Linkmaster,
Good news, I think we licked this stubborn little bugger!
I have not gotten the Norton AV popup stating I have Trojan.Vundo!!
Here is my
Spy Sweeper Session Log:********
8:53 AM: | Start of Session, Sunday, October 23, 2005 |
8:53 AM: Spy Sweeper started
8:53 AM: Sweep initiated using definitions version 560
8:53 AM: Starting Memory Sweep
8:53 AM: Warning: Failed to load image: C:\WINDOWS\system32\pmnnn.dll
8:55 AM: Found Adware: virtumonde
8:55 AM: Detected running threat: C:\WINDOWS\SYSTEM32\pmnnn.dll (ID = 77)
9:00 AM: Memory Sweep Complete, Elapsed Time: 00:07:12
9:00 AM: Starting Registry Sweep
9:01 AM: Found Adware: blazefind
9:01 AM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
9:01 AM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
9:01 AM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
9:01 AM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749140)
9:01 AM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
9:01 AM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
9:01 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749160)
9:01 AM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749166)
9:01 AM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\ (1 subtraces) (ID = 749172)
9:02 AM: Registry Sweep Complete, Elapsed Time:00:01:42
9:02 AM: Starting Cookie Sweep
9:02 AM: Found Spy Cookie: reliablestats cookie
9:02 AM:
[email protected][2].txt (ID = 3254)
9:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:02 AM: Starting File Sweep
9:02 AM: Found Adware: winmovie dialer
9:02 AM: c:\windows\downloaded program files\conflict.1 (ID = -2147476814)
9:03 AM: Found Adware: virtualbouncer
9:03 AM: innervbinstall.log (ID = 82805)
9:03 AM: Found Adware: addestroyer
9:03 AM: inneradinstall.log (ID = 49035)
9:05 AM: Found Adware: zestyfind desktop links
9:05 AM: iconz2.exe (ID = 91157)
9:07 AM: Found Adware: media-motor
9:07 AM: backup-20040823-181342-403.inf (ID = 74136)
9:24 AM: Found Adware: tvmedia
9:24 AM: tvmuknwrd.dll (ID = 81759)
9:24 AM: tvmuknwrd.dll (ID = 81759)
9:24 AM: ppqf.tmp (ID = 51438)
9:25 AM: File Sweep Complete, Elapsed Time: 00:22:45
9:25 AM: Full Sweep has completed. Elapsed time 00:31:58
9:25 AM: Traces Found: 64
9:30 AM: Removal process initiated
9:32 AM: Quarantining All Traces: addestroyer
9:32 AM: Quarantining All Traces: blazefind
9:32 AM: Quarantining All Traces: media-motor
9:32 AM: Quarantining All Traces: tvmedia
9:32 AM: Quarantining All Traces: virtualbouncer
9:32 AM: Quarantining All Traces: virtumonde
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: virtumonde is in use. It will be removed on reboot.
9:33 AM: C:\WINDOWS\SYSTEM32\pmnnn.dll is in use. It will be removed on reboot.
9:33 AM: Quarantining All Traces: winmovie dialer
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: Quarantining All Traces: zestyfind desktop links
9:33 AM: Quarantining All Traces: reliablestats cookie
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:33 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:34 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:35 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: BHO Shield: found: -- BHO installation allowed at user request
9:36 AM: BHO Shield: found: -- BHO installation denied at user request
9:36 AM: Preparing to restart your computer. Please wait...
9:36 AM: Removal process completed. Elapsed time 00:05:31
********
8:50 AM: | Start of Session, Sunday, October 23, 2005 |
8:50 AM: Spy Sweeper started
8:52 AM: Your spyware definitions have been updated.
8:53 AM: | End of Session, Sunday, October 23, 2005 |
I had several popups asking if I wanted to deny a BHO installation to which I responded "yes." I hope that was the right thing to do.
Here is my
Hijack This Log:Logfile of HijackThis v1.99.1
Scan saved at 9:41:30 AM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cmd.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ati2dvag] C:\WINDOWS\system32\ati2dvag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst4_x.cabO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.../US/install.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
http://us.dl1.yimg.c...nst_current.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1092954264703O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo....plorer1_9us.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-0.cabO20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I put a check in the box next to:
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll (file missing)
and clicked "Fix Selected."
I then ran Hijack This again and noted that the above-mentioned O20 line did not reappear!
Thank you so much for you help with this little monster.
It has been the bane of my existance for over a week now.
Paula