Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans And Malware Problem


  • Please log in to reply
4 replies to this topic

#1 wompuscat

wompuscat

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 06 December 2007 - 02:01 AM

Please help me with the following log. I posted on the thread "Am I infected, ran the vundo removal and was finally able to get a hjt log saved. Still not working properly.

I also have installed Sygate firewall and have cool.exe and scpro4t.exe blocked.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:57 PM, on 12/5/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
F:\winnt\System32\smss.exe
F:\winnt\system32\csrss.exe
F:\winnt\system32\winlogon.exe
F:\winnt\system32\services.exe
F:\winnt\system32\lsass.exe
F:\winnt\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
F:\winnt\System32\WBEM\WinMgmt.exe
F:\winnt\Explorer.EXE
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] F:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [io43mvuiw4kj] F:\winnt\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [cdwxmluj] rundll32.exe "C:\Program Files\xynorexq\pajuxcxu.dll",Init
O4 - HKLM\..\Run: [{23-35-51-1D-ZN}] F:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [xarcpoby] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\xarcpoby.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [tufyhunc] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\tufyhunc.dll"
O4 - HKLM\..\Run: [rifojobc] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\rifojobc.dll"
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\smc.exe -startgui
O4 - HKLM\..\Run: [srghebih] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll"
O4 - HKLM\..\Run: [445235b2] rundll32.exe "F:\winnt\system32\bckviklt.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA8943] command /c del "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3499] cmd /c del "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Toao] "F:\winnt\system32\YMBOLS~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Zrgukxu] "C:\Program Files\A?pPatch\m?dtc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7582] command /c del "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8201] cmd /c del "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll_tobedeleted"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = F:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\winnt\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\winnt\bdoscandel.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196638768018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196638752526
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.smugmug.com/photos/activex/I...der4-082807.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\winnt\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\winnt\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\winnt\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 9765 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 07 December 2007 - 06:11 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum wompuscat
My name is Richie and i'll be helping you to fix your problems.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you have previously downloaded ComboFix,please delete that version now.

Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could lead to your system becoming unusable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 wompuscat

wompuscat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 04 January 2008 - 12:38 AM

Richie,

Sorry for the delay in getting back to you. I've had a lot going on over the holiday season. I downloaded combo fix but couldn't get it to run past stage 1, and therefore have no log to post (any other suggestions). On the other hand I was able to rename hijackthis to abc.bat and get a good scan and log. Please find it below. Thanks for your help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15, on 2008-01-03
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
F:\winnt\System32\smss.exe
F:\winnt\system32\csrss.exe
F:\winnt\system32\winlogon.exe
F:\winnt\system32\services.exe
F:\winnt\system32\lsass.exe
F:\Program Files\smc.exe
F:\winnt\system32\svchost.exe
F:\winnt\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
F:\winnt\System32\svchost.exe
F:\winnt\System32\nvsvc32.exe
F:\winnt\system32\regsvc.exe
F:\winnt\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
F:\winnt\system32\stisvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
F:\winnt\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
F:\winnt\system32\svchost.exe
F:\winnt\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
F:\Program Files\2Wire\2PortalMon.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Nikon\PictureProject\NkbMonitor.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Trend Micro\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: {1e12a92a-3aed-d70b-57a4-32ff023b1744} - {4471b320-ff23-4a75-b07d-dea3a29a21e1} - F:\winnt\system32\pcrwwiqs.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Orbdhrna\kfvtwtym.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: 0 - {884BD7F2-10F2-4DC0-C98D-2CC8F6C35DC2} - C:\Program Files\Windows NT\qubapi.dll (file missing)
O2 - BHO: (no name) - {A0BD9715-D7E0-45B8-B774-78CDE4FD9811} - F:\winnt\system32\xxyvw.dll
O2 - BHO: (no name) - {b6bde1b5-3bae-440a-bbbf-8fb6a5fe3a17} - F:\winnt\system32\jbjqsio.dll
O2 - BHO: (no name) - {B6FCA448-6DFD-1957-DA27-30E6078358B7} - F:\winnt\system32\kvmlt.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] F:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{23-35-51-1D-ZN}] F:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [xarcpoby] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\xarcpoby.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [tufyhunc] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\tufyhunc.dll"
O4 - HKLM\..\Run: [rifojobc] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\rifojobc.dll"
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\smc.exe -startgui
O4 - HKLM\..\Run: [srghebih] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\srghebih.dll"
O4 - HKLM\..\Run: [hmzupyfe] regsvr32 /u "F:\Documents and Settings\All Users.WINNT\Application Data\hmzupyfe.dll"
O4 - HKLM\..\Run: [445235b2] rundll32.exe "F:\winnt\system32\phvcnyna.dll",b
O4 - HKCU\..\Run: [Toao] "F:\winnt\system32\YMBOLS~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Zrgukxu] "C:\Program Files\A?pPatch\m?dtc.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = F:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\winnt\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\winnt\bdoscandel.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196638768018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196638752526
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.smugmug.com/photos/activex/I...der4-082807.cab
O20 - Winlogon Notify: jmwcqldl - jmwcqldl.dll (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\winnt\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\winnt\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\winnt\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 11066 bytes

#4 wompuscat

wompuscat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 January 2008 - 11:58 PM

Can Someone please take a look at my log?


Thanks

#5 wompuscat

wompuscat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 04 February 2008 - 02:32 PM

Helloooo Anyone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users