Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Control Panel Is Gone - Blocked By Admin


  • Please log in to reply
6 replies to this topic

#1 powell1294

powell1294

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 09 August 2007 - 09:26 PM

Hello, I am not very efficient in computer technology. I have invest a few days in trying to haggle through this mess that I was left with due to a heft combination of viruses/trojans.

I have looked at your site and perused many help topics and I have been able to fix several things thus far....

I did get my browser back in good standing as it was hijacked. I did get the REGedit command to work, finally. I did get my documents (files) back into view through the start-my documents. I have finally gotten rid of all of the "bad stuff" that was wreaking havoc. I know that a big part of the initial problems were due to the WinAntiVirusPro stuff.

I still am unable to access my control panel as it has disappeared from my start menu. When I try to access control panel in the run command, it still states that it is being blocked by the admin....I am the admin. Also, when the computer reboots, it skips right past my user name, password screen.

Here is what I have done thus far, downloaded and ran AdAware, SpyBot, Panda ActiveScanPro, McAfee Avert Stinger. All are now finding nothing when they run.

I installed a firewall with Zone Alarm.

I updated Windows security through Mircrosoft.

I ran HJT and will post the log below.

I might also add that I did run a check for Vundo which produced nothing. I also ran SmitFraudFix and it did find some bugs and such and I went through the process of searching/deleting infected files, cleaning registry and restoring thr trusted zone.

In closing, I think that most everything is in good condition (although I will not be certain until I get the verdit from some of you experts). I still have the issue of not utilizing my control panel and not being able to gain access to it or even see it.

Here is the log from HJT -- any and all suggestions and help will greatly be appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:59 PM, on 8/9/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT.PRO\System32\smss.exe
C:\WINNT.PRO\system32\winlogon.exe
C:\WINNT.PRO\system32\services.exe
C:\WINNT.PRO\system32\lsass.exe
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe
C:\WINNT.PRO\system32\LEXBCES.EXE
C:\WINNT.PRO\system32\spoolsv.exe
C:\WINNT.PRO\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT.PRO\System32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT.PRO\system32\regsvc.exe
C:\WINNT.PRO\system32\MSTask.exe
C:\WINNT.PRO\System32\ScsiAccess.EXE
C:\WINNT.PRO\system32\stisvc.exe
C:\WINNT.PRO\System32\WBEM\WinMgmt.exe
C:\WINNT.PRO\Explorer.EXE
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT.PRO\system32\clcl14.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT.PRO\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT.PRO\system32\control.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINNT.PRO\system32\vtr351.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT.PRO\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT.PRO\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT.PRO\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [clcl14] C:\WINNT.PRO\system32\clcl14.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT.PRO\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O12 - Plugin for .m1v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} - http://a19.g.akamai.net/7/19/7125/1269/ftp.../v6/brix6ie.cab
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4DB79B88-84B2-11D3-81B4-525400E7AB54} (Axe Control) - http://www.picturebuzz.com/picturebuzz/dp/release/axe.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185315677343
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - AppInit_DLLs: C:\WINNT.PRO\system32\hrum135.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT.PRO\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT.PRO\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT.PRO\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT.PRO\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT.PRO\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe

--
End of file - 10233 bytes

BC AdBot (Login to Remove)

 


#2 powell1294

powell1294
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 09 August 2007 - 09:35 PM

Also, I forgot to state that I am running Widows 2000 Pro.

Thanks again

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:36 AM

Posted 12 August 2007 - 03:48 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINNT.PRO\system32\vtr351.dll
O4 - HKLM\..\Run: [clcl14] C:\WINNT.PRO\system32\clcl14.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - AppInit_DLLs: C:\WINNT.PRO\system32\hrum135.txt

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'. In the field, copy and paste the filepath a few lines below.
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes:
C:\WINNT.PRO\system32\hrum135.txt

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINNT.PRO\system32\clcl14.exe
C:\WINNT.PRO\system32\vtr351.dll

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back into normal mode.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and see if you are able to access your control panel now. Don't forget to post the logs... :thumbsup:

Edited by D-Trojanator, 12 August 2007 - 03:48 AM.


#4 powell1294

powell1294
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 13 August 2007 - 04:56 PM

Thanks....I just sent you another message regarding Firefox. I downloaded it and converted my settings from IE ---> it was pretty painless :thumbsup:

Okay...here are the logs:

ComboFix 07-08-09.3 - "Administrator" 08/13/2007 17:10:30.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.51 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\..\err.log
C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\DriveCleaner Freeware
C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\DriveCleaner Freeware\Logs\update.log
C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1.\salesmonitor
C:\WINNT.PRO\144.exe
C:\WINNT.PRO\DOWNLO~1\UPRP_0001_D21M1501NetInstaller.exe
C:\WINNT.PRO\system32\2_exception.nls
C:\WINNT.PRO\system32\clcl14.exe
C:\WINNT.PRO\system32\credgui.dll
C:\WINNT.PRO\system32\gdip32.dll
C:\WINNT.PRO\system32\mcert.dll
C:\WINNT.PRO\system32\netp.dll
C:\WINNT.PRO\system32\plus32.ocx
C:\WINNT.PRO\system32\pmcrt.dll
C:\WINNT.PRO\system32\pstore.dll
C:\WINNT.PRO\system32\ws_imod.dll
C:\WINNT.PRO\system32\wsock.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-11 21:33 <DIR> drahs---- C:\autorun.inf
2007-08-11 21:32 51,200 --a------ C:\WINNT.PRO\nircmd.exe
2007-08-11 09:43 <DIR> d-------- C:\unzipped
2007-08-11 09:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\WinZip
2007-08-09 21:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-09 21:01 75,932 --a------ C:\WINNT.PRO\system32\drivers\klick.dat
2007-08-09 21:01 75,248 --a------ C:\WINNT.PRO\zllsputility.exe
2007-08-09 21:01 74,396 --a------ C:\WINNT.PRO\system32\drivers\klin.dat
2007-08-09 21:01 4,212 ---h----- C:\WINNT.PRO\system32\zllictbl.dat
2007-08-09 21:01 14,368 --ahs---- C:\WINNT.PRO\system32\drivers\fidbox.dat
2007-08-09 21:01 110,360 --a------ C:\WINNT.PRO\system32\drivers\kl1.sys
2007-08-09 21:01 11,264 --a------ C:\WINNT.PRO\system32\SpOrder.dll
2007-08-09 21:01 1,312 --ahs---- C:\WINNT.PRO\system32\drivers\fidbox2.dat
2007-08-09 21:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\MailFrontier
2007-08-09 21:00 1,086,952 --a------ C:\WINNT.PRO\system32\zpeng24.dll
2007-08-09 21:00 <DIR> d-a------ C:\WINNT.PRO\Internet Logs
2007-08-09 21:00 <DIR> d-------- C:\WINNT.PRO\system32\ZoneLabs
2007-08-09 13:26 <DIR> d-------- C:\WINNT.PRO\system32\ActiveScan
2007-08-09 11:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\Lavasoft
2007-08-09 10:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\Spybot - Search & Destroy
2007-08-09 08:07 <DIR> d-------- C:\VundoFix Backups
2007-08-08 14:11 3,448 --a------ C:\WINNT.PRO\system32\tmp.reg
2007-08-08 12:43 3,072 --a------ C:\WINNT.PRO\izonq.exe
2007-08-08 12:38 3,072 --a------ C:\WINNT.PRO\ryr.exe
2007-08-08 09:50 <DIR> d-------- C:\Program Files\XoftSpySE
2007-08-08 08:41 3,072 --a------ C:\WINNT.PRO\qcwpid.exe
2007-08-08 08:38 419,840 --a------ C:\WINNT.PRO\system32\AClient.dll
2007-08-08 08:37 3,072 --a------ C:\WINNT.PRO\oyzbt.exe
2007-08-08 08:00 58,368 --a------ C:\WINNT.PRO\Unwash6.exe
2007-08-08 07:43 <DIR> d-------- C:\Program Files\RegCure
2007-08-08 07:32 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Freeware
2007-08-07 16:41 37,376 --a------ C:\WINNT.PRO\system32\vtr135.dll
2007-08-05 16:16 401,462 --a------ C:\WINNT.PRO\system32\MSVCP60.DLL
2007-08-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Broderbund
2007-08-01 09:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.unlimitedftp
2007-07-24 18:19 <DIR> d-------- C:\WINNT.PRO\system32\BITS
2007-07-24 18:16 549,720 --a------ C:\WINNT.PRO\system32\wuapi.dll
2007-07-24 18:16 43,352 --a------ C:\WINNT.PRO\system32\wups2.dll
2007-07-24 18:16 33,624 --a------ C:\WINNT.PRO\system32\wups.dll
2007-07-24 18:16 325,976 --a------ C:\WINNT.PRO\system32\wucltui.dll
2007-07-24 18:15 <DIR> d-------- C:\WINNT.PRO\SoftwareDistribution
2007-07-23 16:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\ProPicThumbs
2007-07-22 07:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-22 07:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 07:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 07:39 <DIR> d-------- C:\WINNT.PRO\winsxs
2007-07-22 07:39 <DIR> d-------- C:\WINNT.PRO\PCHEALTH
2007-07-22 07:33 <DIR> d--h-c--- C:\WINNT.PRO\$MSI30UninstallMSI30-KB884016$
2007-07-22 07:26 <DIR> d-------- C:\Program Files\ProPic
2007-07-22 07:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.PRO\APPLIC~1\yahoo!


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

99-12-07 08:00 32528 --a------ C:\WINNT.PRO\inf\wbfirdma.sys
07-08-10 08:55 2071 --a------ C:\WINNT.PRO\panose.bin
07-08-09 21:06 1244 --ahs---- C:\WINNT.PRO\system32\drivers\fidbox.idx
07-08-09 21:06 1196 --ahs---- C:\WINNT.PRO\system32\drivers\fidbox2.idx
07-08-09 15:28 --------- d-------- C:\Program Files\ZipCentral
07-08-09 15:26 --------- d-------- C:\Program Files\NavNT
07-08-09 15:25 --------- d-------- C:\Program Files\Messenger
07-08-09 15:25 --------- d-------- C:\Program Files\Lexmark X5100 Series
07-08-09 11:34 --------- d-------- C:\Program Files\Lavasoft
07-08-09 11:32 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
07-08-06 17:53 --------- d-a------ C:\Program Files\Common Files\Motive
07-08-05 16:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-05 16:16 --------- d-------- C:\Program Files\Broderbund
07-07-24 18:16 --------- d-ah----- C:\Program Files\WindowsUpdate
07-07-24 08:56 --------- d-------- C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\Yahoo!
07-07-22 07:37 --------- d-------- C:\Program Files\Yahoo!
07-07-06 17:37 12416 --a------ C:\WINNT.PRO\system32\drivers\ldhbdzyj.sys
07-05-21 22:14 9728 --a------ C:\WINNT.PRO\system32\rcpdi.dll
07-05-21 22:14 8704 --a------ C:\WINNT.PRO\system32\dcpnet.dll
07-05-21 22:14 8192 --a------ C:\WINNT.PRO\system32\msiphelp.dll
07-05-21 22:14 8192 --a------ C:\WINNT.PRO\system32\browse.dll
07-05-21 22:14 5632 --a------ C:\WINNT.PRO\system32\ftpsys.dll
07-03-13 15:58 56912 --a------ C:\WINNT.PRO\java\g2mdlhlpx.exe
06-08-09 10:12 45448 --a------ C:\DOCUME~1\ADMINI~1.NLS\APPLIC~1\GDIPFONTCACHEV1.DAT
03-03-30 22:53 1361800 --a------ C:\Program Files\zcsetup.exe
03-02-02 09:07 13736688 --a------ C:\Program Files\AcroReader51_ENU_full.exe
03-02-01 13:38 5147448 --a------ C:\Program Files\EasyLettersPro.exe
03-01-29 09:59 464467 --a------ C:\Program Files\namerazor.exe
03-01-20 00:06 83310 --a------ C:\Program Files\Corbis_Pictures_2nd_batch.zip
03-01-19 18:44 122368 --a------ C:\Program Files\Visio_2002_Charts_and_Graphs.doc
03-01-19 18:04 219572 --a------ C:\Program Files\3DhbargraphEval.zip
03-01-19 17:54 9009 --a------ C:\Program Files\3DgraphEval.zip
03-01-19 17:34 23071850 --a------ C:\Program Files\PCXPRESS.exe
03-01-19 11:13 181244 --a------ C:\Program Files\Corbis_Pictures_164962.zip
03-01-19 11:11 181362 --a------ C:\Program Files\Corbis_Pictures_164962.exe
03-01-19 07:53 44550 --a------ C:\Program Files\CB010778_640x427.jpg
03-01-19 07:53 11978 --a------ C:\Program Files\CB057419_256x172.jpg
03-01-19 07:53 11360 --a------ C:\Program Files\AX012652_256x172.jpg
03-01-13 13:25 67253473 --a------ C:\Program Files\pagemaker.exe
03-01-13 08:17 5389760 --a------ C:\Program Files\ExpressZip.exe
03-01-13 08:14 472621 --a------ C:\Program Files\easydtp.zip
02-12-06 17:20 271 ---h----- C:\Program Files\desktop.ini
02-12-06 17:20 21952 ---h----- C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 08:00 C:\WINNT.PRO\system32\mobsync.exe]
"NvCplDaemon"="RUNDLL32.exe" [99-12-07 08:00 C:\WINNT.PRO\system32\rundll32.exe]
"nwiz"="nwiz.exe" [02-11-18 15:15 C:\WINNT.PRO\system32\nwiz.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [01-09-24 08:59 ]
"LoadQM"="loadqm.exe" [00-05-03 18:23 C:\WINNT.PRO\loadqm.exe]
"HPDJ Taskbar Utility"="C:\WINNT.PRO\System32\spool\drivers\w32x86\3\hpztsb04.exe" [01-11-06 11:49 ]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [01-10-05 20:34 ]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [01-08-23 17:52 ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [01-08-17 00:41 ]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [02-12-16 07:10 ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [03-11-14 09:47 ]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [06-07-21 16:19 ]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [03-12-10 05:52 ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [05-06-06 23:46 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-06-21 21:54 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [01-04-11 15:02 ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07-06-07 14:08 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users.WINNT.PRO\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2003-02-10 15:15:17]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-01-10 22:59:57]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINNT.PRO\system32\hrum135.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 DcCam;Kodak Camera Proxy;C:\WINNT.PRO\system32\DRIVERS\DcCam.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINNT.PRO\system32\drivers\dcfs2k.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\NavNT\NAVAPEL.SYS
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
R2 ptssvc;ptssvc;C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINNT.PRO\system32\DRIVERS\ntspppoe.sys
S1 Exportit;Exportit;C:\WINNT.PRO\system32\DRIVERS\exportit.sys
S3 3cpciadi;3Com Windows Modem Driver PCI ADI;C:\WINNT.PRO\system32\DRIVERS\3cpciadi.sys
S3 DcFpoint;DcFpoint;C:\WINNT.PRO\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINNT.PRO\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINNT.PRO\system32\DRIVERS\DcPTP.sys
S3 MPE;BDA MPE Filter;C:\WINNT.PRO\system32\DRIVERS\MPE.sys
S3 NAVAP;NAVAP;\??\C:\Program Files\NavNT\NAVAP.sys
S3 NTSTAP1;NTSTAP1;\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTAP1.SYS
S3 RAWESR;RAWESR;\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS
S4 ATMsrvc;ATM Service;C:\WINNT.PRO\System32\ATMsrvc.exe

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-13 21:18:04 C:\WINNT.PRO\Tasks\RegCure Program Check.job
2007-08-09 07:00:01 C:\WINNT.PRO\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-13 21:17:51 C:\WINNT.PRO\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-11 11:32:48 C:\WINNT.PRO\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 17:16:16
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{796DCF02-2634-2469-3C83-3199751768E0}]
"najbfojapijhgffmcplinifclckn?"=hex:6a,61,66,6b,65,67,6f,68,6b,65,70,69,64,64,6a,62,6f,63,6b,70,00,..
"mapeapmbpdndoofccllcmjiohk?"=hex:6a,61,65,6b,66,67,67,6f,64,67,67,6b,6b,63,62,67,62,6d,6e,62,00,..
"gboklcjnbaifbooddcfgbfninlkjgjdihhhaaaalnpcofc?"=hex:66,61,66,6b,69,66,6d,66,64,69,6f,6d,00,f3

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 17:19:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-13 17:19

--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:59 PM, on 8/13/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT.PRO\System32\smss.exe
C:\WINNT.PRO\system32\winlogon.exe
C:\WINNT.PRO\system32\services.exe
C:\WINNT.PRO\system32\lsass.exe
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe
C:\WINNT.PRO\system32\LEXBCES.EXE
C:\WINNT.PRO\system32\spoolsv.exe
C:\WINNT.PRO\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT.PRO\System32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT.PRO\system32\regsvc.exe
C:\WINNT.PRO\system32\MSTask.exe
C:\WINNT.PRO\System32\ScsiAccess.EXE
C:\WINNT.PRO\system32\stisvc.exe
C:\WINNT.PRO\System32\WBEM\WinMgmt.exe
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\Explorer.EXE
C:\WINNT.PRO\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT.PRO\system32\mobsync.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT.PRO\system32\wuauclt.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT.PRO\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT.PRO\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT.PRO\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT.PRO\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m1v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} - http://a19.g.akamai.net/7/19/7125/1269/ftp.../v6/brix6ie.cab
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4DB79B88-84B2-11D3-81B4-525400E7AB54} (Axe Control) - http://www.picturebuzz.com/picturebuzz/dp/release/axe.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185315677343
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - AppInit_DLLs: C:\WINNT.PRO\system32\hrum135.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT.PRO\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT.PRO\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT.PRO\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT.PRO\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT.PRO\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe

--
End of file - 9583 bytes


I'll await your next course of action!

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:36 AM

Posted 14 August 2007 - 06:16 AM

Good work! Let's continue.. :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O20 - AppInit_DLLs: C:\WINNT.PRO\system32\hrum135.txt

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINNT.PRO\izonq.exe
C:\WINNT.PRO\ryr.exe
C:\WINNT.PRO\qcwpid.exe
C:\WINNT.PRO\qcwpid.exe
C:\WINNT.PRO\oyzbt.exe
C:\Program Files\Common Files\DriveCleaner Freeware
C:\WINNT.PRO\system32\vtr135.dll
C:\WINNT.PRO\system32\hrum135.txt
C:\WINNT.PRO\system32\drivers\ldhbdzyj.sys


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-

Save this as "fix2.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Also please post a new standard Hijackthis log!

#6 powell1294

powell1294
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 14 August 2007 - 07:43 AM

Wow, I was surprised that you got back to me this AM as I thought it would be much later in the day.

At any rate, I appreciate it greatly. I got started right away and followed your instructions. Here are the new logs that you requested.

Take care and I'll look forward to your next post.

ABBYY FineReader 5.0 Sprint
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Illustrator 10.0.3
Adobe PageMaker 7.0
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Adobe® Photoshop® Album Starter Edition 3.0
Algolab Photo Vector v. 1.97
aspi
AT&T Yahoo! Applications
CCHelp
CCScore
ClickArt Fonts 3
CR2
DirectX 8 Hotfix - KB839643
EnterNet 300
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ExpressZip
FaxTools
HijackThis 2.0.2
Kodak EasyShare software
KSU
Leap Ahead Phonics Ages 4-7
Lexmark X5100 Series
Microsoft .NET Framework 2.0
Microsoft Office PowerPoint Viewer 2003
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Mozilla Firefox (2.0.0.6)
MSN Messenger Service 3.6
Norton AntiVirus Corporate Edition
Notifier
NVIDIA Windows 2000/XP Display Drivers
OTtBP
Panda ActiveScan
PCDLNCH
pictureBUZZ
ProPicHosting Manager 1.0
QuickTime
RealPlayer Basic
RegCure 1.4.0.4
SBC Self Support Tool
SFR
SFR2
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB871250
Windows 2000 Hotfix - KB873339
Windows 2000 Hotfix - KB885835
Windows 2000 Hotfix - KB885836
Windows 2000 Hotfix - KB890175
Windows 2000 Hotfix - KB891711
Windows 2000 Hotfix (Pre-SP4) [See Q321856 for more information]
Windows 2000 Hotfix (Pre-SP4) [See q323172 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326830 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326886 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329115 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329834 for more information]
Windows 2000 Hotfix (Pre-SP4) Q329170
Windows 2000 Hotfix (Pre-SP4) Q810833
Windows 2000 Hotfix (SP4) KB810217
Windows 2000 Hotfix (SP4) KB817606
Windows 2000 Hotfix (SP4) Q329553
Windows 2000 Hotfix (SP4) Q814033
Windows Blaster Worm Removal Tool (KB833330)
Windows Installer 3.0 (KB884016)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
WinZip 11.1
XoftSpySE
ZipCentral 4.01
ZoneAlarm



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:19 AM, on 8/14/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT.PRO\System32\smss.exe
C:\WINNT.PRO\system32\winlogon.exe
C:\WINNT.PRO\system32\services.exe
C:\WINNT.PRO\system32\lsass.exe
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe
C:\WINNT.PRO\system32\LEXBCES.EXE
C:\WINNT.PRO\system32\spoolsv.exe
C:\WINNT.PRO\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\system32\drivers\KodakCCS.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT.PRO\System32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT.PRO\system32\regsvc.exe
C:\WINNT.PRO\system32\MSTask.exe
C:\WINNT.PRO\System32\ScsiAccess.EXE
C:\WINNT.PRO\system32\stisvc.exe
C:\WINNT.PRO\System32\WBEM\WinMgmt.exe
C:\WINNT.PRO\system32\svchost.exe
C:\WINNT.PRO\System32\svchost.exe
C:\WINNT.PRO\Explorer.EXE
C:\WINNT.PRO\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT.PRO\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT.PRO\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT.PRO\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT.PRO\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT.PRO\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m1v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} - http://a19.g.akamai.net/7/19/7125/1269/ftp.../v6/brix6ie.cab
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4DB79B88-84B2-11D3-81B4-525400E7AB54} (Axe Control) - http://www.picturebuzz.com/picturebuzz/dp/release/axe.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185315677343
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT.PRO\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT.PRO\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT.PRO\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT.PRO\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT.PRO\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT.PRO\system32\ZoneLabs\vsmon.exe

--
End of file - 9493 bytes

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:36 AM

Posted 14 August 2007 - 08:29 AM

Great! Things are looking a lot better!

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users