Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hey everyone. I just got a trojan virus about a few hours ago which probably triggered after a PC reboot. At the time I had BullGuard 7.0 but uninstalled it to put on AVG (havent installed quite yet). I have a custom computer.
I did a smart scan with Ad-Aware and it picked up some malware (the trojan a assume). I did the typical deletion at the end of the scan and now it find it in the scan anymore, did I really just get rid of the trojan with an Ad-Aware scan or could it still be on my comptuer?
I doubt if Ad-aware completely removed the trojan.
Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here
0 
hey i've tried running that scan a few times but it doesn't download all the updates and just stops, i'll keep trying though
0
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
0
Sorry it took so long to reply, have had trouble posting.
Here are the logs.
ComboFix
ComboFix 07-11-08.1 - Xavier 2007-11-12 20:09:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.552 [GMT -8:00]
Running from: C:\Documents and Settings\Xavier\Desktop\ComboFix.exe
.((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.2007-11-11 22:04 <DIR> d-------- C:\New Folder
2007-11-11 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 22:47 1,122,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-06 16:37 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\BullGuard
2007-11-02 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2007-11-01 11:17 <DIR> d-------- C:\WINDOWS\system32\cache329
2007-11-01 11:17 <DIR> d-------- C:\WINDOWS\system32\AdCache
2007-11-01 11:10 <DIR> d-------- C:\WINDOWS\cdmxtras
2007-11-01 11:10 <DIR> d-------- C:\Program Files\Need2Find
2007-11-01 11:10 <DIR> d-------- C:\Program Files\Instafinder
2007-11-01 11:06 10 --a------ C:\WINDOWS\smdat32m.sys
2007-11-01 11:06 0 --a------ C:\WINDOWS\smdat32a.sys
2007-11-01 11:05 <DIR> d-------- C:\Program Files\Kazaa
2007-10-30 13:00 <DIR> d-------- C:\Program Files\Veoh Networks
2007-10-25 13:06 <DIR> d-------- C:\Program Files\BearShare Applications
2007-10-19 16:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-19 16:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-13 23:43 <DIR> d-------- C:\Documents and Settings\Xavier\Application Data\Media Player Classic
2007-10-13 19:51 <DIR> d-------- C:\Program Files\Real Alternative.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 02:19 --------- d-----w C:\Program Files\Warcraft III
2007-11-10 19:13 --------- d-----w C:\Documents and Settings\Xavier\Application Data\MegauploadToolbar
2007-11-08 06:47 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 16:12 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-06 04:47 --------- d-----w C:\Program Files\DivX
2007-11-05 18:31 --------- d-----w C:\Program Files\mIRC
2007-11-05 16:17 --------- d-----w C:\Documents and Settings\Xavier\Application Data\uTorrent
2007-11-02 05:50 --------- d-s---w C:\Program Files\Xfire
2007-11-01 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 19:06 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon
2007-10-31 04:36 --------- d-----w C:\Documents and Settings\Xavier\Application Data\Xfire
2007-10-30 20:07 --------- d-----w C:\Program Files\LimeWire
2007-10-28 20:45 --------- d-----w C:\Program Files\AIM6
2007-10-28 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-28 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-25 14:58 --------- d-----w C:\Program Files\HP
2007-10-20 04:29 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-18 04:22 --------- d-----w C:\Documents and Settings\Xavier\Application Data\teamspeak2
2007-10-13 19:39 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-13 19:39 --------- d-----w C:\Program Files\Diablo II (2)
2007-10-12 19:46 --------- d-----w C:\Program Files\GWFreaks
2007-10-12 17:33 --------- d-----w C:\Program Files\DIFX
2007-10-12 17:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 17:32 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-12 17:25 --------- d-----w C:\Documents and Settings\Xavier\Application Data\IGN_DLM
2007-10-12 06:34 --------- d-----w C:\Program Files\Download Manager
2007-10-11 19:35 --------- d-----w C:\Documents and Settings\Xavier\Application Data\SystemRequirementsLab
2007-10-11 00:11 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2007-10-06 02:21 --------- d-----w C:\Program Files\Apple Software Update
2007-10-06 01:02 --------- d-----w C:\Program Files\iTunes
2007-10-06 01:02 --------- d-----w C:\Program Files\iPod
2007-10-03 05:36 --------- d-----w C:\Documents and Settings\Guest\Application Data\MEGAUPLOADTOOLBAR
2007-10-02 05:08 --------- d-----w C:\Documents and Settings\Xavier\Application Data\Uniblue
2007-10-02 05:02 --------- d-----w C:\Program Files\EA GAMES
2007-10-01 17:51 --------- d-----w C:\Program Files\GustoSoft
2007-09-29 21:27 --------- d-----w C:\Program Files\Hero Editor
2007-09-29 21:26 73,216 ----a-w C:\WINDOWS\ST6UNST.exe
2007-09-29 21:26 249,856 ------w C:\WINDOWS\Setup1.exe
2007-09-29 20:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-09-26 16:46 --------- d-----w C:\Program Files\AMD
2007-09-25 19:26 --------- d-----w C:\Program Files\MegauploadToolbar
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.exe
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\nvuaudio.exe
2007-09-17 08:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 08:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 08:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 08:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 08:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 08:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 08:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 08:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 08:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 08:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 08:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 08:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 08:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 08:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 08:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 08:07 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-09-17 08:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 08:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 08:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 08:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 08:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 08:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 08:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 08:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 08:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 08:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 08:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 08:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 08:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 08:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 08:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-17 05:36 --------- d-----w C:\Program Files\Agent INI
2007-09-14 17:46 --------- d-----w C:\Program Files\Purple Heart
2007-09-13 16:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-07 00:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-07 00:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-01-05 01:27 784 ----a-w C:\Documents and Settings\Xavier\Application Data\mpauth.dat
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.((((((((((((((((((((((((((((( snapshot@2007-11-11_15.44.07.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-07 19:42:02 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-13 03:37:51 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-11 09:19:15 65,418 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-13 04:10:22 65,418 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-11 09:19:15 409,690 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-13 04:10:22 409,690 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 16:53]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-24 17:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 07:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 07:14]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
"nvchost"="C:\WINDOWS\winlogon.exe" []
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 18:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07]
"Instafinder"="C:\Program Files\Instafinder\instafinder.exe" [2007-07-12 12:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 17:50]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 21:52]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Steam"="c:\program files\valve\steam\steam.exe" [2007-10-05 20:24]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 13:57]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-26 13:52]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe [2007-08-22 11:05:18]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 21:52:23]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-03 13:25:31][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrvR"=2 (0x2)R2 app_filter;app_filter;C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 wltwo51b;2Wire Wireless USB adapter Driver;C:\WINDOWS\system32\DRIVERS\wltwo51b.sys[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{995086cf-60da-11d9-a1ef-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.exe /UPDATE.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 02:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 20:13:10
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2007-11-12 20:14:06
C:\ComboFix2.txt ... 2007-11-11 15:44
.
--- E O F ---
HijackThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:50 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\PRISMSVR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Instafinder\instafinder.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.exe" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menu...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexp...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--
End of file - 11362 bytes
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
