Here's my HijackThis Log... I have / had the trojan.byteverify virus... thanks for all the help guys keep up the good work... tell me what to clean up.. thx PS i have already tried spybot AND adaware -------------------- Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\System32\Ati2evxx.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINXP\system32\spoolsv.exe C:\WINXP\System32\drivers\CDAC11BA.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe E:\Norton AntiVirus\navapsvc.exe E:\Norton AntiVirus\AdvTools\NPROTECT.exe E:\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINXP\System32\MsPMSPSv.exe C:\WINXP\Explorer.exe C:\Program Files\Common Files\Stardock\TrayServer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe F:\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe C:\WINXP\System32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINXP\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe F:\Firebird\MozillaFirebird\MozillaFirebird.exe C:\hijackthis\HijackThis.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Bob\Start Menu\Programs\Startup] PowerReg Scheduler.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup] Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* --------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINXP\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 1A:Stardock TrayMonitor = "C:\Program Files\Common Files\Stardock\TrayServer.exe" svced = C:\WINXP\System32\svced.exe TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" Advanced Tools Check = E:\NORTON~2\AdvTools\ADVCHK.exe AS00_Netgear = F:\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide DeadAIM = rundll32.exe "D:\AIM95\\DeadAIM.ocm",ExportedCheckODLs nForce Tray Options = sstray.exe /r ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe MSConfig = C:\WINXP\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Tweak-XP = TransTask = TransparentIcons = ctfmon.exe = C:\WINXP\System32\ctfmon.exe msnmsgr = "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background AIM = D:\AIM95\aim.exe -cnetwait.odl (Default) = ATI Launchpad = "C:\Program Files\ATI Multimedia\main\launchpd.exe" STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide BlockAds = --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S --------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINXP\System32\mshta.exe "%1" %* --------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINXP\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINXP\System32\Rundll32.exe C:\WINXP\System32\mscories.dll,Install --------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* --------------------- Load/Run keys from C:\WINXP\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= --------------------- Shell & screensaver key from C:\WINXP\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* --------------------- Checking for EXPLORER.exe instances: C:\WINXP\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINXP\Explorer\Explorer.exe: not present C:\WINXP\System\Explorer.exe: not present C:\WINXP\System32\Explorer.exe: not present C:\WINXP\Command\Explorer.exe: not present C:\WINXP\Fonts\Explorer.exe: not present --------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden --------------------- Verifying REGEDIT.exe integrity: - Regedit.exe found in C:\WINXP - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed --------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Kontiki\bin\bh309190.dll - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} (no name) - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Ipswitch.WsftpBrowserHelper - C:\Program Files\WS_FTP Pro\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B} NAV Helper - E:\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} --------------------- Enumerating Task Scheduler jobs: Symantec NetDetect.job Norton AntiVirus - Scan my computer.job --------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINXP\Java\classes\dajava.cab OSD = C:\WINXP\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINXP\Java\classes\xmldso.cab OSD = C:\WINXP\Downloaded Program Files\Microsoft XML Parser for Java.osd [Checkers Class] InProcServer32 = C:\WINXP\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab [Microsoft Office Template and Media Control] InProcServer32 = E:\MICROS~1\OFFICE11\IEAWSDC.DLL CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [Video Class] InProcServer32 = C:\WINXP\Downloaded Program Files\videox.dll CODEBASE = http://streamp.babenet.com/cabs/videox.cab [Minesweeper Flags Class] InProcServer32 = C:\WINXP\Downloaded Program Files\minesweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Office Update Installation Engine] InProcServer32 = C:\WINXP\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab [FileSharingCtrl Class] InProcServer32 = C:\WINXP\Downloaded Program Files\fsmsngr-en.dll CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab [Java Plug-in 1.4.1_01] InProcServer32 = C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINXP\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab [InstallShield International Setup Player] InProcServer32 = c:\winxp\downlo~1\isetup.dll CODEBASE = http://www.installengine.com/engine/isetup.cab [Update Class] InProcServer32 = C:\WINXP\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.6615393519 [Java Plug-in 1.4.1_01] InProcServer32 = C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab [Java Plug-in 1.4.1_03] InProcServer32 = C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab [Java Plug-in 1.4.2] InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2_01] InProcServer32 = C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINXP\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [ddm_download.ddm_control] InProcServer32 = C:\WINXP\Downloaded Program Files\TEST.OCX CODEBASE = http://216.65.38.226/crack.CAB [MSN Chat Control 4.5] InProcServer32 = C:\WINXP\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab --------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINXP\System32\mswsock.dll NameSpace #2: C:\WINXP\System32\winrnr.dll NameSpace #3: C:\WINXP\System32\mswsock.dll Protocol #1: C:\WINXP\system32\mswsock.dll Protocol #2: C:\WINXP\system32\mswsock.dll Protocol #3: C:\WINXP\system32\mswsock.dll Protocol #4: C:\WINXP\system32\rsvpsp.dll Protocol #5: C:\WINXP\system32\rsvpsp.dll Protocol #6: C:\WINXP\system32\mswsock.dll Protocol #7: C:\WINXP\system32\mswsock.dll Protocol #8: C:\WINXP\system32\mswsock.dll Protocol #9: C:\WINXP\system32\mswsock.dll Protocol #10: C:\WINXP\system32\mswsock.dll Protocol #11: C:\WINXP\system32\mswsock.dll Protocol #12: C:\WINXP\system32\mswsock.dll Protocol #13: C:\WINXP\system32\mswsock.dll Protocol #14: C:\WINXP\system32\mswsock.dll Protocol #15: C:\WINXP\system32\mswsock.dll Protocol #16: C:\WINXP\system32\mswsock.dll Protocol #17: C:\WINXP\system32\mswsock.dll Protocol #18: C:\WINXP\system32\mswsock.dll Protocol #19: C:\WINXP\system32\mswsock.dll --------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (disabled) AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) 1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ATI Smart: C:\WINXP\system32\ati2sgag.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) AWINDIS5 Protocol Driver: \??\C:\WINXP\System32\AWINDIS5.SYS (manual start) Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) C-DillaCdaC11BA: C:\WINXP\System32\drivers\CDAC11BA.exe (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart) Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start) Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart) CdaC15BA: \??\C:\WINXP\System32\drivers\CDAC15BA.SYS (autostart) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (disabled) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) COM+ System Application: C:\WINXP\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Ezonics Ezcam II: System32\DRIVERS\Usbcone.sys (manual start) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Disk Driver: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) 3Com 3C90X-BC Family PCI EtherLink Adapter: System32\DRIVERS\el90Xbc5.SYS (manual start) ENTECH: \??\C:\WINXP\System32\DRIVERS\ENTECH.SYS (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Event Log: %SystemRoot%\system32\services.exe (disabled) COM+ Event System: C:\WINXP\System32\svchost.exe -k netsvcs (manual start) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start) Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start) Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start) Microsoft SideWinder Value Add - Filter Driver: System32\DRIVERS\GcKernel.sys (manual start) Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start) HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Hid to Joystick Port Enabler: System32\DRIVERS\hidgame.sys (manual start) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft SideWinder Virtual HID Device Mini-Driver: System32\DRIVERS\HIDSwvd.sys (manual start) Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: system32\drivers\Imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINXP\System32\Imapi.exe (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC driver: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system) Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) mbmiodrvr: \??\C:\WINXP\System32\mbmiodrvr.sys (system) Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NetMeeting Remote Desktop Sharing: C:\WINXP\System32\mnmsrvc.exe (disabled) Mouse Class Driver: System32\DRIVERS\mouclass.sys (system) Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINXP\System32\msdtc.exe (disabled) Windows installer: C:\WINXP\System32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Norton AntiVirus Auto Protect Service: "E:\Norton AntiVirus\navapsvc.exe" (autostart) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20031126.007\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20031126.007\NavEx15.Sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) NETGEAR WG311 Wireless PCI Adapter Service: System32\DRIVERS\wg311nd5.sys (manual start) Net Logon: %SystemRoot%\System32\lsass.exe (disabled) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINXP\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: E:\Norton AntiVirus\AdvTools\NPROTECT.exe (autostart) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (disabled) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nvatabus: System32\DRIVERS\nvatabus.sys (system) Service for NVIDIA(R) nForce(TM) Audio Enumerator: system32\drivers\nvax.sys (manual start) NVIDIA nForce MCP Networking Controller Driver: System32\DRIVERS\NVENET.sys (manual start) nvidesm: system32\drivers\nvidesm.sys (system) Service for NVIDIA(R) nForce(TM) Audio: system32\drivers\nvapu.sys (manual start) NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe (manual start) papycpu2: \SystemRoot\System32\DRIVERS\papycpu2.sys (system) papyjoy: \SystemRoot\System32\DRIVERS\papyjoy.sys (system) Parallel port driver: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (disabled) IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Remote Desktop Help Session Manager: C:\WINXP\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SAVRT: \??\E:\Norton AntiVirus\SAVRT.SYS (system) SAVRTPEL: \??\E:\Norton AntiVirus\SAVRTPEL.SYS (system) SAVScan: E:\Norton AntiVirus\SAVScan.exe (autostart) SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system) ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (disabled) Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Serial port driver: System32\DRIVERS\serial.sys (system) Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) sojubus: System32\DRIVERS\sojubus.sys (system) sojuscsi: System32\DRIVERS\sojuscsi.sys (system) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Filter Driver: System32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) StyleXPHelper: \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (system) StyleXPService: "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (autostart) SVKP: \??\C:\WINXP\System32\SVKP.sys (autostart) Software Bus Driver: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINXP\System32\dllhost.exe /Processid:{7C653204-D4EA-42F2-A59F-522140022C60} (disabled) Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) symlcbrd: \??\C:\WINXP\System32\drivers\symlcbrd.sys (autostart) SYMREDRV: \??\C:\WINXP\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \??\C:\WINXP\System32\Drivers\SYMTDI.SYS (autostart) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system) Terminal Device Driver: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) ultra: System32\DRIVERS\ultra.sys (system) Microcode Update Driver: System32\DRIVERS\update.sys (manual start) Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start) USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Vsapint: System32\drivers\Vsapint.sys (autostart) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (disabled) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (disabled) WMDM PMSP Service: C:\WINXP\System32\MsPMSPSv.exe (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) WMI Performance Adapter: C:\WINXP\System32\wbem\wmiapsrv.exe (disabled) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (disabled) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Hello Brice, Download this excellent program called Trojan Remover, this is a full updated freeware for one month, read carefully how to use it and perform the two scans embaded into this program. Trojan Remover: http://www.simplysup.com/tremover/details.html

You will also want to run WindowsUpdate to in order to get the latest free security patches from Microsoft. Byteverify exploits a security hole that was patched back in April!... for details see this Symantec/Norton page.

Thanks IMp i will do that right away. gmoney - I tried running windows update yesterday (from IE) and it gave me an error which prevented me from getting the updates. There is nothing to clean with HiJackThis? Thanks for the help guys

brice_p, what kind of error did you get while trying to run Windows Update? Do you think it's related to the spyware? Although it's a little more trouble, if you can't get Windows Update to work you can alway install updates manually... for byteverify, see Microsoft's MS03-011 Support page - about halfway down, under "I’m a network administrator..." it gives instructions.

It is not related to spyware - it has something to do with the windowsupdate files not downloading correctly or something. However, my first priority is to restore my computer. when i click on "my computer" my system freezes and explorer crashes. after a few minutes, the taskbar reappears and it is as if nothing happened. i think this is because something is wrong with one of my drives, but i cant pinpoint what. i cannot use any audio devices (wont work) and i cannot install systemworks 2003 because it gives me an error that is most probably related to a file that the virus changed. so what can i do? any recommendations are appreciated thanks