Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

3 EVIL ADWARES! Help please!

Started by Scrilla , Dec 07 2006 04:06 PM

  • Please log in to reply

#16
Scrilla
Posted 08 December 2006 - 08:55 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Ive tried to fix the following numerous times.... it just keeps reappearing the the HJT log.
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - :\PROGRA~1\vision\vision.dll

Edited by Scrilla, 09 December 2006 - 11:02 AM.

  • 0

Advertisements

#17
Scrilla
Posted 08 December 2006 - 11:46 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I've removed all of the "vision" program. I found it in services and then found it in the add/remove programs list. Hopefully it will not reappear. I tried editing the registry like explain in that link. Funny thing is... on the "Edit>Add Value" part... there is no Add Value option, I assume they mean Edit>New>Multistring?. Anyway I tried that and didnt get the symantec error but still the "Cannot load VDM IPX/SPX"
  • 0

#18
MFDnSC
Posted 09 December 2006 - 01:03 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
http://www.resortdat...DOS/K000172.htm

Go to solution and do the notepad part
  • 0

#19
Scrilla
Posted 09 December 2006 - 10:45 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sorry for the late reply,

I didn't get the usual Cannot load VDM IPX/SPX support this time after your instructions... but the error about C:\PROGRA~1\Symantec\S32EVNT1.DLL appeared twice. Every time I run Combofix it messes up my clock by making it military time and it messes up my startbar as well. Only way I can fix it is with system restore. Even that didn't work this time. This is [bleep].
Thanks for your help :whistling: :blink:


EDIT: It seems if I search for VDD in the registry editor the data is always C:\PROGRA~1\Symantec\S32EVNT1.DLL. Hope that helps. Thanks again :help:

Edited by Scrilla, 09 December 2006 - 10:48 PM.

  • 0

#20
Scrilla
Posted 09 December 2006 - 11:05 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
HAPPY HAPPY JOY JOY!!! :whistling: I deleted the Symantec value in the CurrentContol VDD and tried combofix again and it WORKED! It fixed my clock back to normal as well! :blink:



Heres the log:


Trey Hudson - 06-12-09 23:54:19.40 Service Pack 2
ComboFix 06.12.01W - Running from: "D:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\dektop.ini
C:\WINDOWS\system32\extern.ini
C:\WINDOWS\system32\jetspeed.dll
C:\WINDOWS\system32\stdact.ini
C:\WINDOWS\system32\stdup.uni
C:\~de*.tmp
C:\WINDOWS\system32\Drivers\albus.sys
C:\WINDOWS\system32\albus.dat
C:\WINDOWS\system32\alstd.dat
C:\WINDOWS\system32\alsmt.exe
C:\WINDOWS\system32\std.ini
C:\WINDOWS\system32\stdd.ini
C:\WINDOWS\system32\updadini.ini
C:\WINDOWS\system32\updstdex.ini
C:\WINDOWS\system32\updstdup.ini
C:\WINDOWS\system32\stdplay.dll
C:\WINDOWS\system32\stdstub.dll
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\stdvote.dll
C:\WINDOWS\system32\STDCACHE
C:\WINDOWS\system32\updadini
C:\WINDOWS\system32\UPDSTDEX
C:\WINDOWS\system32\updstdup


((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-10 00:00 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-09 16:33 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-12-09 14:39 <DIR> d-------- C:\Documents and Settings\Trey Hudson\Application Data\Ventrilo
2006-12-09 14:38 <DIR> d-------- C:\Program Files\Ventrilo
2006-12-09 14:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-09 14:29 <DIR> d-------- C:\Documents and Settings\Trey Hudson\Application Data\IGN_DLM
2006-12-09 10:20 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-09 10:00 20,480 --a------ C:\WINDOWS\system32\normaliz.dll
2006-12-09 09:55 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-09 09:53 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-12-09 09:53 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-12-09 09:53 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-12-09 09:53 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-12-09 09:53 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-12-09 09:53 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-12-09 09:53 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-12-09 09:53 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-12-09 09:53 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-12-08 17:04 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-08 17:04 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-08 17:04 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-12-08 17:04 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-12-08 17:04 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-12-08 17:04 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-12-08 17:04 <DIR> d-------- C:\Program Files\Webroot
2006-12-08 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-12-08 15:44 <DIR> d-------- C:\Documents and Settings\Trey Hudson\Application Data\Webroot
2006-12-08 15:37 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-08 15:37 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-08 15:37 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-08 15:37 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-08 15:37 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-08 15:37 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-08 15:37 <DIR> d-------- C:\Program Files\Grisoft
2006-12-08 15:37 <DIR> d-------- C:\Documents and Settings\Trey Hudson\Application Data\AVG7
2006-12-08 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-08 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-08 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2006-12-07 14:46 <DIR> d-------- C:\Documents and Settings\Trey Hudson\Application Data\F-Secure
2006-12-07 14:42 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-12-07 14:42 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2006-12-07 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2006-12-07 13:44 <DIR> d--hs---- C:\Config.Msi
2006-12-06 16:35 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-11-25 12:42 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-25 12:42 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-25 12:42 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%
2006-11-25 12:37 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-24 18:21 118,272 --a------ C:\WINDOWS\system32\SX5363S.DLL
2006-11-24 18:21 102,400 --a------ C:\WINDOWS\system32\RV32RTP.dll
2006-11-18 23:32 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-09 23:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-09 18:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-09 16:33 -------- d-a------ C:\Program Files\Common Files
2006-12-09 10:05 -------- d-------- C:\Program Files\Internet Explorer
2006-12-09 01:44 -------- d-------- C:\Program Files\Warez P2P Client
2006-12-09 01:44 -------- d-------- C:\Program Files\Common Files\Stardock
2006-12-08 15:36 -------- d---s---- C:\Documents and Settings\Trey Hudson\Application Data\Microsoft
2006-11-27 14:48 -------- d-------- C:\Program Files\Java
2006-11-18 22:59 -------- d-------- C:\Program Files\OpenOffice.org1.1.2
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 01:47 -------- d-------- C:\Program Files\Common Files\NSV
2006-10-26 23:43 16740 --a------ C:\Program Files\Warez P2P ClientIPGUARD.LOG
2006-10-22 15:57 -------- d-------- C:\Program Files\MSN Messenger
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-14 00:47 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CursorXP"="\"D:\\Program Files\\CursorXP\\CursorXP.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"igndlm.exe"="\"D:\\Program Files\\IGN\\Download Manager\\DLM.exe\" /windowsstart /startifwork"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"DiskeeperSystray"="\"D:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DownloadAccelerator"="\"D:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\KeyMaestro]
"FirstRun"=dword:00000001
"RepeatFlag"=dword:00000000
"PowerEnable"=dword:00000001
"BTCplayEnable"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,c4,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,c4,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trey Hudson^Start Menu^Programs^Startup^Drempels Desktop.lnk]
"path"="C:\\Documents and Settings\\Trey Hudson\\Start Menu\\Programs\\Startup\\Drempels Desktop.lnk"
"backup"="C:\\WINDOWS\\pss\\Drempels Desktop.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\drempels.exe /y"
"item"="Drempels Desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trey Hudson^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\Trey Hudson\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trey Hudson^Start Menu^Programs^Startup^OpenOffice.org 1.1.2.lnk]
"path"="C:\\Documents and Settings\\Trey Hudson\\Start Menu\\Programs\\Startup\\OpenOffice.org 1.1.2.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 1.1.2.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.2\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 1.1.2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trey Hudson^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
"path"="C:\\Documents and Settings\\Trey Hudson\\Start Menu\\Programs\\Startup\\Stardock ObjectDock.lnk"
"backup"="C:\\WINDOWS\\pss\\Stardock ObjectDock.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\Stardock\\OBJECT~2\\OBJECT~1.EXE "
"item"="Stardock ObjectDock"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BootSkin"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft IntelliPoint 5.0\\IPoint\\SETUP\\Files\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nls"
"hkey"="HKLM"
"command"="C:\\Program Files\\NaviSearch\\bin\\nls.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMixerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="printray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP2 Connection Patcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SP2ConnPatcher"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"d:\\programs\\thaeth\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SysMetrix"
"hkey"="HKLM"
"command"="D:\\Program Files\\SysMetrix\\SysMetrix.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="warez"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Warez P2P Client\\warez.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0400"
"hkey"="HKLM"
"command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A3A44A7C9187C934.job

Completion time: 06-12-10 0:02:22.03
C:\ComboFix.txt ... 06-12-10 00:02
C:\ComboFix2.txt ... 06-12-09 23:23
C:\ComboFix3.txt ... 06-12-08 23:52

Edited by Scrilla, 09 December 2006 - 11:06 PM.

  • 0

#21
MFDnSC
Posted 10 December 2006 - 08:44 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Great work!!!!!!!!!!!!!!!!

Post a new hijack log

How are things??????????
  • 0

#22
Scrilla
Posted 10 December 2006 - 12:11 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Everything seems fine now. I ran Spysweeper with your suggested configuration and got 0 results!! :whistling: Heres the HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 1:10:37 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Desktop Stuff\antihijack soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] "D:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150247875765
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D00AF2BE-ECFA-4B51-A9A7-C57B6D54CAF5}: NameServer = 68.10.16.25,68.10.16.30
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

#23
MFDnSC
Posted 10 December 2006 - 12:46 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
The China infection is gone!!!!!!!!!!!

Fix this

O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0

#24
Scrilla
Posted 10 December 2006 - 01:10 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Fixed the entry you posted with HJT, turned off system restore, rebooted and then reactivated System Restore.

New HJT Log:


Logfile of HijackThis v1.99.1
Scan saved at 2:09:49 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Desktop Stuff\antihijack soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] "D:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150247875765
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D00AF2BE-ECFA-4B51-A9A7-C57B6D54CAF5}: NameServer = 68.10.16.25,68.10.16.30
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

#25
MFDnSC
Posted 10 December 2006 - 01:33 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Good to go
  • 0

Advertisements

#26
Scrilla
Posted 10 December 2006 - 01:48 PM

Scrilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Awesome, you rock! Every time I come here I end-up getting my problem solved and learning! You've helped my computer and my brain. Thank you tons. :whistling: Great Job
  • 0

#27
MFDnSC
Posted 10 December 2006 - 01:56 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Could not have done it without your efforts!!!!!!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP