help
My PC Hell Forum
November 19, 2008, 10:48:07 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.
 
   Home   Help Search Calendar Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: help  (Read 1942 times)
jan
New FixmyXP Member
*
Posts: 3


View Profile
« on: January 20, 2007, 01:39:05 PM »
this is for martin

Logfile of HijackThis v1.99.1
Scan saved at 18:28:08, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Kieran\LOCALS~1\Temp\2007118162156_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166968294296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #1 on: January 20, 2007, 01:49:13 PM »
Hi Jan, cheaper than the phone, you have one file that I am not sure about so I need to do a check on it 

can you do the following please

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Copy and paste the text file as I told you earlier
 
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
jan
New FixmyXP Member
*
Posts: 3


View Profile
« Reply #2 on: January 20, 2007, 02:40:04 PM »
for martin

"Jan" - 07-01-20 19:31:04    Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Jan\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-12-20 to 2007-01-20  ))))))))))))))))))))))))))))))))))
 
 
2007-01-20 18:18   75,512   --a------   C:\WINDOWS\zllsputility.exe
2007-01-20 18:17   1,087,216   --a------   C:\WINDOWS\system32\zpeng24.dll
2007-01-20 18:17   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
2007-01-18 16:49   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-18 16:49   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-18 16:49   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-18 16:49   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-18 16:49   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-18 16:48   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-01-18 16:48   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-01-17 18:22   <DIR>   d--------   C:\Program Files\QuickTime
2007-01-11 03:00   <DIR>   d--------   C:\WINDOWS\ie7updates
2007-01-04 18:51   <DIR>   d--------   C:\Program Files\LimeWire
2007-01-04 15:56   <DIR>   d--------   C:\Program Files\SpacialAudio
2007-01-04 15:55   <DIR>   d--------   C:\Program Files\Firebird
2006-12-29 17:20   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\Application Data\McAfee.com Personal Firewall
2006-12-29 17:20   <DIR>   d--------   C:\DOCUME~1\Jan\Application Data\McAfee.com Personal Firewall
2006-12-29 17:16   <DIR>   d--------   C:\Program Files\McAfee
2006-12-29 17:16   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2006-12-29 17:15   <DIR>   d--------   C:\WINDOWS\system32\mclsphlr
2006-12-29 17:14   32,768   --a------   C:\WINDOWS\system32\instlsp.exe
2006-12-29 17:14   131,072   ---------   C:\WINDOWS\system32\mclsp.dll
2006-12-29 17:14   11,264   --a------   C:\WINDOWS\system32\sporder.dll
2006-12-29 17:12   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.com Personal Firewall
2006-12-29 17:07   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.com
2006-12-29 17:06   349,760   -ra------   C:\WINDOWS\system32\mcinsctl.dll
2006-12-29 17:06   288,320   -ra------   C:\WINDOWS\system32\mcgdmgr.dll
2006-12-29 17:06   <DIR>   d--------   C:\Program Files\Sky Broadband
2006-12-29 17:06   <DIR>   d--------   C:\Program Files\McAfee.com
2006-12-29 17:03   80,512   -ra------   C:\WINDOWS\system32\drivers\Rtnicxp.sys
2006-12-29 17:03   <DIR>   d--------   C:\WINDOWS\OPTIONS
2006-12-29 17:03   <DIR>   d--------   C:\Program Files\Belkin
2006-12-29 17:03   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2006-12-29 17:02   20,992   --a------   C:\WINDOWS\system32\drivers\RTL8139.sys
2006-12-26 16:04   <DIR>   d--------   C:\Program Files\PC Wizard 2006
2006-12-26 13:08   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
2006-12-26 13:08   69,632   --a------   C:\WINDOWS\system32\xmltok.dll
2006-12-26 13:08   36,864   --a------   C:\WINDOWS\system32\xmlparse.dll
2006-12-26 13:08   26,096   --a------   C:\WINDOWS\system32\xmlinst.exe
2006-12-26 13:08   24,576   --a------   C:\WINDOWS\system32\msxml3a.dll
2006-12-26 13:01   <DIR>   d--------   C:\Program Files\Ubisoft
2006-12-26 12:23   187,072   --a------   C:\WINDOWS\walltoyUninst.exe
2006-12-26 12:23   <DIR>   d--------   C:\Program Files\WallpaperToy
2006-12-26 12:20   266,360   --a------   C:\WINDOWS\system32\TweakUI.exe
2006-12-26 11:17   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles
2006-12-26 11:14   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2006-12-26 11:09   208,896   --a------   C:\WINDOWS\system32\nvudisp.exe
2006-12-26 11:09   <DIR>   d--------   C:\WINDOWS\nview
2006-12-26 11:08   208,896   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2006-12-26 11:08   <DIR>   d--------   C:\NVIDIA
2006-12-25 19:25   <DIR>   d--------   C:\WINDOWS\Sun
2006-12-25 19:23   <DIR>   d--------   C:\Program Files\Java
2006-12-25 19:23   <DIR>   d--------   C:\Program Files\Common Files\Java
2006-12-25 19:23   <DIR>   d--------   C:\DOCUME~1\Jan\Application Data\Sun
2006-12-25 19:15   <DIR>   d--------   C:\Program Files\LeechGet 2006
2006-12-25 14:15   <DIR>   d--------   C:\Program Files\NCH Swift Sound
2006-12-24 22:29   720,896   --a------   C:\WINDOWS\iun6002.exe
2006-12-24 22:29   <DIR>   d--------   C:\Program Files\TuneXP
2006-12-24 17:39   <DIR>   d--------   C:\Program Files\CyberLink
2006-12-24 14:22   <DIR>   d--------   C:\Program Files\Power defrag
2006-12-24 14:19   127,208   --a------   C:\WINDOWS\system32\mucltui.dll
2006-12-24 13:56   <DIR>   d--------   C:\Program Files\HiJackThis
2006-12-24 13:20   <DIR>   d--------   C:\Program Files\CCleaner
2006-12-24 13:11   <DIR>   d--------   C:\DOCUME~1\Jan\Application Data\MSN6
2006-12-24 13:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\MSN6
2006-12-24 12:53   <DIR>   d--------   C:\Program Files\Windows Defender
2006-12-24 12:25   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2006-12-24 12:25   <DIR>   d--------   C:\Program Files\SpywareBlaster
2006-12-24 12:00   <DIR>   d--------   C:\Downloads
2006-12-24 11:47   2,318,976   --a------   C:\WINDOWS\system32\TUKernel.exe
2006-12-24 11:43   24,072   --a------   C:\WINDOWS\system32\uxtuneup.dll
2006-12-24 11:43   <DIR>   d--------   C:\Program Files\TuneUp Utilities 2007
2006-12-24 11:43   <DIR>   d--------   C:\DOCUME~1\Jan\Application Data\TuneUp Software
2006-12-24 11:42   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2006-12-24 11:19   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\TuneUp Software


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-16 17:06   --------   d--------   C:\Program Files\steam
2006-12-31 17:30   --------   d--h-----   C:\Program Files\installshield installation information
2006-12-29 17:03   --------   d--------   C:\Program Files\Common Files\installshield
2006-12-25 17:47   --------   d--------   C:\DOCUME~1\Jan\Application Data\macromedia
2006-12-24 22:18   --------   d--------   C:\Program Files\google
2006-12-24 13:21   --------   d---s----   C:\DOCUME~1\Jan\Application Data\microsoft
2006-12-24 12:09   --------   d--------   C:\Program Files\microsoft works
2006-12-17 13:25   --------   d--------   C:\Program Files\Common Files\logitech
2006-12-17 12:25   --------   d--------   C:\Program Files\msn messenger
2006-12-10 20:03   --------   d--------   C:\Program Files\microsoft games
2006-12-09 19:01   --------   d--------   C:\DOCUME~1\Jan\Application Data\template
2006-12-08 06:16   --------   d--------   C:\Program Files\hewlett-packard
2006-12-08 00:03   --------   d--------   C:\Program Files\msxml 4.0
2006-12-07 05:57   --------   d--------   C:\Program Files\windows media connect 2
2006-12-07 05:28   --------   d--------   C:\Program Files\hp
2006-12-07 05:26   --------   d--------   C:\Program Files\Common Files\hp
2006-12-07 05:21   --------   d--------   C:\Program Files\Common Files\hewlett-packard
2006-12-07 01:18   --------   d--------   C:\DOCUME~1\Jan\Application Data\google
2006-12-06 23:59   --------   d--------   C:\Program Files\universal interactive
2006-12-06 23:35   --------   d--------   C:\Program Files\pivot stickfigure animator
2006-12-06 22:42   --------   d--------   C:\Program Files\messenger
2006-12-06 04:51   --------   d--------   C:\Program Files\alwil software
2006-12-06 04:41   --------   d--h-----   C:\Program Files\windowsupdate
2006-12-06 04:20   --------   d--------   C:\Program Files\thomson
2006-12-06 04:02   --------   d--------   C:\Program Files\movie maker
2006-12-06 04:00   --------   d--------   C:\Program Files\windows nt
2006-12-06 03:37   --------   d--------   C:\DOCUME~1\Jan\Application Data\identities
2006-12-06 03:28   --------   d--------   C:\Program Files\microsoft frontpage
2006-12-06 03:27   0   -rahs----   C:\MSDOS.SYS
2006-12-06 03:27   0   -rahs----   C:\IO.SYS
2006-12-06 03:27   0   --a------   C:\CONFIG.SYS
2006-12-06 03:27   0   --a------   C:\AUTOEXEC.BAT
2006-12-06 03:26   --------   d--------   C:\Program Files\online services
2006-12-06 03:24   --------   d--------   C:\Program Files\Common Files\mssoap
2006-12-06 03:23   --------   d--------   C:\Program Files\msn gaming zone
2006-12-05 19:15   62   --ahs----   C:\DOCUME~1\Jan\Application Data\desktop.ini
2006-12-05 19:15   --------   d--------   C:\Program Files\Common Files\speechengines
2006-12-05 19:15   --------   d--------   C:\Program Files\Common Files\odbc
2006-11-08 05:06   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-08 05:03   6049280   ---------   C:\WINDOWS\system32\ieframe.dll
2006-11-08 05:03   50688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-11-08 05:03   458752   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-11-08 05:03   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-11-08 05:03   231424   --a------   C:\WINDOWS\system32\webcheck.dll
2006-11-08 05:03   180736   ---------   C:\WINDOWS\system32\ieui.dll
2006-11-08 05:03   156160   --a------   C:\WINDOWS\system32\msls31.dll
2006-11-07 11:27   382976   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 11:27   229376   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-11-07 11:26   71680   --a------   C:\WINDOWS\system32\admparse.dll
2006-11-07 11:26   55296   --a------   C:\WINDOWS\system32\iesetup.dll
2006-11-07 11:26   54784   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 11:26   43008   --a------   C:\WINDOWS\system32\iernonce.dll
2006-11-07 11:26   152064   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-11-07 11:26   13312   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-11-07 11:26   123904   --a------   C:\WINDOWS\system32\advpack.dll
2006-11-07 11:25   161792   --a------   C:\WINDOWS\system32\ieakui.dll
2006-11-04 22:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-22 12:22   888832   --a------   C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22   86016   --a------   C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22   81920   --a------   C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22   794624   --a------   C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22   7700480   --a------   C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22   581632   --a------   C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22   5644288   --a------   C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22   5619712   --a------   C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22   5255168   --a------   C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22   466944   --a------   C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22   458752   --a------   C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22   4527488   --a------   C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22   45056   --a------   C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22   442368   --a------   C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22   425984   --a------   C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22   35840   --a------   C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22   35840   --a------   C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22   3203072   --a------   C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22   311296   --a------   C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22   3047424   --a------   C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22   2973696   --a------   C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22   2924544   --a------   C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22   286720   --a------   C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22   2859008   --a------   C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22   229376   --a------   C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22   212992   --a------   C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22   188416   --a------   C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22   1732608   --a------   C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22   1662976   --a------   C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22   1622016   --a------   C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22   159810   --a------   C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22   147456   --a------   C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22   1470464   --a------   C:\WINDOWS\system32\nview.dll
2006-10-22 12:22   1339392   --a------   C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22   1236992   --a------   C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22   1019904   --a------   C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22   1011712   --a------   C:\WINDOWS\system32\nvcpluir.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Cleanup"="C:\\DOCUME~1\\Kieran\\LOCALS~1\\Temp\\2007118162156_mcappins.exe /v=3 /cleanup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
WudfServiceGroup   REG_MULTI_SZ      WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-20 19:33:26
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #3 on: January 20, 2007, 02:43:01 PM »
Hi jan could you post another HJT log please
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #4 on: January 20, 2007, 02:58:30 PM »
Hi Jan it looks like some remnants of Macafee are messing with your system


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\DOCUME~1\Kieran\LOCALS~1\Temp\2007118162156_mcappins.exe /v=3 /cleanup
    C:\DOCUME~1\LOCALS~1\Application Data\McAfee.com Personal Firewall
    C:\DOCUME~1\Jan\Application Data\McAfee.com Personal Firewall
    C:\Program Files\McAfee
    C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
    C:\WINDOWS\system32\mclsphlr
    C:\WINDOWS\system32\instlsp.exe
    C:\WINDOWS\system32\mclsp.dll
    C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.com Personal Firewall
    C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.comC:\WINDOWS\system32\mcinsctl.dll
    C:\WINDOWS\system32\mcgdmgr.dll
    C:\Program Files\McAfee.com


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  • Click the red-and-white Delete File button.  Click Yes at the Delete on Reboot prompt.  Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
jan
New FixmyXP Member
*
Posts: 3


View Profile
« Reply #5 on: January 20, 2007, 03:00:57 PM »
for martiLogfile of HijackThis v1.99.1
Scan saved at 19:59:55, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LeechGet 2006\LeechGet.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Kieran\LOCALS~1\Temp\2007118162156_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166968294296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

n
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #6 on: January 20, 2007, 05:26:43 PM »
Looks good now, I will research your downloading picture problem 
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!