Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] can't seem to get rid of it!

Started by dulus , Dec 23 2007 07:38 PM

  • This topic is locked This topic is locked
35 replies to this topic

#16 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 07:30 AM

but your last post said to send as attachment

Yes you are correct. Sorry about that

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\Avvenu\bak\Avvenu_updater.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe
C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#17 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 08:18 PM

okay, did as instructed... here is the log Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Fri 01/04/2008 The current time is: 20:17:07.82 bak folders found ~~~~~~~~~~~ Directory of C:\WINDOWS\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\AVVENU\BAK 10/23/2006 05:08 PM 19,968 Avvenu_updater.exe 1 File(s) 19,968 bytes Directory of C:\PROGRA~1\ITUNES\BAK 10/30/2006 09:36 AM 256,576 iTunesHelper.exe 1 File(s) 256,576 bytes Directory of C:\PROGRA~1\MSNMES~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 07/07/2004 10:46 AM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\PROGRA~1\SUPERA~1\BAK 02/27/2007 11:39 AM 1,310,720 SUPERAntiSpyware.exe 1 File(s) 1,310,720 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 12:56 AM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\BILLPS~1\WINPAT~1\BAK 02/12/2007 09:17 AM 267,840 WinPatrol.exe 1 File(s) 267,840 bytes Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK 11/30/2006 09:49 PM 4,662,776 YAHOOM~1.EXE 1 File(s) 4,662,776 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 19968 Oct 23 2006 "C:\Program Files\Avvenu\Avvenu_updater.exe" 19968 Oct 23 2006 "C:\Program Files\Avvenu\bak\Avvenu_updater.exe" 256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe" 256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Mar 17 2007 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe" 108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe" 98304 Jul 7 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Jul 7 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 5797152 Mar 24 2007 "C:\temp\SUPERAntiSpyware.exe" 1310720 Feb 27 2007 "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" 1310720 Feb 27 2007 "C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 267840 Feb 12 2007 "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" 267840 Feb 12 2007 "C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe" 4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" 4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE" end of report

#18 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 08:27 PM

To finish, run Option 4. Double-click the FindAWF icon once again. Use the following option: Press 4 then Enter to reset domain zones When the program returns to the main menu, use the following option: Press E then Enter to EXIT Post a new HijackThis log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#19 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 08:33 PM

okay, here is my log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:16 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {D5D814A5-5A0B-41CD-87DA-04BA8D317228} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: {026bd7b8-b7b7-3229-c714-4dfb6c55cc0e} - {e0cc55c6-bfd4-417c-9223-7b7b8b7db620} - C:\WINDOWS\system32\urgxfgvn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177207572484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176766356734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - http://www.mathxl.co...ts/DeltaCVX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...988/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs:
O20 - Winlogon Notify: kbdmap - kbdmap.dll (file missing)
O20 - Winlogon Notify: pmnmlii - pmnmlii.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8953 bytes

#20 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 08:43 PM

Lets make sure it's gone.

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#21 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 08:53 PM

okay, here is my combofix log. by the way, it didn't reboot my computer so i guess it came up clean




ComboFix 08-01-04.1 - satisfied customer 2008-01-04 20:47:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.113 [GMT -6:00]
Running from: C:\Documents and Settings\satisfied customer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-03 18:51 . 2001-08-23 06:00 50,620 --a------ C:\WINDOWS\system32\command.com.bak
2008-01-03 18:51 . 2004-07-06 11:59 2,577 --a------ C:\WINDOWS\system32\config.nt.bak
2008-01-03 18:51 . 2001-08-17 19:00 1,688 --a------ C:\WINDOWS\system32\AUTOEXEC.NT
2008-01-03 17:56 . 2008-01-04 18:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-02 18:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-29 10:23 . 2007-12-29 10:23 <DIR> d-------- C:\Documents and Settings\satisfied customer\Application Data\Leadertech
2007-12-27 18:54 . 2007-12-27 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-27 18:36 . 2007-12-27 18:36 <DIR> d-------- C:\Documents and Settings\satisfied customer\Application Data\TomTom
2007-12-25 23:29 . 2007-12-25 23:29 <DIR> d-------- C:\VundoFix Backups
2007-12-25 22:09 . 2008-01-04 18:11 <DIR> d-------- C:\Program Files\Norman
2007-12-25 22:09 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr
2007-12-25 22:09 . 2007-09-06 09:45 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-12-25 11:57 . 2007-12-25 22:06 1,018,682 ---hs---- C:\WINDOWS\system32\atcfiunr.ini
2007-12-23 23:01 . 2007-12-23 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 21:48 . 2007-09-18 00:29 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-22 21:48 . 2007-09-18 00:29 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-12-22 21:48 . 2007-09-18 00:29 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-12-22 21:33 . 2007-12-22 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 21:04 . 2007-12-21 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-20 22:13 . 2008-01-03 17:55 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-20 21:33 . 2008-01-03 17:56 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-19 20:08 . 2007-12-19 21:38 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-17 13:25 . 2007-12-17 13:25 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-12-09 15:13 . 2007-12-09 15:13 <DIR> d-------- C:\Documents and Settings\satisfied customer\Contacts
2007-12-09 09:11 . 2007-12-09 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 02:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-04 02:27 --------- d-----w C:\Program Files\QuickTime
2008-01-04 02:27 --------- d-----w C:\Program Files\iTunes
2008-01-04 02:27 --------- d-----w C:\Program Files\Avvenu
2008-01-03 23:57 --------- d-----w C:\Program Files\PCPitstop
2007-12-28 00:54 --------- d-----w C:\Program Files\Lavasoft
2007-12-28 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-21 12:59 --------- d-----w C:\Program Files\a-squared Free
2007-12-21 03:33 --------- d-----w C:\Documents and Settings\satisfied customer\Application Data\Lavasoft
2007-12-20 02:04 --------- d-----w C:\Documents and Settings\amber\Application Data\SUPERAntiSpyware.com
2007-12-17 19:25 --------- d-----w C:\Program Files\Labtec
2007-12-09 20:16 --------- d-----w C:\Program Files\epson
2007-12-09 20:16 --------- d-----w C:\Program Files\Common Files\Labtec
2007-12-09 20:13 --------- d-----w C:\Program Files\Viewpoint
2007-12-09 20:13 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-09 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-09 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 20:10 --------- d-----w C:\Program Files\Smart Panel
2007-11-30 23:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:21 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-30 23:21 --------- d-----w C:\Program Files\Real
2007-11-30 23:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-24 00:52 --------- d-----w C:\Program Files\TomTom HOME 2
2007-11-24 00:50 --------- d-----w C:\Documents and Settings\amber\Application Data\TomTom
2007-11-24 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-24 00:48 --------- d-----w C:\Documents and Settings\amber\Application Data\InstallShield
2007-11-24 00:47 --------- d-----w C:\Program Files\TomTom DesktopSuite
2007-11-16 01:14 --------- d-----w C:\Program Files\Yahoo!
2007-11-16 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-16 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-15 05:34 --------- d-----w C:\Documents and Settings\amber\Application Data\HP
2007-11-15 05:22 --------- d-----w C:\Program Files\HP
2007-11-15 05:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-15 05:22 --------- d-----w C:\Program Files\Common Files\HP
2007-11-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-15 05:20 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-15 04:05 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_19.04.45.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 01:00:00 50,620 ----a-w C:\WINDOWS\system32\COMMAND.COM
- 2008-01-03 01:00:56 53,608 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-03 01:03:27 53,608 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-03 01:00:56 383,254 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-03 01:03:27 383,254 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 19,968 2006-10-23 23:08:50 C:\Program Files\Avvenu\bak\Avvenu_updater.exe
----a-w 19,968 2006-10-23 23:08:50 C:\Program Files\Avvenu\Avvenu_updater.exe

----a-w 267,840 2007-02-12 15:17:02 C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe
----a-w 267,840 2007-02-12 15:17:02 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 98,304 2004-07-07 16:46:09 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 98,304 2004-07-07 16:46:09 C:\Program Files\QuickTime\qttask.exe

----a-w 1,310,720 2007-02-27 17:39:26 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
----a-w 1,310,720 2007-02-27 17:39:26 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 15,360 2004-08-04 06:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 06:56:50 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5D814A5-5A0B-41CD-87DA-04BA8D317228}]
C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0cc55c6-bfd4-417c-9223-7b7b8b7db620}]
C:\WINDOWS\system32\urgxfgvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-23 10:50 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 01:19 49152]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdmap]
kbdmap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlii]
pmnmlii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^amber^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=C:\Documents and Settings\amber\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=C:\WINDOWS\pss\Epson all-in-one Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^amber^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\amber\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 EPSON Stylus CX4600 Series /O6 USB002 /M Stylus CX4600

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 22:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2004-08-27 15:18]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-05-20 16:35]
R2 CX23880;MSI 8606 Video Capture;C:\WINDOWS\system32\drivers\CX88Vid.SYS [2005-12-26 21:57]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2005-12-26 21:57]
R2 CXTUNE;MSI 8606 Tuner;C:\WINDOWS\system32\drivers\CX88Tune.SYS [2005-12-26 21:57]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-08-07 11:39]
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [2007-09-18 11:01]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-04-14 18:58]
R3 MdpPortVDD;MdpPortVDD;C:\WINDOWS\System32\Drivers\MDP_VDD.SYS [2002-02-08 01:24]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-04-14 18:58]
S3 MPCSYS;MPCSYS;C:\WINDOWS\System32\DRIVERS\mpcsys.sys [2006-05-10 16:48]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-04-08 10:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{add196b7-9315-11dc-b103-000d616ea853}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Webcam Enhance V2.1]
C:\WINDOWS\runtfs32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 02:15:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-22 03:06:53 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 20:49:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-04 20:50:14
ComboFix-quarantined-files.txt 2008-01-05 02:50:10
ComboFix2.txt 2008-01-03 01:05:20

Edited by dulus, 04 January 2008 - 08:54 PM.

#22 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 08:55 PM

here is my hjt log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:50 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {D5D814A5-5A0B-41CD-87DA-04BA8D317228} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: {026bd7b8-b7b7-3229-c714-4dfb6c55cc0e} - {e0cc55c6-bfd4-417c-9223-7b7b8b7db620} - C:\WINDOWS\system32\urgxfgvn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177207572484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176766356734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - http://www.mathxl.co...ts/DeltaCVX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...988/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs:
O20 - Winlogon Notify: kbdmap - kbdmap.dll (file missing)
O20 - Winlogon Notify: pmnmlii - pmnmlii.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8986 bytes

#23 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:15 PM

run find AWF & choose option 4 again please and use this to paste in the fix

"C:\Program Files\Avvenu\bak\Avvenu_updater.exe"
"C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
"C:\WINDOWS\system32\bak\ctfmon.exe"



Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\atcfiunr.ini
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\urgxfgvn.dll
C:\WINDOWS\system32\kbdmap.dll
C:\WINDOWS\system32\pmnmlii.dll

Folder::
C:\VundoFix Backups
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5D814A5-5A0B-41CD-87DA-04BA8D317228}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0cc55c6-bfd4-417c-9223-7b7b8b7db620}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdmap]
[KEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlii]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#24 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 09:27 PM

option 4 is the "reset domain zones option". did you mean 2 or 3????

#25 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:33 PM

Option 3

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#26 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 09:44 PM

awf log: Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Fri 01/04/2008 The current time is: 21:42:03.09 bak folders found ~~~~~~~~~~~ Directory of C:\WINDOWS\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\AVVENU\BAK 10/23/2006 05:08 PM 19,968 Avvenu_updater.exe 1 File(s) 19,968 bytes Directory of C:\PROGRA~1\ITUNES\BAK 10/30/2006 09:36 AM 256,576 iTunesHelper.exe 1 File(s) 256,576 bytes Directory of C:\PROGRA~1\MSNMES~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 07/07/2004 10:46 AM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\PROGRA~1\SUPERA~1\BAK 02/27/2007 11:39 AM 1,310,720 SUPERAntiSpyware.exe 1 File(s) 1,310,720 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 12:56 AM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\BILLPS~1\WINPAT~1\BAK 02/12/2007 09:17 AM 267,840 WinPatrol.exe 1 File(s) 267,840 bytes Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK 11/30/2006 09:49 PM 4,662,776 YAHOOM~1.EXE 1 File(s) 4,662,776 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 19968 Oct 23 2006 "C:\Program Files\Avvenu\Avvenu_updater.exe" 19968 Oct 23 2006 "C:\Program Files\Avvenu\bak\Avvenu_updater.exe" 256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe" 256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Mar 17 2007 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe" 108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe" 98304 Jul 7 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Jul 7 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 5797152 Mar 24 2007 "C:\temp\SUPERAntiSpyware.exe" 1310720 Feb 27 2007 "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" 1310720 Feb 27 2007 "C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 267840 Feb 12 2007 "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" 267840 Feb 12 2007 "C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe" 4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" 4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE" end of report

#27 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:46 PM

Run the combofix please :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#28 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 09:53 PM

here's combofix's log

ComboFix 08-01-04.1 - satisfied customer 2008-01-04 21:46:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -6:00]
Running from: C:\Documents and Settings\satisfied customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\satisfied customer\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\atcfiunr.ini
C:\WINDOWS\system32\kbdmap.dll
C:\WINDOWS\system32\pmnmlii.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\urgxfgvn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\0D1DFEA95445055F106B97A3E1A9ED3587B353FD.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1370BA437EF5D05D058A24D054D8F5229852A4F4.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\25E530C0266043F06DDBF19083992C55D506A67D.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\552D2A66059C7009AF463B0B4E21D126E8F71E8D.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\5D77D966848120E827ECF25D743E9AEA6B68CC1D.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\5EF86C9EF2B49B00BBD097D27CCD2A19FBFD899C.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\cache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\contents\Exec.exe
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\contents\options.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\contents\updates.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\prompt.mtj
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\update.mtj
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vmgrconfig-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vmgrconfig.mtz
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Manager\NotifyData\header.gif
C:\Program Files\Viewpoint\Viewpoint Manager\NotifyData\no.gif
C:\Program Files\Viewpoint\Viewpoint Manager\NotifyData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\NotifyData\updates.html
C:\Program Files\Viewpoint\Viewpoint Manager\NotifyData\yes.gif
C:\Program Files\Viewpoint\Viewpoint Manager\Read_Me.txt
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\WINDOWS\system32\atcfiunr.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 21:46 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 18:51 . 2001-08-23 06:00 50,620 --a------ C:\WINDOWS\system32\command.com.bak
2008-01-03 18:51 . 2004-07-06 11:59 2,577 --a------ C:\WINDOWS\system32\config.nt.bak
2008-01-03 18:51 . 2001-08-17 19:00 1,688 --a------ C:\WINDOWS\system32\AUTOEXEC.NT
2008-01-03 17:56 . 2008-01-04 18:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-29 10:23 . 2007-12-29 10:23 <DIR> d-------- C:\Documents and Settings\satisfied customer\Application Data\Leadertech
2007-12-27 18:54 . 2007-12-27 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-27 18:36 . 2007-12-27 18:36 <DIR> d-------- C:\Documents and Settings\satisfied customer\Application Data\TomTom
2007-12-25 22:09 . 2008-01-04 18:11 <DIR> d-------- C:\Program Files\Norman
2007-12-25 22:09 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr
2007-12-25 22:09 . 2007-09-06 09:45 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-12-23 23:01 . 2007-12-23 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 21:48 . 2007-09-18 00:29 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-22 21:48 . 2007-09-18 00:29 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-12-22 21:48 . 2007-09-18 00:29 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-12-22 21:33 . 2007-12-22 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 21:04 . 2007-12-21 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-20 22:13 . 2008-01-03 17:55 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-20 21:33 . 2008-01-03 17:56 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-19 20:08 . 2007-12-19 21:38 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-17 13:25 . 2007-12-17 13:25 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-12-09 15:13 . 2007-12-09 15:13 <DIR> d-------- C:\Documents and Settings\satisfied customer\Contacts
2007-12-09 09:11 . 2007-12-09 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 02:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-04 02:27 --------- d-----w C:\Program Files\QuickTime
2008-01-04 02:27 --------- d-----w C:\Program Files\iTunes
2008-01-04 02:27 --------- d-----w C:\Program Files\Avvenu
2008-01-03 23:57 --------- d-----w C:\Program Files\PCPitstop
2007-12-28 00:54 --------- d-----w C:\Program Files\Lavasoft
2007-12-28 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-21 12:59 --------- d-----w C:\Program Files\a-squared Free
2007-12-21 03:33 --------- d-----w C:\Documents and Settings\satisfied customer\Application Data\Lavasoft
2007-12-20 02:04 --------- d-----w C:\Documents and Settings\amber\Application Data\SUPERAntiSpyware.com
2007-12-17 19:25 --------- d-----w C:\Program Files\Labtec
2007-12-09 20:16 --------- d-----w C:\Program Files\epson
2007-12-09 20:16 --------- d-----w C:\Program Files\Common Files\Labtec
2007-12-09 20:13 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-09 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 20:10 --------- d-----w C:\Program Files\Smart Panel
2007-11-30 23:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:21 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-30 23:21 --------- d-----w C:\Program Files\Real
2007-11-30 23:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-24 00:52 --------- d-----w C:\Program Files\TomTom HOME 2
2007-11-24 00:50 --------- d-----w C:\Documents and Settings\amber\Application Data\TomTom
2007-11-24 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-24 00:48 --------- d-----w C:\Documents and Settings\amber\Application Data\InstallShield
2007-11-24 00:47 --------- d-----w C:\Program Files\TomTom DesktopSuite
2007-11-16 01:14 --------- d-----w C:\Program Files\Yahoo!
2007-11-16 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-16 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-15 05:34 --------- d-----w C:\Documents and Settings\amber\Application Data\HP
2007-11-15 05:22 --------- d-----w C:\Program Files\HP
2007-11-15 05:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-15 05:22 --------- d-----w C:\Program Files\Common Files\HP
2007-11-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-15 05:20 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-15 04:05 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 19,968 2006-10-23 23:08:50 C:\Program Files\Avvenu\bak\Avvenu_updater.exe
----a-w 19,968 2006-10-23 23:08:50 C:\Program Files\Avvenu\Avvenu_updater.exe

----a-w 267,840 2007-02-12 15:17:02 C:\Program Files\BillP Studios\WinPatrol\bak\WinPatrol.exe
----a-w 267,840 2007-02-12 15:17:02 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 98,304 2004-07-07 16:46:09 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 98,304 2004-07-07 16:46:09 C:\Program Files\QuickTime\qttask.exe

----a-w 1,310,720 2007-02-27 17:39:26 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
----a-w 1,310,720 2007-02-27 17:39:26 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 15,360 2004-08-04 06:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 06:56:50 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-23 10:50 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 01:19 49152]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlii]
pmnmlii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^amber^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=C:\Documents and Settings\amber\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=C:\WINDOWS\pss\Epson all-in-one Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^amber^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\amber\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 EPSON Stylus CX4600 Series /O6 USB002 /M Stylus CX4600

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2004-08-27 15:18]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-05-20 16:35]
R2 CX23880;MSI 8606 Video Capture;C:\WINDOWS\system32\drivers\CX88Vid.SYS [2005-12-26 21:57]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2005-12-26 21:57]
R2 CXTUNE;MSI 8606 Tuner;C:\WINDOWS\system32\drivers\CX88Tune.SYS [2005-12-26 21:57]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-08-07 11:39]
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [2007-09-18 11:01]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-04-14 18:58]
R3 MdpPortVDD;MdpPortVDD;C:\WINDOWS\System32\Drivers\MDP_VDD.SYS [2002-02-08 01:24]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-04-14 18:58]
S3 MPCSYS;MPCSYS;C:\WINDOWS\System32\DRIVERS\mpcsys.sys [2006-05-10 16:48]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-04-08 10:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{add196b7-9315-11dc-b103-000d616ea853}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Webcam Enhance V2.1]
C:\WINDOWS\runtfs32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 03:15:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-05 03:05:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 21:49:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 21:49:55
ComboFix-quarantined-files.txt 2008-01-05 03:49:52

#29 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 09:54 PM

and my hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:04 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177207572484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176766356734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - http://www.mathxl.co...ts/DeltaCVX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...988/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs:
O20 - Winlogon Notify: pmnmlii - pmnmlii.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8677 bytes

#30 dulus

dulus

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 January 2008 - 09:56 PM

took a few minutes to get them all done btw, thank you for hangin out here on a fri. night !!!!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·