Re: HJT LOG - PC sends out massive random emails, locks up!

Author	All Replies
bcastner Premium,VIP,MVM join:2002-09-25 Chevy Chase, MD clubs: ·Verizon Online DSL 1 edit	reply to fjr1966 Re: HJT LOG - PC sends out massive random emails, locks up! First Steps :!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult. Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies. • Double-click ATF-Cleaner.exe to run the program. First Step: • Under Main choose: Select All • Click the Empty Selected button. *Next, if you use Firefox (and some* Mozilla-based browsers) • Click Firefox at the top and choose: Select All • Click the Empty Selected button. Next, if you use the Opera browser • Click Opera at the top and choose: Select All • Click the Empty Selected button. :!: Click Exit on the Main menu to close the program. Reconfigure Windows XP to show hidden files:** To enable the viewing of Hidden files follow these steps: • Close all programs so that you are at your desktop. • Double-click on the My Computer icon. • Select the Tools menu and click Folder Options. • After the new window appears select the View tab. • Put a checkmark in the checkbox labeled Display the contents of system folders. • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. • Remove the checkmark from the checkbox labeled Hide file extensions for known file types. • Remove the checkmark from the checkbox labeled Hide protected operating system files. • Press the Apply button and then the OK button and exit My Computer. • Now your computer is configured to show all hidden files. Malware Removal Steps 1. Open HijackThis again, System scan only. Checkmark these items: F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {7F38CA7E-C0E2-4638-BE3A-E9CD85DD1121} - c:\windows\system32\dswavec.dll O2 - BHO: (no name) - {B1C8DEA1-A3AA-4549-B165-9856CFD00111} - C:\WINDOWS\System32\cfgmgr32f.dll O20 - Winlogon Notify: qzvntkva - C:\WINDOWS\SYSTEM32\dswavec.dll O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/FRANK/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg Click "Fix checked" and when the log panel clears exit HijackThis. 2. Download and Run -- ComboFix© Download this file -- to your Desktop -- from any of these sources: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe • Disconnect from the Internet. • Disable your Antivirus software -- this includes any Script Blocking Feature it may have. Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. • A window will open with a warning. Accept any disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes. A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. 3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html http://www.besttechie.net/tools/mbam-setup.exe Once downloaded, close all programs and Windows on your computer (including this one.) Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. 4. Run HijackThis again, and save the log file. *Submit to the Forum:* • The contents of C:\Combofix.txt; • The MBAM log; • The reason Service Pack 2 is not installed; • The new HijackThis log. -- ============ MS-MVP 2004 - -2008, ASAP Member *Users Helping Users*
	to forum · permalink · · 2008-04-24 19:12:46 ·
fjr1966 join:2008-04-24 Dublin, OH	Thank you for the reply. All steps as requested, in order, completed successfully. Logs requested below. SP2 not installed due to overwhelming difficulties with SP2 installation some time ago. COMBO LOG ComboFix 08-04-22.5 - FRANK 2008-04-25 0:05:52.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.193 [GMT -4:00] Running from: C:\Documents and Settings\FRANK\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\Common Files\icroso~1.net C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0000 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0001 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0002 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0003 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0004 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0005 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0006 C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0007 C:\WINDOWS\system32\azip32.dll C:\WINDOWS\system32\drivers\grande48.sys C:\WINDOWS\system32\drivers\RKWR64.sys C:\WINDOWS\System32\dswavec.dll C:\WINDOWS\system32\dzgtactx.dll C:\WINDOWS\system32\FTPx.dll C:\WINDOWS\system32\MabryObj.dll C:\WINDOWS\Tasks.\At1.job ----- BITS: Possible infected sites ----- hxxp://thenetworkcom.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CYHNTPNZ -------\Legacy_EXAMPLE -------\Legacy_EXAMPLE1 -------\Legacy_RKWR64 -------\Legacy_RUNTIME -------\Service_cyhntpnz -------\Service_EXAMPLE1 -------\Service_Rkwr64 -------\Service_RKWR64 ((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))) . 2008-04-24 16:06 . 2008-04-24 16:10 d-------- C:\Program Files\Spyware Doctor 2008-04-24 16:06 . 2008-04-24 16:06 d-------- C:\Documents and Settings\FRANK\Application Data\PC Tools 2008-04-24 16:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-04-24 16:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-04-24 16:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-04-24 16:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-04-24 14:49 . 2008-04-24 15:55 d-------- C:\Program Files\EsetOnlineScanner 2008-04-24 08:07 . 2008-04-24 08:07 174 --a------ C:\WINDOWS\wininit.ini 2008-04-24 07:28 . 2008-04-24 07:28 d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-24 06:53 . 2008-04-24 06:53 d-------- C:\Program Files\SymNetDrv 2008-04-24 06:52 . 2005-07-29 09:56 124,168 --a------ C:\WINDOWS\system32\SymStore.dll 2008-04-24 06:49 . 2008-04-24 06:50 d-------- C:\Program Files\Norton AntiVirus 2008-04-24 06:49 . 2008-04-24 06:49 d-------- C:\Documents and Settings\FRANK\Application Data\Symantec 2008-04-24 06:49 . 2002-02-26 10:40 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386 2008-04-24 06:49 . 2002-02-26 10:40 58,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-24 06:49 . 2002-02-26 10:40 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-24 06:12 . 2008-04-24 06:12 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-24 06:08 . 2008-04-24 06:53 d-------- C:\Program Files\Symantec 2008-04-24 06:08 . 2008-04-24 06:55 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-24 06:08 . 2008-04-24 06:50 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-24 05:25 . 2002-02-26 10:40 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL 2008-04-24 04:45 . 2008-04-25 00:12 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-24 03:33 . 2002-12-11 15:16 88,064 --a------ C:\WINDOWS\system32\asferrorq.dll 2008-04-24 03:28 . 2008-04-24 03:28 29 --a------ C:\WINDOWS\system32\syfowhie.tmp 2008-04-24 03:27 . 2003-03-31 08:00 88,064 --a------ C:\WINDOWS\system32\cfgmgr32f.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-24 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-24 08:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-23 17:15 --------- d-----w C:\Documents and Settings\FRANK\Application Data\uTorrent 2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe 2007-09-28 18:40 57,760 ----a-w C:\Documents and Settings\FRANK\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08 1511453] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 03:11 16384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 13:50 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04 46080] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04 3309568] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 12:39 98304] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152] "SoundMan"="SOUNDMAN.EXE" [2003-05-14 01:20 55296 C:\WINDOWS\SOUNDMAN.EXE] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 17:59 374688] "NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2002-02-27 11:27 75384] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-24 06:53 95960] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JPGL"= jpgl.dll "vidc.xvid"= xvid.dll "VIDC.I263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7il] C:\WINDOWS\system32\7il.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoProp] --------- 2001-07-16 07:50 36864 C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] --------- 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool] C:\WINDOWS\9129837.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --------- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 23:57] R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\System32\DRIVERS\p35u.sys [2001-09-24 12:42] . Contents of the 'Scheduled Tasks' folder "2008-04-24 10:50:56 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2008-04-25 00:12:24 Windows 5.1.2600 Service Pack 1 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Norton AntiVirus\Navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE . ********************************************************************** . Completion time: 2008-04-25 0:18:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-25 04:18:45 Pre-Run: 65,896,796,160 bytes free Post-Run: 66,456,514,560 bytes free 161 MBAM LOG Malwarebytes' Anti-Malware 1.11 Database version: 679 Scan type: Quick Scan Objects scanned: 35883 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\whInstall\license.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\whInstall\readme.txt (Adware.WebHancer) -> Quarantined and deleted successfully. HIJACKTHIS LOG** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:47:10 AM, on 4/25/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\locator.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - »supportcenter.rr.com/sdccommon/d···tlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - »www.winkflash.com/photo/loaders/SAXFile.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - »software-dl.real.com/172a026fd0a···E601.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - »www.aebn.net/ws/DownloadCoach/dc···tall.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···83166671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···96885812 O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - »entimg.msn.com/client/msnediag2918.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »pcpitstop.com/mhLbl.cab O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - »support.gateway.com/eSupport/sta···nch2.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - »www.crucial.com/controls/cpcScanner.cab O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - »www.byteshop.com:8081/plugin/h263ctrl.cab O16 - DPF: {B41059F3-1704-45E3-88F2-6A297F7153FC} (XLoader Control) - »www.testout.com/portal/AllUsers/XLoader.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - »h30043.www3.hp.com/hpdj/en/check···.cab?323 O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - »entimg.msn.com/client/msnmusax2918.cab O16 - DPF: {FCE90474-8B60-445B-A2B5-57E289BCEA42} (SmartDownloader Control) - »www.downloadcoach.com/SmartDownloader.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- End of file - 8877 bytes
fjr1966 join:2008-04-24 Dublin, OH	to forum · permalink · · 2008-04-25 00:54:29 ·


Saturday, 05-Dec 17:04:30	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF