Could someone help me? everytime i log on Norton Blocks alot of viruses e.g Trojans and Spyware for some reason. also im infected with the Win32 MyzorFk@fy that Norton couldnt block. (i get this trouble shooting icons two of them and it sends me to scamming spyware removal sites).
this is my HJT file:
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\Admin\LOCALS~1\Temp\upxdnd.exe
O4 - HKLM\..\Run: [nwizwows] C:\WINDOWS\system32\nwizwows.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Policies\Explorer\Run: [Userinit] rundll32.exe C:\WINDOWS\system32\winsys16_070510.dll start
O4 - HKLM\..\Policies\Explorer\Run: [main] rundll32.exe "C:\program files\internet explorer\use32.dll" mymain
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Security Tools\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [9b36em19t7r276w] C:\WINDOWS\TEMP\1explore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [9b36em19t7r276w] C:\WINDOWS\TEMP\1explore.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://66ad.32666.com
O15 - Trusted Zone: Ã÷ýÌå¹ã¸æÃø
O15 - Trusted Zone: http://cfad.32666.com
O15 - Trusted Zone: ÈçºÎ³É¹¦? ³É¹¦×ÉѶ 32666.com
O15 - Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - Trusted Zone: http://www1.ycdy.com
O15 - ESC Trusted Zone: http://66ad.32666.com
O15 - ESC Trusted Zone: Ã÷ýÌå¹ã¸æÃø
O15 - ESC Trusted Zone: http://cfad.32666.com
O15 - ESC Trusted Zone: ÈçºÎ³É¹¦? ³É¹¦×ÉѶ 32666.com
O15 - ESC Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - ESC Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - ESC Trusted Zone: http://www1.ycdy.com
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30914E1-078A-4AE8-B572-9FE339701D58}: NameServer = 203.12.160.35 203.12.160.35
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - C:\WINDOWS\system32\antzozc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7572 bytes
Any Removal Instructions?
this is my HJT file:
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\Admin\LOCALS~1\Temp\upxdnd.exe
O4 - HKLM\..\Run: [nwizwows] C:\WINDOWS\system32\nwizwows.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Policies\Explorer\Run: [Userinit] rundll32.exe C:\WINDOWS\system32\winsys16_070510.dll start
O4 - HKLM\..\Policies\Explorer\Run: [main] rundll32.exe "C:\program files\internet explorer\use32.dll" mymain
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Security Tools\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [9b36em19t7r276w] C:\WINDOWS\TEMP\1explore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [9b36em19t7r276w] C:\WINDOWS\TEMP\1explore.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://66ad.32666.com
O15 - Trusted Zone: Ã÷ýÌå¹ã¸æÃø
O15 - Trusted Zone: http://cfad.32666.com
O15 - Trusted Zone: ÈçºÎ³É¹¦? ³É¹¦×ÉѶ 32666.com
O15 - Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - Trusted Zone: http://www1.ycdy.com
O15 - ESC Trusted Zone: http://66ad.32666.com
O15 - ESC Trusted Zone: Ã÷ýÌå¹ã¸æÃø
O15 - ESC Trusted Zone: http://cfad.32666.com
O15 - ESC Trusted Zone: ÈçºÎ³É¹¦? ³É¹¦×ÉѶ 32666.com
O15 - ESC Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - ESC Trusted Zone: Ãâ·ÑµçÓ° WWW.YCDY.COM ÃÃÀà ÓéÀÖ Ã¡µçÓ° ÃøÓÑ×ÔÅÄ
O15 - ESC Trusted Zone: http://www1.ycdy.com
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30914E1-078A-4AE8-B572-9FE339701D58}: NameServer = 203.12.160.35 203.12.160.35
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - C:\WINDOWS\system32\antzozc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7572 bytes
Any Removal Instructions?