View Full Version : Integrity threats detected ?
I keep getting an annoying popup saying Integrity Threats Detected. I downloaded Trendmicro HJT and here is the log:
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:47 PM, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ACE8338-3D08-4995-B893-25F48D84C825} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Ouplyogt\melnhztz.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\nnnmnnn.dll (file missing)
O2 - BHO: (no name) - {FD48861F-4176-45FC-8BAD-FFB29A8A5051} - C:\WINDOWS\system32\awvvv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [pgnujclc] rundll32.exe "C:\Program Files\pgnujclc\jorcrido.dll",Init
O4 - HKLM\..\Run: [SystemRescue] rundll32.exe "C:\WINDOWS\system32\wcytmxmg.dll",sitypnow
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185607561061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185608998280
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-----------------
Any help would be appreciated.
- Jono
pskelley
2007-08-11, 16:06
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Hello Jono, now you know you need to provide more information than:
Integrity threats detected
http://www.google.com/search?hl=en&q=Integrity+Threats+Detected&btnG=Google+Search
HJT is a tool and we are not mind readers. You have obviously been fighting a Vundo infection. I wish to know what the symptoms of your infection are, what programs are telling you about this infection, what you have done so far, including the tools you have used. I would also like you to post any error messages you are receiving "word for word"
Since I lack information we will start with this tool:
Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Thanks
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Hello Jono, now you know you need to provide more information than:
Integrity threats detected
http://www.google.com/search?hl=en&q=Integrity+Threats+Detected&btnG=Google+Search
HJT is a tool and we are not mind readers. You have obviously been fighting a Vundo infection. I wish to know what the symptoms of your infection are, what programs are telling you about this infection, what you have done so far, including the tools you have used. I would also like you to post any error messages you are receiving "word for word"
Since I lack information we will start with this tool:
Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Thanks
Thanks pskelley. This is my first problem report, on my new PC, so here is a rundown of events.
Installed Windows XP+SP2, then installed Norton Internet Security 2006 and did a Live Update as soon as I had internet access. I started receiving many warning messages about Trojans, and I downloaded Spybot. This alerted me to many problems including Virtumonde, which was the only one it was unable to remove. I blamed Norton Internet Security, so I uninstalled it and replaced it with AVG 7.5. I run daily scans and have found no problems reported. But I still get the windows message "Integrity Threats Detected".
Below is the combofix log, followed by the HJT log:
Many thanks,
- Jono
-----combofix log ---------------------
2007-08-12 21:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 21:56 <DIR> d-------- C:\Program Files\GigaTribe
2007-08-12 21:56 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\GigaTribe
2007-08-12 21:22 <DIR> d-------- C:\DOCUME~1\Jonathan\Shared
2007-08-12 21:22 <DIR> d-------- C:\DOCUME~1\Jonathan\Incomplete
2007-08-12 21:21 <DIR> d-------- C:\DOCUME~1\Jonathan\.limewire
2007-08-12 21:20 <DIR> d-------- C:\Program Files\LimeWire
2007-08-12 11:13 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-12 11:13 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-08-12 11:13 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\BitTorrent
2007-08-12 11:12 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-12 10:25 <DIR> d-------- C:\Program Files\Skype
2007-08-12 10:25 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Skype
2007-08-12 10:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-11 18:36 <DIR> dr------- C:\My Pictures
2007-08-11 18:34 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-11 17:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 17:36 <DIR> d-------- C:\Books
2007-08-11 11:59 <DIR> d-------- C:\DOCUME~1\Jonathan\Contacts
2007-08-11 01:00 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-11 01:00 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-11 01:00 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-08-11 00:57 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-11 00:57 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-11 00:57 <DIR> d-------- C:\Program Files\XviD
2007-08-11 00:56 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-11 00:56 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-11 00:56 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-08-11 00:56 <DIR> d-------- C:\Program Files\DivX
2007-08-10 23:47 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-08-10 23:47 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-08-10 22:20 <DIR> d-------- C:\Blood Diamond
2007-08-10 11:01 <DIR> d-------- C:\WINDOWS\system32\iieldknh
2007-08-10 11:01 <DIR> d-------- C:\Program Files\SecCenter
2007-08-10 09:42 147,520 --a------ C:\WINDOWS\system32\wcytmxmg.dll
2007-08-10 09:42 <DIR> d-------- C:\DOCUME~1\Monica\APPLIC~1\Google
2007-08-10 09:41 <DIR> d-------- C:\Program Files\Ouplyogt
2007-08-10 09:39 <DIR> d-------- C:\Program Files\pgnujclc
2007-08-10 00:10 <DIR> d-------- C:\VundoFix Backups
2007-08-09 22:10 <DIR> d-------- C:\curbyourenthusiasm
2007-08-09 21:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-09 21:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-09 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-09 21:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-09 21:44 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Google
2007-08-09 21:13 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-09 21:13 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-09 21:13 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-09 21:04 <DIR> d-------- C:\ArrestedDevelopmentS2
2007-08-09 20:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-09 20:42 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-09 20:29 1,346 --a------ C:\WINDOWS\mozver.dat
2007-08-09 20:14 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-09 20:14 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-09 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-09 19:57 <DIR> d---s---- C:\DOCUME~1\Monica\UserData
2007-08-09 18:39 <DIR> d-------- C:\DOCUME~1\Monica\Contacts
2007-08-09 18:38 <DIR> d-------- C:\DOCUME~1\Monica\APPLIC~1\Talkback
2007-08-08 20:50 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Talkback
2007-08-08 20:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-07 21:35 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Ahead
2007-08-07 21:20 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-08-07 21:20 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-08-07 21:20 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-08-07 21:20 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-08-07 21:20 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-07 21:20 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe
2007-08-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-07 20:48 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-07 20:48 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-08-07 20:48 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-08-07 20:48 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-08-07 20:48 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-08-07 20:48 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-07 20:48 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-08-07 20:48 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-08-07 20:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-07 20:47 <DIR> d-------- C:\Program Files\Ahead
2007-08-05 22:14 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-05 22:14 <DIR> d-------- C:\Program Files\LucasArts
2007-08-05 22:14 <DIR> d-------- C:\DOCUME~1\Jonathan\WINDOWS
2007-08-04 17:53 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-08-04 17:49 <DIR> d-------- C:\EA Games Need For Speed Carbon 1.2
2007-08-04 17:40 <DIR> d-------- C:\Program Files\Electronic Arts
2007-08-04 17:33 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-08-02 18:16 <DIR> d-------- C:\DOCUME~1\Monica\APPLIC~1\Corel
2007-08-02 18:16 <DIR> d-------- C:\DOCUME~1\Monica\APPLIC~1\AdobeUM
2007-08-02 17:57 <DIR> d-------- C:\Program Files\HP DeskJet 710C Series
2007-07-30 23:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-30 23:45 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-30 23:25 <DIR> d-------- C:\Program Files\TextPad 5
2007-07-30 22:42 88 -r-hs---- C:\WINDOWS\system32\FE7F2B3D2A.sys
2007-07-30 22:42 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Corel
2007-07-30 22:42 <DIR> d-------- C:\apps
2007-07-30 13:33 <DIR> d-------- C:\p5b
2007-07-29 13:40 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-28 23:18 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 23:15 <DIR> d-------- C:\Program Files\ASUS
2007-07-28 23:13 94,848 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-07-28 23:13 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-04 17:46 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-17 01:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-06-23 16:48 32768 -ra------ C:\WINDOWS\inf\UpdateUSB.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ACE8338-3D08-4995-B893-25F48D84C825}]
C:\WINDOWS\system32\mljjh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D55F78D-57E0-7A56-9975-02E12506D1B4}]
2007-08-10 09:41 106496 --a------ C:\Program Files\Ouplyogt\melnhztz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
C:\WINDOWS\system32\nnnmnnn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD48861F-4176-45FC-8BAD-FFB29A8A5051}]
C:\WINDOWS\system32\awvvv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-03-22 12:50]
"nwiz"="nwiz.exe" [2007-03-22 12:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-03-22 12:50]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 20:55]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 08:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-24 07:42]
"pgnujclc"="C:\Program Files\pgnujclc\jorcrido.dll" [2007-08-10 09:39]
"SystemRescue"="C:\WINDOWS\system32\wcytmxmg.dll" [2007-08-10 09:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-10 23:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 22:08]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 18:53]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 09:11]
C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
GIGABYTE VGA Utility.lnk - C:\DOCUME~1\Jonathan\APPLIC~1\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2007-07-28 00:09:13]
GigaTribe.lnk - C:\Program Files\GigaTribe\gigatribe.exe [2007-08-12 21:56:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-07-28 00:16:18]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-28 01:06:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}"= C:\WINDOWS\system32\nnnmnnn.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-10 23:47 9216 C:\WINDOWS\system32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]
winuns32.dll
R0 iviVD;iviVD;C:\WINDOWS\system32\DRIVERS\iviVD.sys
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;C:\WINDOWS\system32\Drivers\avgmfx86.sys
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
*Newly Created Service* - PGFILTER
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 22:01:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Hello Jono, now you know you need to provide more information than:
Integrity threats detected
http://www.google.com/search?hl=en&q=Integrity+Threats+Detected&btnG=Google+Search
HJT is a tool and we are not mind readers. You have obviously been fighting a Vundo infection. I wish to know what the symptoms of your infection are, what programs are telling you about this infection, what you have done so far, including the tools you have used. I would also like you to post any error messages you are receiving "word for word"
Since I lack information we will start with this tool:
Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Thanks
AND here is the HJT log:
------------ HJT log --------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:48 PM, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SecCenter\scprot4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ACE8338-3D08-4995-B893-25F48D84C825} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Ouplyogt\melnhztz.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\nnnmnnn.dll (file missing)
O2 - BHO: (no name) - {FD48861F-4176-45FC-8BAD-FFB29A8A5051} - C:\WINDOWS\system32\awvvv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [pgnujclc] rundll32.exe "C:\Program Files\pgnujclc\jorcrido.dll",Init
O4 - HKLM\..\Run: [SystemRescue] rundll32.exe "C:\WINDOWS\system32\wcytmxmg.dll",sitypnow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185607561061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185608998280
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7443 bytes
One more log to post - I ran ad-aware and it detected a lot of cookies, and 3 other bugs.
-------- ad aware log--------
Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jonathan\Cookies\index.dat msnportal.112.2o7.net s_vi /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt revsci.net NETID01 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt revsci.net NETSEGS_E05510 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt revsci.net rsi_cls_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt revsci.net rsi_segs_1000000 /
Item Id: 600000179 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt atdmt.com AA002 /
Item Id: 600000101 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt overture.com CMUserData /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt divx.adbureau.net GUID /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt 2o7.net s_vi_x60gdx7C5 /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt 112.2o7.net s_vi_ox3Bgx7Dalhnl /
Item Id: 600000447 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt apmebf.com S /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt specificclick.net dmk /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt specificclick.net smc /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt specificclick.net smk /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt specificclick.net dmc /
Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt tribalfusion.com TfAdCountMap /
Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt tribalfusion.com TfAdCountDate /
Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt tribalfusion.com TfCtxtAdServer /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt serving-sys.com B2 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt serving-sys.com E2 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt serving-sys.com D3 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt serving-sys.com A2 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt serving-sys.com C3 /
Item Id: 600000171 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt bs.serving-sys.com eyeblaster /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt ad.yieldmanager.com ih /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt stats.adbrite.com AC1186757944 /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt stats.adbrite.com AX171431 /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt divx.112.2o7.net s_vi /
Item Id: 600000457 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt adopt.euroclick.com CTCI /
Item Id: 600000457 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt adopt.euroclick.com HS /
Item Id: 600000457 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt adopt.euroclick.com DMEXP /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt creview.adbureau.net GUID /
Item Id: 600000102 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt e-2dj6wakoelcjggq.stats.esomniture.com s_vi_1yx3Azx0Bx2Dyex27x0Bx3Cx0Bx2Efx0Bx24x26x0B690x3Ebx23x0Bx22x3Ax0Bx2Dyex27x0B1x0Bx2Efx0Bx24x26x0B5f0x3Ebx23x0B5x3Fx3B18x0B7x0Bx3Ex0B3x0B3x25x0B5x0Bx230x3Ebx2Cmx3Ax0Bx2Dyex271x0Bx25yfyf /
Item Id: 600000102 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt e-2dj6wglyuoazgfo.stats.esomniture.com s_vi_6x7Ex3Dx7Dx0Cx2Ax7Ebx20x0Cx3Bx0Cx29ax0Cx23x21x0C1x3E79ex24x0Cx25x3Dx0Cx2Ax7Ebx20x0C6x0Cx29ax0Cx23x21x0C2a79ex24x0C4x3Fx0Cx2Ax26x3Cx0C2x0Cx29x0C4x0C5x3C4e79ex2Bjx3Dx0Cx2Ax7Ebx206x0Cx22x7Eax7Ea /
Item Id: 600000664 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt fileforum.betanews.com __utmz /
Item Id: 600000664 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt fileforum.betanews.com __utma /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt msnservices.112.2o7.net s_vi /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles/urpju2ae.default\cookies.txt paypal.112.2o7.net s_vi /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Jonathan\Recent Count: 44
Item Id: 2 Value: MRU Registry Key: S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 1
pskelley
2007-08-12, 14:56
In response to your latest post, please post only what I request, this is Safer Networking (Spybot S&D forum), if you wish a link to the Lavasoft Ad-aware forum, request it and I will provide it. I would be glad to supply information about how to clean cookies if you wish also.
----------------------------------------
Thanks for returning your information, please DO NOT quote my instructions, I know what I posted and the information is there to scroll to.
This is my first problem report, on my new PC
The first thing I wish to mention, if the computer is under warranty, just about anything you do will invalidate that warranty, have you discussed these issues with technical support?
Integrity Threats Detected <<< this may be malware trying to get you to install junk (fraud) if it was a legitimate Windows message you would get more information that that. I have already posted the Google on those three words.
At the top of the combofix log, information appears to be missing that I need to see? Would you look to see if you neglected to copy/paste that part. Please DO NOT post the complete log again, I need only what is above:
2007-08-12 21:59 51,200 --a------ C:\WINDOWS\nircmd.exe <<< that line
What can you tell me about this program: C:\Program Files\SecCenter\scprot4.exe
A scan of the file in red is not conclusive:
http://www.google.com/search?hl=en&q=scprot4.exe&btnG=Google+Search
http://www.spywarewarrior.com/rogue_anti-spyware.htm
C:\Program Files\LimeWire\LimeWire.exe
For your information: http://forums.spybot.info/showthread.php?t=282
http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
Since AVG antivirus appears to be your program of choice, I suggest you at least disable this Symantec item you have running in your services:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Let's clean the junk I see and see what happens:
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Start > Control Panel > Add Remove programs and uninstall: Ouplyogt or pgnujclc if there.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(if you set your StartPage to "Blank" on purpose, leve the first item)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2ACE8338-3D08-4995-B893-25F48D84C825} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Ouplyogt\melnhztz.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\nnnmnnn.dll (file missing)
O2 - BHO: (no name) - {FD48861F-4176-45FC-8BAD-FFB29A8A5051} - C:\WINDOWS\system32\awvvv.dll (file missing)
O4 - HKLM\..\Run: [pgnujclc] rundll32.exe "C:\Program Files\pgnujclc\jorcrido.dll",Init
O4 - HKLM\..\Run: [SystemRescue] rundll32.exe "C:\WINDOWS\system32\wcytmxmg.dll",sitypnow
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\Ouplyogt\ <<< delete that folder
C:\Program Files\pgnujclc\ <<< delete that folder
C:\WINDOWS\system32\wcytmxmg.dll <<< delete that file
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the information missing from combofix, and information I requested, and a new HJT log. Keep me posted on the performance of your computer.
Thanks
I installed Avast home edition and ran a scan. I think the problem is now fixed, seeing as this scanner seemed to detect the problem and delete the affected files:
---------
12/08/2007 11:05:03 PM Jonathan 1476 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\WINDOWS\system32\wcytmxmg.dll" file.
12/08/2007 11:08:00 PM Jonathan 1484 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\WINDOWS\system32\wcytmxmg.dll" file.
12/08/2007 11:10:13 PM Jonathan 2676 Sign of "Win32:Trojano-1165 [Trj]" has been found in "c:\windows\system32\wcytmxmg.dll" file.
12/08/2007 11:17:24 PM Jonathan 960 Sign of "Win32:VB-ABF [Trj]" has been found in "C:\apps\acdsee\ACD.Systems.ACDSee.v8.0.Keymaker.Only-ZWT\Keygen.exe" file.
12/08/2007 11:30:57 PM Jonathan 2056 Sign of "Win32:Vundo-gen49 [Adw]" has been found in "C:\Documents and Settings\Monica\Local Settings\Temp\egwhcljb.dll" file.
12/08/2007 11:31:16 PM Jonathan 2056 Sign of "Win32:Vundo-gen49 [Adw]" has been found in "C:\Documents and Settings\Monica\Local Settings\Temp\qhyihhfc.dll" file.
12/08/2007 11:48:35 PM Jonathan 2056 Sign of "Win32:Vundo-gen47 [Adw]" has been found in "C:\System Volume Information\_restore{6EE2DA6A-AE6E-4DDB-89E6-604E18023D61}\RP61\A0015333.dll" file.
12/08/2007 11:48:49 PM Jonathan 2056 Sign of "Win32:Vundo-gen47 [Adw]" has been found in "C:\System Volume Information\_restore{6EE2DA6A-AE6E-4DDB-89E6-604E18023D61}\RP65\A0020428.dll" file.
12/08/2007 11:49:09 PM Jonathan 2056 Sign of "Win32:VB-ABF [Trj]" has been found in "C:\System Volume Information\_restore{6EE2DA6A-AE6E-4DDB-89E6-604E18023D61}\RP68\A0021192.exe" file.
12/08/2007 11:49:44 PM Jonathan 2056 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\System Volume Information\_restore{6EE2DA6A-AE6E-4DDB-89E6-604E18023D61}\RP76\A0023598.dll" file.
12/08/2007 11:49:44 PM Jonathan 2056 Sign of "Win32:VB-ABF [Trj]" has been found in "C:\System Volume Information\_restore{6EE2DA6A-AE6E-4DDB-89E6-604E18023D61}\RP76\A0024611.exe" file.
12/08/2007 11:49:51 PM Jonathan 2056 Sign of "Win32:Vundo-gen47 [Adw]" has been found in "C:\VundoFix Backups\awvvv.dll.bad" file.
12/08/2007 11:49:51 PM Jonathan 2056 Sign of "Win32:Vundo-gen47 [Adw]" has been found in "C:\VundoFix Backups\mljjh.dll.bad" file.
pskelley
2007-08-12, 16:04
Whatever you say, I can help only when my directions are followed. I wish you safe surfing:bigthumb:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
In response to your latest post, please post only what I request, this is Safer Networking (Spybot S&D forum), if you wish a link to the Lavasoft Ad-aware forum, request it and I will provide it. I would be glad to supply information about how to clean cookies if you wish also.
----------------------------------------
Thanks for returning your information, please DO NOT quote my instructions, I know what I posted and the information is there to scroll to.
The first thing I wish to mention, if the computer is under warranty, just about anything you do will invalidate that warranty, have you discussed these issues with technical support?
Integrity Threats Detected <<< this may be malware trying to get you to install junk (fraud) if it was a legitimate Windows message you would get more information that that. I have already posted the Google on those three words.
At the top of the combofix log, information appears to be missing that I need to see? Would you look to see if you neglected to copy/paste that part. Please DO NOT post the complete log again, I need only what is above:
2007-08-12 21:59 51,200 --a------ C:\WINDOWS\nircmd.exe <<< that line
What can you tell me about this program: C:\Program Files\SecCenter\scprot4.exe
A scan of the file in red is not conclusive:
http://www.google.com/search?hl=en&q=scprot4.exe&btnG=Google+Search
http://www.spywarewarrior.com/rogue_anti-spyware.htm
C:\Program Files\LimeWire\LimeWire.exe
For your information: http://forums.spybot.info/showthread.php?t=282
http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
Since AVG antivirus appears to be your program of choice, I suggest you at least disable this Symantec item you have running in your services:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Let's clean the junk I see and see what happens:
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Start > Control Panel > Add Remove programs and uninstall: Ouplyogt or pgnujclc if there.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(if you set your StartPage to "Blank" on purpose, leve the first item)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2ACE8338-3D08-4995-B893-25F48D84C825} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Ouplyogt\melnhztz.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\nnnmnnn.dll (file missing)
O2 - BHO: (no name) - {FD48861F-4176-45FC-8BAD-FFB29A8A5051} - C:\WINDOWS\system32\awvvv.dll (file missing)
O4 - HKLM\..\Run: [pgnujclc] rundll32.exe "C:\Program Files\pgnujclc\jorcrido.dll",Init
O4 - HKLM\..\Run: [SystemRescue] rundll32.exe "C:\WINDOWS\system32\wcytmxmg.dll",sitypnow
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\Ouplyogt\ <<< delete that folder
C:\Program Files\pgnujclc\ <<< delete that folder
C:\WINDOWS\system32\wcytmxmg.dll <<< delete that file
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the information missing from combofix, and information I requested, and a new HJT log. Keep me posted on the performance of your computer.
Thanks
-----------
Okay here goes:
#1 / The Combofix log was missing the following:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Jonathan\APPLIC~1\install.dat
C:\DOCUME~1\Monica\APPLIC~1\install.dat
((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))
#2 / Done
#3 / Neither applications were listed. None removed.
#4 / Done.
#5 / Could not delete these two directories: Access denied
C:\Program Files\Ouplyogt\
C:\Program Files\pgnujclc\
I ran ATF cleaner and will reboot now and post the HJT log.
Thanks for your excellent support.
Finally, I rebooted and then I could delete the following two directories.
C:\Program Files\Ouplyogt\ <<< delete that folder
C:\Program Files\pgnujclc\ <<< delete that folder
I ran HJT and here is the log:
-----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:41 AM, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185607561061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185608998280
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7028 bytes
pskelley
2007-08-12, 16:34
Let's clean the air here a bit, keep in mind I am helping because I want to not because I have to, my services are volunteered.
I need only that you follow directions which you seem to have difficulty with. The instructions indicate what is supposed to be posted. I requested that:
Thanks for returning your information, please DO NOT quote my instructions, I know what I posted and the information is there to scroll to.and you either did not bother to read it or ignored the instructions.
Working a remote repair like this is hard enough when the directions are followed. You are even downloading new programs in the middle of the repair without even asking it this is the correct proceedure. This is Sunday, I will take the balance of the day off (retired) I would appreciate it if you would read all directions and then post to let me know if we should proceed?
Thanks...Phil
pskelley
2007-08-18, 02:16
No response since 8/12/2007, topic is closed
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.