Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Won't fix itself [RESOLVED]


  • This topic is locked This topic is locked

#1
whitmangurl

whitmangurl

    Member

  • Member
  • PipPip
  • 31 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:14 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_8\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\rwwnw64d.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\platform seek.exe
O4 - HKLM\..\Run: [{3A-A1-17-74-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [e0c3a1db] rundll32.exe "C:\WINDOWS\system32\uqyefuit.dll",b
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Team Bits] C:\DOCUME~1\User\APPLIC~1\LOVETH~1\seek grim.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8283 bytes





please help this is a new pc and I really don't want it to be screwed up!!! :)
  • 0

Advertisements


#2
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
whitmangurl

whitmangurl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you for taking the time to help me fix my pc



Combo Fix Log

ComboFix 08-02-25.3 - User 2008-02-27 16:13:10.1 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\ComPlus Applications\vaduhu89104.dll
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\avqqofko.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\byxxyxv.dll
C:\WINDOWS\system32\dgrwdcwi.ini
C:\WINDOWS\system32\iwcdwrgd.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-27 16:25 . 2008-02-27 16:25 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-02-26 20:48 . 2008-02-26 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-26 16:38 . 2008-02-26 16:38 294 ---hs---- C:\WINDOWS\system32\tiufeyqu.ini
2008-02-25 18:13 . 2008-02-25 18:13 16 --a------ C:\WINDOWS\system32\coh.cache
2008-02-25 17:43 . 2008-02-25 18:10 <DIR> d-------- C:\Program Files\Symantec
2008-02-25 17:43 . 2008-02-25 18:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-25 17:43 . 2008-02-25 18:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-25 17:36 . 2008-02-25 17:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-25 17:33 . 2008-02-25 17:33 134 --a------ C:\n.bat
2008-02-25 17:32 . 2008-02-25 19:09 <DIR> d-------- C:\WINDOWS\system32\we2
2008-02-25 17:32 . 2008-02-25 17:32 <DIR> d-------- C:\WINDOWS\system32\per6
2008-02-25 17:32 . 2008-02-25 17:32 <DIR> d-------- C:\WINDOWS\system32\oxo4
2008-02-25 17:32 . 2008-02-25 17:32 <DIR> d-------- C:\WINDOWS\system32\nap8
2008-02-25 17:32 . 2008-02-25 18:14 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-02-25 17:32 . 2008-02-25 17:32 <DIR> d-------- C:\WINDOWS\system32\def4
2008-02-25 17:32 . 2008-02-25 17:32 49,163 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-02-24 09:36 . 2008-02-24 09:36 <DIR> d-------- C:\Program Files\Go-Go Gourmet
2008-02-24 09:22 . 2008-02-24 09:22 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-02-24 09:22 . 2008-02-24 09:22 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-02-24 09:15 . 2008-02-24 09:15 <DIR> d-------- C:\Program Files\ToGo Game
2008-02-23 13:34 . 2008-02-23 13:47 <DIR> d-------- C:\Program Files\Shockwave.com
2008-02-16 15:45 . 2008-02-16 15:45 <DIR> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-02-16 10:37 . 2008-02-16 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-10 10:53 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-10 10:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-10 10:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-10 10:53 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-04 21:30 . 2008-02-04 21:30 17,536 --a------ C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 23:14 . 2008-02-03 23:14 <DIR> d-------- C:\WINDOWS\Sun
2008-01-30 13:30 . 2008-01-30 13:30 <DIR> d-------- C:\Program Files\The Sims Carnival SnapCity
2008-01-30 13:07 . 2008-02-21 20:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\Love the cash
2008-01-30 13:07 . 2008-02-21 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\close poke frag ooze
2008-01-29 21:32 . 2008-01-29 21:32 <DIR> d-------- C:\Documents and Settings\User\Application Data\Gamelab
2008-01-29 15:00 . 2008-01-29 15:00 <DIR> d-------- C:\Program Files\bfgclient
2008-01-29 14:49 . 2008-01-29 14:49 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-01-29 14:40 . 2008-01-29 14:40 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 21:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 23:03 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-25 23:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-25 23:10 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-25 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-25 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-25 22:36 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-02-23 18:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 20:36 --------- d-----w C:\Program Files\Electronic Arts
2008-01-27 03:01 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 18:03 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-19 18:03 --------- d-----w C:\Documents and Settings\User\Application Data\PACE Anti-Piracy
2008-01-19 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-19 07:38 --------- d-----w C:\Program Files\EA GAMES
2008-01-14 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-13 01:02 --------- d-----w C:\Documents and Settings\User\Application Data\InterTrust
2008-01-10 03:31 --------- d-----w C:\Program Files\Restaurant Empire
2008-01-08 17:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-08 01:22 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-01-06 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 20:10 --------- d-----w C:\Program Files\Logitech
2008-01-06 20:09 90,112 ------r C:\WINDOWS\bwUnin-6.1.0.155-8876480L.exe
2008-01-06 20:09 --------- d-----w C:\Program Files\Desktop Messenger
2008-01-06 20:09 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-06 04:45 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2008-01-06 04:37 --------- d-----w C:\Program Files\DivX
2008-01-06 02:14 --------- d-----w C:\Program Files\Java
2008-01-05 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-05 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-04 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-03 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-03 23:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 22:46 --------- d-----w C:\Program Files\SymplisIT
2007-12-31 07:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-31 05:44 --------- d-----w C:\Program Files\Common Files\Java
2007-12-31 05:43 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2007-12-31 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 05:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 05:26 --------- d-----w C:\Program Files\Windows Live
2007-12-31 05:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-31 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 23:38 --------- d-----w C:\Program Files\CCleaner
2007-12-30 23:29 --------- d-----w C:\Documents and Settings\User\Application Data\Yahoo!
2007-12-30 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 23:22 --------- d-----w C:\Program Files\Rogers
2007-12-30 22:16 15,890 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
.

------- Sigcheck -------

6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2007-05-09 23:55:08 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 05:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CF635BD-00AD-4366-7094-F4AD0AEF4E86}]
C:\Program Files\InstallShield Installation Information\labumu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 15:30 5166392]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 15:51 478968]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 18:46 81920]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 17:06 1318912]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 15:30 136504]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-06 15:09 16384]
"Team Bits"="C:\DOCUME~1\User\APPLIC~1\LOVETH~1\seek grim.exe" [2008-02-21 20:45 470016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 18:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 04:11 132496]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 17:08 1478612]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 16:48 509224]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 13:40 270336]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2008-01-06 15:09 16384]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 12:42 35328]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-12-20 04:59 204800]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Frag Ooze Cash Scr"="C:\Documents and Settings\All Users\Application Data\close poke frag ooze\platform seek.exe" [2008-02-27 16:25 1102336]
"{3A-A1-17-74-DW}"="C:\windows\system32\rwwnw64d.exe" [2008-02-25 17:32 49163]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11 771704]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-02-25 17:32:54 49163]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-06 15:10:00 156160]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 16:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 16:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

S3 AR5523;802.11 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys []
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 01:30]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 01:00:00 C:\WINDOWS\Tasks\AF7873039187E4DB.job"
- c:\docume~1\user\applic~1\loveth~1\software pop roam.exe
"2008-02-26 01:00:11 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - User.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 16:25:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-27 16:37:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 21:37:09
.
2008-02-14 08:02:45 --- E O F ---



Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:29 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\rwwnw64d.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: 0 - {6CF635BD-00AD-4366-7094-F4AD0AEF4E86} - C:\Program Files\InstallShield Installation Information\labumu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\platform seek.exe
O4 - HKLM\..\Run: [{3A-A1-17-74-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Team Bits] C:\DOCUME~1\User\APPLIC~1\LOVETH~1\seek grim.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8783 bytes
  • 0

#4
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again. :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\tiufeyqu.ini
C:\WINDOWS\system32\coh.cache
C:\n.bat
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\iebrowserc.dll
C:\Program Files\InstallShield Installation Information\labumu.dll
C:\WINDOWS\Tasks\AF7873039187E4DB.job

Folder::
C:\Program Files\ComPlus Applications\
C:\WINDOWS\system32\we2
C:\WINDOWS\system32\per6
C:\WINDOWS\system32\oxo4
C:\WINDOWS\system32\nap8
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\def4
C:\Documents and Settings\User\Application Data\Love the cash
C:\Documents and Settings\All Users\Application Data\close poke frag ooze
C:\Program Files\bfgclient
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Team Bits"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Frag Ooze Cash Scr"=-
"{3A-A1-17-74-DW}"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
whitmangurl

whitmangurl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ComboFix Log


ComboFix 08-02-25.3 - User 2008-02-27 18:35:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\n.bat
C:\Program Files\InstallShield Installation Information\labumu.dll
C:\WINDOWS\system32\coh.cache
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\tiufeyqu.ini
C:\WINDOWS\Tasks\AF7873039187E4DB.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\\autorun.exe
C:\Documents and Settings\All Users\Application Data\close poke frag ooze
C:\Documents and Settings\All Users\Application Data\close poke frag ooze\platform seek.exe
C:\Documents and Settings\User\Application Data\Love the cash
C:\Documents and Settings\User\Application Data\Love the cash\0
C:\Documents and Settings\User\Application Data\Love the cash\faticmrd.exe
C:\Documents and Settings\User\Application Data\Love the cash\pytevvxf.exe
C:\Documents and Settings\User\Application Data\Love the cash\seek grim.exe
C:\Documents and Settings\User\Application Data\Love the cash\software pop roam.exe
C:\Documents and Settings\User\Application Data\Love the cash\xlgtudxv.exe
C:\Documents and Settings\User\Start Menu\Programs\Startup\DW_Start.lnk
C:\n.bat
C:\Program Files\bfgclient
C:\Program Files\bfgclient\BFG.ico
C:\Program Files\bfgclient\bfgclient.exe
C:\Program Files\bfgclient\bfgcommon.dll
C:\Program Files\bfgclient\bfggameservices.exe
C:\Program Files\bfgclient\bfgprocess.exe
C:\Program Files\bfgclient\bfgus.dll
C:\Program Files\bfgclient\msvcp71.dll
C:\Program Files\bfgclient\msvcr71.dll
C:\Program Files\bfgclient\temp01
C:\Program Files\bfgclient\unicows.dll
C:\Program Files\bfgclient\uninstall.exe
C:\Program Files\ComPlus Applications\
C:\WINDOWS\system32\coh.cache
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\def4
C:\WINDOWS\system32\def4\wrevdllcm3.exe
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32\nap8
C:\WINDOWS\system32\nap8\propbar68.exe
C:\WINDOWS\system32\oxo4
C:\WINDOWS\system32\oxo4\dewondll4.exe
C:\WINDOWS\system32\per6
C:\WINDOWS\system32\per6\pon89104.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\tiufeyqu.ini
C:\WINDOWS\system32\we2
C:\WINDOWS\Tasks\AF7873039187E4DB.job

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 20:48 . 2008-02-26 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 17:43 . 2008-02-25 18:10 <DIR> d-------- C:\Program Files\Symantec
2008-02-25 17:43 . 2008-02-25 18:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-25 17:43 . 2008-02-25 18:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-25 17:36 . 2008-02-25 17:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-24 09:36 . 2008-02-24 09:36 <DIR> d-------- C:\Program Files\Go-Go Gourmet
2008-02-24 09:15 . 2008-02-24 09:15 <DIR> d-------- C:\Program Files\ToGo Game
2008-02-23 13:34 . 2008-02-23 13:47 <DIR> d-------- C:\Program Files\Shockwave.com
2008-02-16 15:45 . 2008-02-16 15:45 <DIR> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-02-16 10:37 . 2008-02-16 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-10 10:53 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-10 10:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-10 10:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-10 10:53 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-04 21:30 . 2008-02-04 21:30 17,536 --a------ C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 23:14 . 2008-02-03 23:14 <DIR> d-------- C:\WINDOWS\Sun
2008-01-30 13:30 . 2008-01-30 13:30 <DIR> d-------- C:\Program Files\The Sims Carnival SnapCity
2008-01-29 21:32 . 2008-01-29 21:32 <DIR> d-------- C:\Documents and Settings\User\Application Data\Gamelab
2008-01-29 14:49 . 2008-01-29 14:49 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-01-29 14:40 . 2008-01-29 14:40 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 21:40 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-27 21:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 23:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-25 23:10 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-25 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-25 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-25 22:36 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-02-23 18:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 20:36 --------- d-----w C:\Program Files\Electronic Arts
2008-01-27 03:01 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 18:03 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-19 18:03 --------- d-----w C:\Documents and Settings\User\Application Data\PACE Anti-Piracy
2008-01-19 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-19 07:38 --------- d-----w C:\Program Files\EA GAMES
2008-01-14 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-13 01:02 --------- d-----w C:\Documents and Settings\User\Application Data\InterTrust
2008-01-10 03:31 --------- d-----w C:\Program Files\Restaurant Empire
2008-01-08 17:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-08 01:22 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-01-06 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 20:10 --------- d-----w C:\Program Files\Logitech
2008-01-06 20:09 90,112 ------r C:\WINDOWS\bwUnin-6.1.0.155-8876480L.exe
2008-01-06 20:09 --------- d-----w C:\Program Files\Desktop Messenger
2008-01-06 20:09 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-06 04:45 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2008-01-06 04:37 --------- d-----w C:\Program Files\DivX
2008-01-06 02:14 --------- d-----w C:\Program Files\Java
2008-01-05 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-05 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-04 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-03 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-03 23:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 22:46 --------- d-----w C:\Program Files\SymplisIT
2007-12-31 07:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-31 05:44 --------- d-----w C:\Program Files\Common Files\Java
2007-12-31 05:43 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2007-12-31 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 05:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 05:26 --------- d-----w C:\Program Files\Windows Live
2007-12-31 05:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-31 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 23:38 --------- d-----w C:\Program Files\CCleaner
2007-12-30 23:29 --------- d-----w C:\Documents and Settings\User\Application Data\Yahoo!
2007-12-30 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 23:22 --------- d-----w C:\Program Files\Rogers
2007-12-30 22:16 15,890 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
.

------- Sigcheck -------

6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2007-05-09 23:55:08 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CF635BD-00AD-4366-7094-F4AD0AEF4E86}]
C:\Program Files\InstallShield Installation Information\labumu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 15:30 5166392]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 15:51 478968]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 18:46 81920]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 17:06 1318912]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 15:30 136504]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-06 15:09 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 18:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 04:11 132496]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 17:08 1478612]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 16:48 509224]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 13:40 270336]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2008-01-06 15:09 16384]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 12:42 35328]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-12-20 04:59 204800]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11 771704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-06 15:10:00 156160]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 16:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 16:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

S3 AR5523;802.11 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys []
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 01:30]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 01:00:11 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - User.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:43:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
.
**************************************************************************
.
Completion time: 2008-02-27 18:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 23:55:33
ComboFix2.txt 2008-02-27 21:37:14
.
2008-02-14 08:02:45 --- E O F ---





Hijack This Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:44 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {6CF635BD-00AD-4366-7094-F4AD0AEF4E86} - C:\Program Files\InstallShield Installation Information\labumu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8166 bytes
  • 0

#6
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good. Still having any problems?
  • 0

#7
whitmangurl

whitmangurl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you so much no everything seems back to normal....thanks again for your time
  • 0

#8
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP