1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Need some help...

Discussion in 'Malware and Virus Removal Archive' started by DavidLynch, 2007/03/31.

  1. 2007/03/31
    DavidLynch

    DavidLynch Inactive Thread Starter

    Joined:
    2007/03/31
    Messages:
    3
    Likes Received:
    0
    Windows explorer is taking up nearly 100MB of RAM according to the task manager, and I have this stupid pop up problem (virus or spyware, i'm not quite sure...) where broadcaster.com, mapquest.com, and many others decide to open in internet explorer (which i thought was gone from my pc altogether...)

    anyway, i was looking for some help on these matters. thanks in advance.

    hijack this log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 4:03:43 PM, on 3/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ASUS\Ai Booster\OverClk.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\David Lynch\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\gebyyax.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\ubynvxef.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FE6203C6-6D19-4AFD-B548-25FACE266241} - C:\WINDOWS\system32\pmnlm.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe "
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: gebyyax - C:\WINDOWS\SYSTEM32\gebyyax.dll
    O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Network Access (RASNAL) - Unknown owner - C:\WINDOWS\system32\lsnsvc.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 6192 bytes
     
    DavidLynch,
    #1
  2. 2007/03/31
    DavidLynch

    DavidLynch Inactive Thread Starter

    Joined:
    2007/03/31
    Messages:
    3
    Likes Received:
    0
    I ran VundoFix and SDfix...

    Here's the SDFix report:



    SDFix: Version 1.75

    Run by David Lynch - Sat 03/31/2007 - 17:03:31.26

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:





    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\system32\winsys.exe - Deleted
    C:\WINDOWS\Temp\removalfile.bat - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.


    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe "= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard "
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe "= "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo "
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\counter-strike source\\hl2.exe "= "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\counter-strike\\hl.exe "= "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher "
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\condition zero\\hl.exe "= "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher "
    "C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
    "C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\half-life 2 deathmatch\\hl2.exe "= "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2 "
    "C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe "= "C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate "
    "C:\\Program Files\\Quake III Arena\\quake3.exe "= "C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3 "
    "C:\\Program Files\\id Software\\Quake 4\\Quake4.exe "= "C:\\Program Files\\id Software\\Quake 4\\Quake4.exe:*:Enabled:Quake 4 "
    "C:\\Program Files\\BitTorrent\\bittorrent.exe "= "C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent "
    "C:\\Program Files\\Sierra\\FEAR\\FEAR.exe "= "C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR "
    "C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe "= "C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR "
    "C:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe "= "C:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe:*:Enabled:FEARXP "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
    "C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
    "C:\\Documents and Settings\\David Lynch\\Local Settings\\Temp\\Rar$EX00.016\\Ozzfest.exe "= "C:\\Documents and Settings\\David Lynch\\Local Settings\\Temp\\Rar$EX00.016\\Ozzfest.exe:*:Enabled:C:\\DOCUME~1\\DAVIDL~1\\LOCALS~1\\Temp\\Rar$EX00.016\\Ozzfest.exe "
    "C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
    "C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin "= "C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin:*:Enabled:rakion "
    "C:\\Program Files\\Xfire\\Xfire.exe "= "C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire "
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\condition zero deleted scenes\\hl.exe "= "C:\\Program Files\\Valve\\Steam\\SteamApps\\blackdog338\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher "
    "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe "= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2 "
    "C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe "= "C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe:*:Enabled:Comrade "
    "C:\\Documents and Settings\\David Lynch\\Local Settings\\Temp\\Rar$EX01.594\\Ozzfest.exe "= "C:\\Documents and Settings\\David Lynch\\Local Settings\\Temp\\Rar$EX01.594\\Ozzfest.exe:*:Enabled:C:\\DOCUME~1\\DAVIDL~1\\LOCALS~1\\Temp\\Rar$EX01.594\\Ozzfest.exe "


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
    "C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\All Users\Documents\Gw.exe
    C:\Documents and Settings\All Users\Documents\Gw.tmp
    C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~2B9.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~2C.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~38.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~4.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~5.tmp
    C:\Documents and Settings\David Lynch\Local Settings\Temp\~6.tmp

    Finished
     
    DavidLynch,
    #2


  3. to hide this advert.

  4. 2007/03/31
    DavidLynch

    DavidLynch Inactive Thread Starter

    Joined:
    2007/03/31
    Messages:
    3
    Likes Received:
    0
    I ran Nolop...it said I was clean.

    I ran vundofix again, that log is included here, along with the newest hijackthis log.


    VundoFix V4.2.22
    Scan started at 4:48:20 PM 3/31/2007

    Listing files found while scanning....


    C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.tmp
    C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\mlnmp.ini2
    C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\mlnmp.ini2
    C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.tmp
    C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\mlnmp.ini2
    C:\WINDOWS\system32\pmnlm.dll
    Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.tmp
    C:\WINDOWS\system32\mlnmp.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\mlnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.ini2
    C:\WINDOWS\system32\mlnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\pmnlm.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\pmnlm.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V4.2.22
    Scan started at 4:52:39 PM 3/31/2007

    Listing files found while scanning....


    No infected files were found.


    VundoFix V6.3.18

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 5:18:16 PM 3/31/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvtt.dll
    C:\WINDOWS\system32\efcdayv.dll
    C:\WINDOWS\system32\gebyyax.dll
    C:\WINDOWS\system32\khffggh.dll
    C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\ubynvxef.dll
    C:\WINDOWS\system32\vvwfkbil.dll
    C:\WINDOWS\system32\xxyawvw.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvtt.dll
    C:\WINDOWS\system32\awvtt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcdayv.dll
    C:\WINDOWS\system32\efcdayv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebyyax.dll
    C:\WINDOWS\system32\gebyyax.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khffggh.dll
    C:\WINDOWS\system32\khffggh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\mlnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\pmnlm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ubynvxef.dll
    C:\WINDOWS\system32\ubynvxef.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vvwfkbil.dll
    C:\WINDOWS\system32\vvwfkbil.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyawvw.dll
    C:\WINDOWS\system32\xxyawvw.dll Has been deleted!

    Performing Repairs to the registry.
    Done!




    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:32:35 PM, on 3/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\David Lynch\Desktop\killer.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1D8A00F6-53F7-4969-AD86-5919E6747984} - C:\WINDOWS\system32\pmnlm.dll (file missing)
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\vvwfkbil.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe "
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Network Access (RASNAL) - Unknown owner - C:\WINDOWS\system32\lsnsvc.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 6031 bytes
     
    DavidLynch,
    #3
  5. 2007/03/31
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums.

    I see you're running the new Trend Micro HijackThis! beta version. We in the forums prefer at this time not to use it, until they have ironed out all the wrinkles, so would you please download the older version, 1.99.1 and run a new log.

    Please download HijackThis! SetUp from here. Save the file to your desktop.

    Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

    Once installed, please rename the hijackthes.exe to any name of your choice, as long as it is something other than hijackthis.exe. Vundo like to hide itself from HJT.
    Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.
     
    TeMerc,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...