Another Victim of SpySheriff... [Archive]

View Full Version : Another Victim of SpySheriff...

snowywan

2006-01-07, 01:39

Hi, I’m a newbie here seeking for help in the above issue. Had search, read up on some cases with similar situation as mine and followed Corrine’s instructions.

IE Main Default Page URL is still in c:\secure32.html.
Panda Activescan also found spysheriff in my Windows Registry.
How do I remove them? Please see my logs for anymore leftovers needed to be cleared. :confused:

Appreciate your kind assistance. :)

1. The first HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 10:28:53 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\WINDOWS\Explorer.EXE
C:\APACHE\Apache.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\APACHE\Apache.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\CameraAssistant.exe
F:\WINDOWS\System32\ElkCtrl.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\system32\paytime.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\winstall.exe
F:\WINDOWS\system32\paytime.exe
F:\Program Files\No-IP\DUC20.exe
F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\IntelliUpSite\IntelliUpSite.exe
F:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] F:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] F:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] F:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] F:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [_AntiSpyware] F:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - Startup: No-IP DUC.lnk = F:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Diginet Site.lnk = F:\Diginet\Diginet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134834078375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://192.168.11.4/WebDiginet.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA12BDBD-C592-4C40-98EB-5D99C7FCFDB4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\APACHE\Apache.exe" --ntservice (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

2. The contents of the C:\smitfiles.txt log

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 01/06/2006
The current time is: 10:36:36.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 732 'explorer.exe'
Killing PID 732 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :)

3. The Ewido Log.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:46:14 AM, 1/6/2006
+ Report-Checksum: 48D78BE1

+ Scan result:

C:\Application on 192.168.1.252\Ahead Nero.v7.0.1.2\Ultimate Guide to Financial Freedom (Something Extra!) If u r interested\Online Casino Loopholes\installcasino.exe -> Spyware.Casino : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
F:\Documents and Settings\Windows\Cookies\windows@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
F:\Documents and Settings\Windows\Cookies\windows@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
F:\Documents and Settings\Windows\Cookies\windows@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\RECYCLER\S-1-5-21-1708537768-879983540-725345543-1004\Df3.exe -> Downloader.PassAlert.i : Cleaned with backup
F:\WINDOWS\kl.exe -> Logger.Agent.jl : Cleaned with backup
F:\WINDOWS\system32\paytime.exe -> Hijacker.StartPage.agp : Cleaned with backup
F:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
F:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup

::Report End

snowywan

2006-01-07, 01:43

4. The second HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 3:18:09 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\CameraAssistant.exe
F:\WINDOWS\System32\ElkCtrl.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\McAfee.com\VSO\mcvsshld.exe
F:\Program Files\McAfee.com\VSO\oasclnt.exe
F:\progra~1\mcafee\MCAFEE~1\MssCli.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\WINDOWS\system32\ctfmon.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\No-IP\DUC20.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\APACHE\Apache.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
f:\program files\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\APACHE\Apache.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
c:\IntelliUpSite\IntelliUpSite.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
f:\progra~1\mcafee.com\vso\mcvsftsn.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] f:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] F:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] F:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] F:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [_AntiSpyware] f:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - Startup: No-IP DUC.lnk = F:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Diginet Site.lnk = F:\Diginet\Diginet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134834078375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://192.168.11.4/WebDiginet.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA12BDBD-C592-4C40-98EB-5D99C7FCFDB4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\APACHE\Apache.exe" --ntservice (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

LonnyRJones

2006-01-09, 11:00

Hi snowywan
Good job so far

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update suns java manualy
Sun Java V1.5.0_06 is Available: http://java.com/en/index.jsp
Afterwards Turn off it's auto-updater,(Its buggy) , in control panel java >
update tab uncheck its option to update automatically.
After you install the newer version its important to uninstall the old versions, via addremove programs.

Post a fresh hijackthis log please, be sure to mention any current problems.

tashi

2006-01-12, 17:58

Hi snowywan, are you still with us? :)

snowywan

2006-01-13, 15:38

Thanks for your response and sorry for being late… yes.. yes.. I’m still around.. :p ~~

I’ve followed Lonny’s instructions above and my pc seems to be running well too. Now, Here's my latest hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:13:12 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\CameraAssistant.exe
F:\WINDOWS\System32\ElkCtrl.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\McAfee.com\VSO\mcvsshld.exe
F:\Program Files\McAfee.com\VSO\oasclnt.exe
F:\progra~1\mcafee\MCAFEE~1\MssCli.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\system32\ctfmon.exe
C:\APACHE\Apache.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
f:\program files\mcafee.com\agent\mcdetect.exe
C:\APACHE\Apache.exe
F:\Program Files\No-IP\DUC20.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
c:\IntelliUpSite\IntelliUpSite.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] F:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] F:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] F:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [_AntiSpyware] f:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: No-IP DUC.lnk = F:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Diginet Site.lnk = F:\Diginet\Diginet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134834078375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://192.168.11.4/WebDiginet.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA12BDBD-C592-4C40-98EB-5D99C7FCFDB4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msctl32.dll - F:\WINDOWS\
O23 - Service: Apache - Unknown owner - C:\APACHE\Apache.exe" --ntservice (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

LonnyRJones

2006-01-13, 15:49

Hi
Open a command prompt (start run type cmd press enter)
type
sc delete i386p
press enter, type exit and press enter to exit the command prompt
Let me know if there was a success or doesnt exist message ?

Start Hijackthis and place a check next to these items If there.
O20 - Winlogon Notify: msctl32.dll - F:\WINDOWS\
====================================
Hit fix checked and close Hijackthis.

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly
How did that go ?
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

snowywan

2006-01-13, 16:06

hi lonny,

Thanks for ur help..

i was prompted.. [sc]delete service failed 1027 when trying to delete i386p.
Does it means tat it doesn't exist?

snowywan

2006-01-13, 16:09

sorry.. the message i got from command should be:

[sc] Delete Service Failed 1072

The specified service has been marked for deletion.

LonnyRJones

2006-01-13, 16:14

Ok

Reboot then do this command and let us know
sc query i386p

snowywan

2006-01-13, 16:40

Cool.. thanks :bigthumb:

The service does not exist. Had also fixed..
O20 - Winlogon Notify: msctl32.dll - F:\WINDOWS\
Here my log file again just i case...:)

Logfile of HijackThis v1.99.1
Scan saved at 10:34:46 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\CameraAssistant.exe
F:\WINDOWS\System32\ElkCtrl.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\McAfee.com\VSO\mcvsshld.exe
F:\Program Files\McAfee.com\VSO\oasclnt.exe
F:\progra~1\mcafee\MCAFEE~1\MssCli.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\system32\ctfmon.exe
C:\APACHE\Apache.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
f:\program files\mcafee.com\agent\mcdetect.exe
C:\APACHE\Apache.exe
F:\Program Files\No-IP\DUC20.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
c:\IntelliUpSite\IntelliUpSite.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] F:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] F:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] F:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [_AntiSpyware] f:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: No-IP DUC.lnk = F:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Diginet Site.lnk = F:\Diginet\Diginet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134834078375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://192.168.11.4/WebDiginet.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA12BDBD-C592-4C40-98EB-5D99C7FCFDB4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\APACHE\Apache.exe" --ntservice (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

LonnyRJones

2006-01-13, 17:03

Looks good

Post back in a couple days and let us know how the pc is please

snowywan

2006-01-13, 17:11

yup~~ sure..

Million thanks ya and a little donation to show my appreciation.
:bigthumb: :bigthumb: :bigthumb:

tashi

2006-01-16, 23:05

Thank you. :)
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please pm me or one of the forum mods.

Glad we could help.