site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > HJT LOG - PC sends out massive random emails, locks up!

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7
1 edit

reply to fjr1966

Re: HJT LOG - PC sends out massive random emails, locks up!

First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.

Please download ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1
It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
• Double-click ATF-Cleaner.exe to run the program.

First Step:
• Under Main choose: Select All
• Click the Empty Selected button.
Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button. :!: Click Exit on the Main menu to close the program.

Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

Malware Removal Steps
1. Open HijackThis again, System scan only. Checkmark these items:

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {7F38CA7E-C0E2-4638-BE3A-E9CD85DD1121} - c:\windows\system32\dswavec.dll
O2 - BHO: (no name) - {B1C8DEA1-A3AA-4549-B165-9856CFD00111} - C:\WINDOWS\System32\cfgmgr32f.dll
O20 - Winlogon Notify: qzvntkva - C:\WINDOWS\SYSTEM32\dswavec.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/FRANK/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

Click "Fix checked" and when the log panel clears exit HijackThis.

2. Download and Run -- ComboFix©
Download this file -- to your Desktop -- from any of these sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

• Disconnect from the Internet.
• Disable your Antivirus software -- this includes any Script Blocking Feature it may have.

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Once downloaded, close all programs and Windows on your computer (including this one.)

Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.

4. Run HijackThis again, and save the log file.

Submit to the Forum:
• The contents of C:\Combofix.txt;
• The MBAM log;
• The reason Service Pack 2 is not installed;
• The new HijackThis log.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · 2008-04-24 19:12:46 ·

fjr1966

join:2008-04-24
Dublin, OH

Thank you for the reply. All steps as requested, in order, completed successfully. Logs requested below. SP2 not installed due to overwhelming difficulties with SP2 installation some time ago.

COMBO LOG

ComboFix 08-04-22.5 - FRANK 2008-04-25 0:05:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.193 [GMT -4:00]
Running from: C:\Documents and Settings\FRANK\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0000
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0001
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0002
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0003
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0004
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0005
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0006
C:\Program Files\Common Files\icroso~1.net\ICROSO~1.NET\ctxad-464.0007
C:\WINDOWS\system32\azip32.dll
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\drivers\RKWR64.sys
C:\WINDOWS\System32\dswavec.dll
C:\WINDOWS\system32\dzgtactx.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\Tasks.\At1.job

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CYHNTPNZ
-------\Legacy_EXAMPLE
-------\Legacy_EXAMPLE1
-------\Legacy_RKWR64
-------\Legacy_RUNTIME
-------\Service_cyhntpnz
-------\Service_EXAMPLE1
-------\Service_Rkwr64
-------\Service_RKWR64

((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-24 16:06 . 2008-04-24 16:10 d-------- C:\Program Files\Spyware Doctor
2008-04-24 16:06 . 2008-04-24 16:06 d-------- C:\Documents and Settings\FRANK\Application Data\PC Tools
2008-04-24 16:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-24 16:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-24 16:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-24 16:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-24 14:49 . 2008-04-24 15:55 d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 08:07 . 2008-04-24 08:07 174 --a------ C:\WINDOWS\wininit.ini
2008-04-24 07:28 . 2008-04-24 07:28 d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 06:53 . 2008-04-24 06:53 d-------- C:\Program Files\SymNetDrv
2008-04-24 06:52 . 2005-07-29 09:56 124,168 --a------ C:\WINDOWS\system32\SymStore.dll
2008-04-24 06:49 . 2008-04-24 06:50 d-------- C:\Program Files\Norton AntiVirus
2008-04-24 06:49 . 2008-04-24 06:49 d-------- C:\Documents and Settings\FRANK\Application Data\Symantec
2008-04-24 06:49 . 2002-02-26 10:40 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-04-24 06:49 . 2002-02-26 10:40 58,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-24 06:49 . 2002-02-26 10:40 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-24 06:12 . 2008-04-24 06:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 06:08 . 2008-04-24 06:53 d-------- C:\Program Files\Symantec
2008-04-24 06:08 . 2008-04-24 06:55 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 06:08 . 2008-04-24 06:50 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 05:25 . 2002-02-26 10:40 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-04-24 04:45 . 2008-04-25 00:12 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 03:33 . 2002-12-11 15:16 88,064 --a------ C:\WINDOWS\system32\asferrorq.dll
2008-04-24 03:28 . 2008-04-24 03:28 29 --a------ C:\WINDOWS\system32\syfowhie.tmp
2008-04-24 03:27 . 2003-03-31 08:00 88,064 --a------ C:\WINDOWS\system32\cfgmgr32f.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 08:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-23 17:15 --------- d-----w C:\Documents and Settings\FRANK\Application Data\uTorrent
2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-09-28 18:40 57,760 ----a-w C:\Documents and Settings\FRANK\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08 1511453]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 03:11 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 13:50 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"nwiz"="nwiz.exe" [2004-03-24 10:04 782336 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04 46080]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04 3309568]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 12:39 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 01:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 17:59 374688]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2002-02-27 11:27 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-24 06:53 95960]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
"vidc.xvid"= xvid.dll
"VIDC.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7il]
C:\WINDOWS\system32\7il.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoProp]
--------- 2001-07-16 07:50 36864 C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--------- 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
C:\WINDOWS\9129837.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--------- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 23:57]
R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\System32\DRIVERS\p35u.sys [2001-09-24 12:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 10:50:56 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-25 00:12:24
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-04-25 0:18:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 04:18:45

Pre-Run: 65,896,796,160 bytes free
Post-Run: 66,456,514,560 bytes free

161

MBAM LOG

Malwarebytes' Anti-Malware 1.11
Database version: 679

Scan type: Quick Scan
Objects scanned: 35883
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\whInstall\license.txt (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\readme.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:10 AM, on 4/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - »supportcenter.rr.com/sdccommon/d···tlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - »www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - »software-dl.real.com/172a026fd0a···E601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - »www.aebn.net/ws/DownloadCoach/dc···tall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···83166671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···96885812
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - »entimg.msn.com/client/msnediag2918.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »pcpitstop.com/mhLbl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - »support.gateway.com/eSupport/sta···nch2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - »www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - »www.byteshop.com:8081/plugin/h263ctrl.cab
O16 - DPF: {B41059F3-1704-45E3-88F2-6A297F7153FC} (XLoader Control) - »www.testout.com/portal/AllUsers/XLoader.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - »h30043.www3.hp.com/hpdj/en/check···.cab?323
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - »entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCE90474-8B60-445B-A2B5-57E289BCEA42} (SmartDownloader Control) - »www.downloadcoach.com/SmartDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8877 bytes

to forum · permalink · 2008-04-25 00:54:29 ·
Forums > Broadband Tech > Security > Security Cleanup

Sunday, 12-Feb 16:55:14 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online! © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics