Just want to help.