Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Possible Malware, Adware, Spyware...My comp occasional

Started by dspot122 , May 01 2008 09:39 PM

  • This topic is locked This topic is locked
25 replies to this topic

#1 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 01 May 2008 - 09:39 PM

Hello,
I am very new to this HijackThis thing and as of recently my computer has been infected i think by numerous malware/spyware. I'm not too sure what information is needed but I am running Windows XP SP2 and have been running Norton/ Symantec AV along with others that I have recently downloaded to aid me (Avast, Spy Sweeper, Spybot S&D). Any help would be greatly appreciated. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:39 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {9bd73704-86a9-7309-6df4-5ef5f3f5c1c2} - {2c1c5f3f-5fe5-4fd6-9037-9a6840737db9} - C:\WINDOWS\system32\yuyocwlg.dll (file missing)
O2 - BHO: (no name) - {2F48F8C2-C324-4849-BF32-3C836E3654CB} - (no file)
O2 - BHO: (no name) - {3560C169-DF23-4AD7-B8EB-B6FC40CDCCB5} - C:\WINDOWS\system32\mlJBQGWN.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\rqRKAQGw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [dd268fc6d452] C:\WINDOWS\System32\capesnpn.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [44a77496] rundll32.exe "C:\WINDOWS\system32\nomnlmhu.dll",b
O4 - HKLM\..\Run: [BM4794470a] Rundll32.exe "C:\WINDOWS\system32\snvipmio.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [c004RQe8P] wuaover.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Qrdj] "C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestat...rintActiveX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O18 - Protocol: bw+0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DFA0419D-C6B5-499F-B8C0-6ED4753AE8C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqRKAQGw - rqRKAQGw.dll (file missing)
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 26094 bytes

    Advertisements

Register to Remove

#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 May 2008 - 04:12 AM

Hi dspot122,

It appears that you have two antivirus programs running - Symantec and Avast. Running one antivirus program is essential, but having two can cause conflicts, slow your system down and even cause stability problems without improving your security. You should use just one antivirus program and if you want an "2nd opinion", use an online scanner like Kaspersky's.

If you have two antivirus programs installed, then before proceeding, please remove one of them.
Please make sure you choose one currently capable of receiving updates, because an antivirus program without updates cannot protect your system effectively. If you have any problems, please stop and let me know.

------------------------------------------------------------------------

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c dir "c:\wuaover.exe" /a /s >> "%userprofile%\desktop\look.txt" & notepad "%userprofile%\desktop\look.txt"

A black box will open and a file will appear on your Desktop called look.txt.
Please wait for look.txt to open in Notepad automatically.
Post the contents of look.txt in your next response.

------------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post the look.txt output and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#3 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 09 May 2008 - 05:57 AM

Do you still need help with your machine? If the instructions are unclear or something isn't working, please let me know before proceeding.
ASAP & UNITE Member

#4 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 11 May 2008 - 10:17 PM

Thank you so much for taking the time to check over my post. I apologize for this late reply as I have not been able to have enough free time to do all the necessary things you have suggested. I am going to reply again tomorrow after work as it is pretty late now and post the results. Thank you again I really appreciate it.

#5 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 11 May 2008 - 10:25 PM

One more thing before I go.... You talked about me having 2 antivirus software. Is it possible to have both but have one disabled?? I have the Symantec Antivirus and I like it cause I can update it regularly but some of the the things it finds can't be deleted as it doesn't seem to exist in a folder as it states when I manually look for it. I downloaded the Avast antivirus and I like it because it actually found the files that Symantec couldn't and it seems to have deleted it. In your opinion which is the better of the two if I do have to go with only one? Thanks again!

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 12 May 2008 - 05:44 PM

Hi dspot122,

Having two antivirus programs installed can be very detrimental to your system because they install themselves very deeply in your system and can cause serious conflicts. For this reason, and to improve system performance, it's best to have only one installed.

Having said that, it's not unusual to find that two different antivirus programs pick up on different things - they all have different malware 'signatures' and no antivirus program will detect everything out there. It's a very good idea to get a '2nd opinion' but the way to get this is not to install two antivirus programs, it is to have one installed and offering real-time protection, and then to use an online scanner (like Kaspersky's) for a regular scan also. During the course of cleaning your machine I will give you full instructions for using this so you don't need to run this scan yet if you don't want to.

As to which program is better, both Symantec and Avast are good products and capable of offering good protection. You should use the one you are most comfortable with and which works best - but you absolutely must keep it updated - an outdated antivirus program is of no use at all, so unless you intend to keep your Symantec subscription current I would go with a free product like Avast.
ASAP & UNITE Member

#7 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 12 May 2008 - 08:55 PM

Here are the contents of the Look.txt

Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439

Here is the main.txt-----------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-12 21:19:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-05-13 02:20:07 UTC - RP119 - Deckard's System Scanner Restore Point
77: 2008-05-12 14:33:58 UTC - RP118 - System Checkpoint
76: 2008-05-03 06:09:37 UTC - RP117 - Removed Logitech Desktop Messenger
75: 2008-05-01 10:43:18 UTC - RP116 - Software Distribution Service 3.0
74: 2008-05-01 05:00:15 UTC - RP115 - Installed Windows XP KB927891.


-- First Restore Point --
1: 2008-04-22 15:52:42 UTC - RP42 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
System Drive C: has 17.63 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:03 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {9bd73704-86a9-7309-6df4-5ef5f3f5c1c2} - {2c1c5f3f-5fe5-4fd6-9037-9a6840737db9} - C:\WINDOWS\system32\yuyocwlg.dll (file missing)
O2 - BHO: (no name) - {2F48F8C2-C324-4849-BF32-3C836E3654CB} - (no file)
O2 - BHO: (no name) - {3560C169-DF23-4AD7-B8EB-B6FC40CDCCB5} - C:\WINDOWS\system32\mlJBQGWN.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\rqRKAQGw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [dd268fc6d452] C:\WINDOWS\System32\capesnpn.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [44a77496] rundll32.exe "C:\WINDOWS\system32\nomnlmhu.dll",b
O4 - HKLM\..\Run: [BM4794470a] Rundll32.exe "C:\WINDOWS\system32\snvipmio.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [c004RQe8P] wuaover.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Qrdj] "C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestat...rintActiveX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqRKAQGw - rqRKAQGw.dll (file missing)
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13943 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 PSSdk21 - c:\windows\system32\drivers\hnpssdk.drv (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-01 21:04:52 0 d-------- C:\Program Files\Trend Micro
2008-05-01 17:44:22 0 d-------- C:\Program Files\Alwil Software
2008-04-30 23:27:21 0 d-------- C:\WINDOWS\network diagnostic
2008-04-30 23:21:15 0 d-------- C:\4aed55c2d66b67ffdfe104
2008-04-26 13:54:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Flock
2008-04-26 13:53:58 0 d-------- C:\Program Files\Flock
2008-04-25 05:23:52 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-24 00:05:59 0 d-------- C:\Program Files\CCleaner
2008-04-23 23:49:54 0 d-------- C:\Program Files\Lavasoft
2008-04-23 23:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 23:46:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 22:56:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 22:55:58 0 d-------- C:\Program Files\SpywareBlaster
2008-04-23 22:46:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-23 22:45:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-22 10:52:31 516102 --ahs---- C:\WINDOWS\system32\NWGQBJlm.ini2
2008-04-22 10:47:59 0 d-------- C:\WINDOWS\system32\s?stem32
2008-04-22 10:47:13 0 d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 14:49:07 0 d-------- C:\WINDOWS\??sks
2008-04-20 14:29:18 0 d-------- C:\WINDOWS\??sks
2008-04-18 20:46:16 0 d-------- C:\WINDOWS\??pPatch
2008-04-16 13:52:04 0 d-------- C:\Program Files\M?crosoft
2008-04-13 18:19:16 0 d-------- C:\Documents and Settings\Owner\Application Data\?ystem32
2008-04-12 18:12:29 0 d-------- C:\Program Files\Common Files\s?mbols


-- Find3M Report ---------------------------------------------------------------

2008-05-11 23:40:19 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-11 23:36:23 0 d-------- C:\Documents and Settings\Owner\Application Data\?ystem32
2008-05-03 01:09:21 0 d-------- C:\Program Files\Logitech
2008-05-02 05:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\??curity
2008-04-26 12:41:25 0 d-------- C:\Program Files\Netscape
2008-04-25 05:35:54 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-25 05:35:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 23:46:50 0 d-------- C:\Program Files\Common Files
2008-04-23 22:48:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Webshots
2008-04-23 22:48:10 0 d-------- C:\Program Files\Google
2008-04-16 13:52:04 0 d-------- C:\Program Files\M?crosoft
2008-04-12 18:12:29 0 d-------- C:\Program Files\Common Files\s?mbols
2008-04-10 13:26:01 0 d-------- C:\Program Files\?racle
2008-04-01 18:03:41 0 d-------- C:\Documents and Settings\Owner\Application Data\T?sks
2008-03-26 06:41:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-24 06:06:13 0 d-------- C:\Documents and Settings\Owner\Application Data\?dobe
2008-03-21 20:55:26 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-15 05:46:18 0 d-------- C:\Documents and Settings\Owner\Application Data\F?nts


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c1c5f3f-5fe5-4fd6-9037-9a6840737db9}]
C:\WINDOWS\system32\yuyocwlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F48F8C2-C324-4849-BF32-3C836E3654CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3560C169-DF23-4AD7-B8EB-B6FC40CDCCB5}]
C:\WINDOWS\system32\mlJBQGWN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
C:\WINDOWS\system32\rqRKAQGw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [01/20/2004 08:53 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 06:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 06:15 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 11:01 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/28/2005 11:53 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 07:50 PM]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2003 10:50 PM]
"nwiz"="nwiz.exe" [12/05/2003 10:50 PM C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/29/2003 11:17 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [02/13/2004 08:08 AM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [09/20/2002 03:16 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [09/11/2002 12:58 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [09/11/2002 12:57 PM]
"dd268fc6d452"="C:\WINDOWS\System32\capesnpn.exe" [10/15/2004 01:42 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 09:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [06/23/2005 07:27 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/28/2005 01:08 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/15/2007 03:16 AM]
"44a77496"="C:\WINDOWS\system32\nomnlmhu.dll" []
"BM4794470a"="C:\WINDOWS\system32\snvipmio.dll" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 01:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 04:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"c004RQe8P"="wuaover.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [02/25/2004 11:48 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/07/2007 02:08 PM]
"WebCamRT.exe"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"Qrdj"="C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Notn"="C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe" [05/02/2008 05:24 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/27/2005 7:46:11 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [1/28/2004 7:12:58 PM]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [6/2/2004 1:04:58 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 7:49:48 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\rqRKAQGw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKAQGw]
rqRKAQGw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
C:\WINDOWS\system32\sstts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eba7f8f-4fd3-11db-8d38-000ea6a2b83a}]
AutoRun\command- H:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-12 21:31:53 ------------

Finally here is the extra.txt---------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 511.29 MiB / 80.55 MiB
Pagefile Memory (total/avail): 1248.23 MiB / 427.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 181.84 GiB total, 17.63 GiB free.
D: is Fixed (FAT32) - 4.45 GiB total, 0.62 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 232.83 GiB total, 3.31 GiB free.
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200822A - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 4.46 GiB - D:
\PARTITION1 (bootable) - Installable File System - 181.84 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080512-0] v4.8.1169 (ALWIL Software) Disabled
AV: Symantec AntiVirus Corporate Edition v10.0.1.1000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\XBConnect4\\XBC4.exe"="C:\\Program Files\\XBConnect4\\XBC4.exe:*:Enabled:XBConnect"
"C:\\Program Files\\interMute\\SpamSubtract\\SpamSub.exe"="C:\\Program Files\\interMute\\SpamSubtract\\SpamSub.exe:*:Disabled:SpamSubtract"
"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe"="C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe:*:Enabled:Eyeball Chat"
"C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*:Enabled:LeechFTP"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.718\\Qwix.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.718\\Qwix.exe:*:Enabled:Qwix"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\neXBC\\neXBC.exe"="C:\\Program Files\\neXBC\\neXBC.exe:*:Enabled:XBConnect"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\WINDOWS\\system32\\WindowsHosts.exe"="C:\\WINDOWS\\system32\\WindowsHosts.exe:*:Disabled:WindowsHosts"
"C:\\Program Files\\XBConnect4\\neXBC\\neXBC.exe"="C:\\Program Files\\XBConnect4\\neXBC\\neXBC.exe:*:Enabled:XBConnect"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Disabled:NTVDM.EXE"
"C:\\Program Files\\Mobius\\GunBound\\Gunbound.exe"="C:\\Program Files\\Mobius\\GunBound\\Gunbound.exe:*:Enabled:GunBound Startup Application"
"C:\\Program Files\\Mobius\\GunBound\\Gunbound.gme"="C:\\Program Files\\Mobius\\GunBound\\Gunbound.gme:*:Enabled:GunBound"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\XBC\\neXBC.exe"="C:\\Program Files\\XBC\\neXBC.exe:*:Enabled:XBConnect"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCIRUELAS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DCIRUELAS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\PROGRA~1\COSMOS~1\Shared\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DCIRUELAS
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
545 Studios Skinstaller (remove only) --> "C:\Program Files\545 Studios\Skinstaller\UninstallSkinstaller.exe"
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Action Replay XBOX 1.42 --> "C:\Program Files\Datel\Action Replay XBOX\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIMutation (remove only) --> "C:\PROGRA~1\AIM\UninstallAimutation.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avi2Dvd 0.4.4 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BCHP Screening Tool --> C:\PROGRA~1\BCHPSC~1\UNWISE.EXE C:\PROGRA~1\BCHPSC~1\INSTALL.LOG
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
BitTorrent 4.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.2.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
Flock 1.1 --> C:\Program Files\Flock\uninst.exe
Free Mp3 Wma Converter V 1.3.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
Lexmark 2200 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBVUN5C.EXE -dLexmark 2200 Series
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C1F6CDAA-2D3F-41AC-A517-D03502BF46AC}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech IM Video Companion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Network Services Kit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DEFE738-2861-4A94-AC79-2B5234CE78B8}\setup.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PHM Registry Editor --> MsiExec.exe /I{DE4A7830-7480-425C-8330-699C30FD8C66}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSP Max Media Manager --> "C:\Program Files\Datel\PSP Max Media Manager\unins000.exe"
PSP Video 9 1.74 --> C:\Program Files\pspvideo9\uninst.exe
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QQ Games --> C:\Program Files\Tencent\QQ Games\Uninstall.EXE
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Sound Forge 7.0 --> MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spy Sweeper --> C:\WINDOWS\unSpySweeper.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
T-Mobile Wing™ User Manual --> C:\Program Files\T-Mobile Wing User Manual\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 beta4 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1732 / Error
Event Submitted/Written: 05/12/2008 09:30:15 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1731 / Error
Event Submitted/Written: 05/12/2008 09:24:05 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Adware.Purityscan in File: C:\Documents and Settings\Owner\Local Settings\Temp\NDR67.tmp by: Auto-Protect scan. Action: Pending Side Effects Analysis. Action Description:

Event Record #/Type1730 / Error
Event Submitted/Written: 05/12/2008 07:35:51 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Adware.Purityscan in File: C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP116\A0018422.exe by: Auto-Protect scan. Action: Reboot Required. Action Description: The file was quarantined successfully.

Event Record #/Type1729 / Error
Event Submitted/Written: 05/12/2008 07:35:44 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Adware.Purityscan in File: c:\documents and settings\Owner\local settings\Temp\!update.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Event Record #/Type1728 / Error
Event Submitted/Written: 05/12/2008 07:35:42 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Adware.Purityscan in File: c:\system volume information\_restore{7f7be6f8-0d6a-488b-abdc-75393719a72d}\RP116\A0018447.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type110481 / Error
Event Submitted/Written: 05/12/2008 07:24:36 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 000EA6A2B83A has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type110477 / Warning
Event Submitted/Written: 05/12/2008 02:22:30 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type110476 / Warning
Event Submitted/Written: 05/12/2008 01:15:21 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type110473 / Error
Event Submitted/Written: 05/11/2008 11:37:20 PM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2728'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Event Record #/Type110472 / Error
Event Submitted/Written: 05/11/2008 11:37:19 PM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2728'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.



-- End of Deckard's System Scanner: finished at 2008-05-12 21:31:53 -----------

and for some reason IE will not open up. I use Flock as my internet search engine will kaspersky work with that? Thanks again for all of your help.

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 12 May 2008 - 09:33 PM

Hi dspot122,

The Kaspersky scan only works in IE so if IE is not functioning properly right now then you won't be able to use it. I'll be happy to help you with this, but we need to clean some malware from your machine before the scan will be useful.

Please open Start->Control Panel->Add/Remove Programs, and remove the following:

Java 2 Runtime Environment, SE v1.4.2_03

This is out of date and now a security risk, you can get the latest update (version 6 update 6) from here when the machine is clean

Party Poker has been reported as being malware-related so I strongly recommend you remove it.
To do so, uninstall PartyPoker via Add/Remove Programs

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
Viewpoint Media Player can be removed by uninstalling these entries via Add/Remove Programs:

Viewpoint Manager (Remove Only)
Viewpoint Media Player


You have BitTorrent, Limewire and Bittorrent, P2P file sharing programs installed on your computer. These programs do not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I strongly recommend you remove these via Add/Remove Programs.

You still have two antivirus programs installed, we won't be able to continue cleaning while this is the case because it is dangerous for your system. Please make your decision and uninstall one of them now. If you are in doubt, then I suggest you remove Avast for now, because it is a free program you can re-install it at any time.

It appears that there has at one time been a commercial keylogger on this system, are you the owner of this machine and are you aware of this?
If you are the owner and not aware and if you use this computer for sensitive purposes, such as internet banking then you should immediately use a known clean machine to change all your passwords. Also consider notifying your bank(s) etc that your login credentials may have been compromised.

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
cmd /c dir "c:\hnpssdk.drv" /a /s >> "%userprofile%\desktop\look2.txt" 
cmd /c dir "c:\pssdk23.drv" /a /s >> "%userprofile%\desktop\look2.txt" 
cmd /c dir "c:\pssdk30.drv" /a /s >> "%userprofile%\desktop\look2.txt" 
del runme.bat
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called look2.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

Once complete, please post the look2.txt output and a new HijackThis log.
ASAP & UNITE Member

#9 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 14 May 2008 - 11:48 AM

Silver, I tried doing that notebook with the code and then running the runme.bat but the cmd prompt said it could not find a file. I created a new hijackthis file and I will try the runme.bat thing again when I get home from work. I will send you both as soon as I finish with them.

#10 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 14 May 2008 - 06:15 PM

Ok I got everything to work now...

Here is Look2.txt_______________________________________________________________________
___________________

Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439
Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439

________________________________________________________________________________
_______________________

Here is my new Hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:37 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {9bd73704-86a9-7309-6df4-5ef5f3f5c1c2} - {2c1c5f3f-5fe5-4fd6-9037-9a6840737db9} - C:\WINDOWS\system32\yuyocwlg.dll (file missing)
O2 - BHO: (no name) - {2F48F8C2-C324-4849-BF32-3C836E3654CB} - (no file)
O2 - BHO: (no name) - {3560C169-DF23-4AD7-B8EB-B6FC40CDCCB5} - C:\WINDOWS\system32\mlJBQGWN.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\rqRKAQGw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [dd268fc6d452] C:\WINDOWS\System32\capesnpn.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [44a77496] rundll32.exe "C:\WINDOWS\system32\nomnlmhu.dll",b
O4 - HKLM\..\Run: [BM4794470a] Rundll32.exe "C:\WINDOWS\system32\snvipmio.dll",s
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [c004RQe8P] wuaover.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Qrdj] "C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestat...rintActiveX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqRKAQGw - rqRKAQGw.dll (file missing)
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12868 bytes


Thanks!!

    Advertisements

Register to Remove

#11 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 14 May 2008 - 09:13 PM

Hi dspot122,

Temporarily disable Spy Sweeper
  • Open Spysweeper and click on Options->Program Options and uncheck Load at Windows Startup
  • On the left side click Shields and then uncheck everything there
  • Uncheck Home Page Shield
  • Uncheck Automatically restore default without notification
  • Exit the program

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
sc stop PSSdk21 >> "%userprofile%\desktop\results.txt" 
sc delete PSSdk21 >> "%userprofile%\desktop\results.txt" 
sc stop PSSdk23 >> "%userprofile%\desktop\results.txt" 
sc delete PSSdk23 >> "%userprofile%\desktop\results.txt" 
sc stop PsSdk30 >> "%userprofile%\desktop\results.txt" 
sc delete PsSdk30 >> "%userprofile%\desktop\results.txt" 
del runme.bat
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
O2 - BHO: {9bd73704-86a9-7309-6df4-5ef5f3f5c1c2} - {2c1c5f3f-5fe5-4fd6-9037-9a6840737db9} - C:\WINDOWS\system32\yuyocwlg.dll (file missing)
O2 - BHO: (no name) - {2F48F8C2-C324-4849-BF32-3C836E3654CB} - (no file)
O2 - BHO: (no name) - {3560C169-DF23-4AD7-B8EB-B6FC40CDCCB5} - C:\WINDOWS\system32\mlJBQGWN.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\rqRKAQGw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [dd268fc6d452] C:\WINDOWS\System32\capesnpn.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [44a77496] rundll32.exe "C:\WINDOWS\system32\nomnlmhu.dll",b
O4 - HKLM\..\Run: [BM4794470a] Rundll32.exe "C:\WINDOWS\system32\snvipmio.dll",s
O4 - HKCU\..\Run: [c004RQe8P] wuaover.exe
O4 - HKCU\..\Run: [Qrdj] "C:\Documents and Settings\Owner\Application Data\?ystem32\r?gsvr32.exe"
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\spool32.exe" -vt ndrv
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - Winlogon Notify: rqRKAQGw - rqRKAQGw.dll (file missing)
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Please download OTMoveIt2 by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double-click OTMoveIt2.exe to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    C:\Documents and Settings\Owner\Application Data\?ystem32 /u
C:\Documents and Settings\Owner\Application Data\??curity /u
C:\Documents and Settings\Owner\Application Data\?ystem32 /u
C:\WINDOWS\system32\NWGQBJlm.ini2
C:\WINDOWS\system32\s?stem32 /u
C:\WINDOWS\system32\xcsDd01
C:\WINDOWS\??sks /u
C:\WINDOWS\??pPatch /u
C:\Program Files\M?crosoft /u
C:\Program Files\Common Files\s?mbols /u
C:\Program Files\?racle /u
C:\Documents and Settings\Owner\Application Data\T?sks /u
C:\Documents and Settings\Owner\Application Data\?dobe /u
C:\Documents and Settings\Owner\Application Data\F?nts /u
C:\WINDOWS\system32\yuyocwlg.dll
C:\WINDOWS\system32\mlJBQGWN.dll 
C:\WINDOWS\system32\rqRKAQGw.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\System32\capesnpn.exe
C:\WINDOWS\system32\nomnlmhu.dll
C:\WINDOWS\system32\snvipmio.dll
purity
EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2

------------------------------------------------------------------------

please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the results.txt output, the OTMoveIt report, the Kaspersky log and a new HijackThis log.
ASAP & UNITE Member

#12 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 15 May 2008 - 10:40 AM

Silver, I did everything you asked this morning but I didn't have time to post it here. I am currently at work so I can do it when I get back home. However, I was having problems trying to get kaspersky online scanner to work. Like I had mentioned in an earlier post my IE doesn't work and I have been using Flock. I had no problem accessing the link but I could not click the accept button on the screen. I didnt know how to use the zoom trick with the Flock browser so I was just stuck on that page.

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 15 May 2008 - 08:30 PM

Please use Dr Web instead of Kaspersky:

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Double-click cureit.exe to start the program.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and UN-CHECK Heuristic analysis
  • Choose the Actions tab and make these changes:
    • Next to Infected objects select Report
    • Next to Incurable objects select Report
    • Next to Infected containers select Report
  • At the bottom-left, UN-CHECK Prompt on action, then press OK to close the settings box.
  • Note: These settings changes are IMPORTANT, please ensure you have made them before scanning
  • Then select Complete scan and press the green arrow to start the scan
  • When the scan is complete, click File-> Save report list, save the report to your desktop and close Dr Web CureIt

Once complete, please post the logs requested in my previous post along with the CureIt report.
ASAP & UNITE Member

#14 dspot122

dspot122

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 16 May 2008 - 04:37 AM

Silver, Here is the results.txt.................... [SC] ControlService FAILED 1062: The service has not been started. [SC] DeleteService SUCCESS [SC] ControlService FAILED 1062: The service has not been started. [SC] DeleteService SUCCESS [SC] ControlService FAILED 1062: The service has not been started. [SC] DeleteService SUCCESS Here is the OTMoveit2............... < C:\Documents and Settings\Owner\Application Data\?ystem32 /u > C:\Documents and Settings\Owner\Application Data\ѕystem32 moved successfully. < C:\Documents and Settings\Owner\Application Data\??curity /u > C:\Documents and Settings\Owner\Application Data\ѕecurity moved successfully. C:\Documents and Settings\Owner\Application Data\ѕеcurity\ѕеcurity moved successfully. C:\Documents and Settings\Owner\Application Data\ѕеcurity moved successfully. < C:\Documents and Settings\Owner\Application Data\?ystem32 /u > File/Folder C:\Documents and Settings\Owner\Application Data\?ystem32 not found. C:\WINDOWS\system32\NWGQBJlm.ini2 moved successfully. < C:\WINDOWS\system32\s?stem32 /u > C:\WINDOWS\system32\sуstem32 moved successfully. C:\WINDOWS\system32\xcsDd01 moved successfully. < C:\WINDOWS\??sks /u > C:\WINDOWS\Tаsks moved successfully. C:\WINDOWS\Τаsks moved successfully. C:\WINDOWS\Таsks moved successfully. < C:\WINDOWS\??pPatch /u > C:\WINDOWS\АрpPatch moved successfully. < C:\Program Files\M?crosoft /u > C:\Program Files\Mіcrosoft moved successfully. < C:\Program Files\Common Files\s?mbols /u > C:\Program Files\Common Files\sуmbols moved successfully. < C:\Program Files\?racle /u > C:\Program Files\Оracle moved successfully. < C:\Documents and Settings\Owner\Application Data\T?sks /u > C:\Documents and Settings\Owner\Application Data\Tаsks moved successfully. < C:\Documents and Settings\Owner\Application Data\?dobe /u > C:\Documents and Settings\Owner\Application Data\Аdobe moved successfully. < C:\Documents and Settings\Owner\Application Data\F?nts /u > C:\Documents and Settings\Owner\Application Data\Fοnts moved successfully. C:\Documents and Settings\Owner\Application Data\Fоnts moved successfully. File/Folder C:\WINDOWS\system32\yuyocwlg.dll not found. File/Folder C:\WINDOWS\system32\mlJBQGWN.dll not found. File/Folder C:\WINDOWS\system32\rqRKAQGw.dll not found. File/Folder C:\WINDOWS\system32\sstts.dll not found. C:\WINDOWS\System32\capesnpn.exe moved successfully. File/Folder C:\WINDOWS\system32\nomnlmhu.dll not found. File/Folder C:\WINDOWS\system32\snvipmio.dll not found. < purity > C:\WINDOWS\Αdobe moved successfully. C:\WINDOWS\Аdobe moved successfully. C:\WINDOWS\aѕsembly moved successfully. C:\WINDOWS\аѕsembly moved successfully. C:\WINDOWS\Fοnts moved successfully. C:\WINDOWS\Mіcrosoft.NET moved successfully. C:\WINDOWS\Μicrosoft moved successfully. C:\WINDOWS\Оracle moved successfully. C:\WINDOWS\ѕеcurity moved successfully. C:\WINDOWS\Sуmantec moved successfully. C:\WINDOWS\WіnSxS moved successfully. C:\WINDOWS\system32\Μicrosoft.NET moved successfully. C:\WINDOWS\system32\Μicrosoft moved successfully. C:\WINDOWS\system32\ѕecurity moved successfully. C:\WINDOWS\system32\Ѕуmantec moved successfully. C:\WINDOWS\system32\ѕуstem moved successfully. C:\WINDOWS\system32\sуstem moved successfully. C:\WINDOWS\system32\ѕystem moved successfully. C:\WINDOWS\system32\Tаsks moved successfully. C:\WINDOWS\system32\WіnSxS moved successfully. C:\Program Files\aѕsembly moved successfully. C:\Program Files\Μіcrosoft moved successfully. C:\Program Files\Outerinfo\FF\components moved successfully. C:\Program Files\Outerinfo\FF moved successfully. C:\Program Files\Outerinfo moved successfully. C:\Program Files\Таsks moved successfully. C:\Program Files\Common Files\Fοnts moved successfully. C:\Program Files\Common Files\Mіcrosoft.NET moved successfully. C:\Program Files\Common Files\Μіcrosoft.NET moved successfully. C:\Program Files\Common Files\Мicrosoft.NET moved successfully. C:\Program Files\Common Files\Οracle moved successfully. C:\Documents and Settings\Owner\My Documents\Аdobe moved successfully. C:\Documents and Settings\Owner\My Documents\ΑppPatch moved successfully. C:\Documents and Settings\Owner\My Documents\Fοnts moved successfully. C:\Documents and Settings\Owner\My Documents\Μicrosoft.NET moved successfully. C:\Documents and Settings\Owner\My Documents\Οracle moved successfully. C:\Documents and Settings\Owner\My Documents\Оracle moved successfully. C:\Documents and Settings\Owner\My Documents\ѕеcurity moved successfully. C:\Documents and Settings\Owner\My Documents\Ѕуmantec moved successfully. C:\Documents and Settings\Owner\My Documents\ѕуstem moved successfully. C:\Documents and Settings\Owner\My Documents\ѕystem32 moved successfully. C:\Documents and Settings\Owner\My Documents\WіnSxS moved successfully. C:\Documents and Settings\Owner\Application Data\AрpPatch moved successfully. C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET moved successfully. C:\Documents and Settings\Owner\Application Data\Mіcrosoft moved successfully. C:\Documents and Settings\Owner\Application Data\Μіcrosoft moved successfully. C:\Documents and Settings\Owner\Application Data\Мicrosoft moved successfully. C:\Documents and Settings\Owner\Application Data\Οracle moved successfully. C:\Documents and Settings\Owner\Application Data\sуstem moved successfully. C:\Documents and Settings\Owner\Application Data\ѕystem moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET85B5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\sqlite_wDfVaxyCJp4oLAJ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFA669.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_053158 Files moved on Reboot... File move failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET85B5.tmp scheduled to be moved on reboot. File move failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_5f0.dat scheduled to be moved on reboot. File move failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\sqlite_wDfVaxyCJp4oLAJ scheduled to be moved on reboot. File move failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\WCESLog.log scheduled to be moved on reboot. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFA669.tmp moved successfully. And finally here is the DrWebb NDR67.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp;Trojan.DownLoader.45540;; setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;; KillWind.exe;C:\hp\bin;Tool.ProcessKill;; AIMFix.exe;C:\Program Files\AIMfix;Probably BACKDOOR.Trojan;; RealBar.dll;C:\Program Files\Common Files\Real\Toolbar;Adware.MegaSearch.origin;; Dc1.exe;C:\RECYCLER\S-1-5-21-3954494931-402546155-2136105918-1003;Trojan.Proxy.493;; A0015068.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP108;Trojan.Virtumod.365;; A0007046.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP99;Adware.Outer;; A0007047.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP99;Adware.ClickSpring;; BROWSEUI.exe;C:\WINDOWS\system32;Adware.IEDriver;; spool32.exe;C:\_OTMoveIt\MovedFiles\05152008_053158\Documents and Settings\Owner\Application Data\CURITY~1;Trojan.DownLoader.45540;; capesnpn.exe;C:\_OTMoveIt\MovedFiles\05152008_053158\WINDOWS\system32;Adware.IEDriver;; THANKS!!!

#15 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 16 May 2008 - 07:47 AM

Hi dspot122,

I also need a new HijackThis log, but here are some further instructions as well:

Please open this page in your browser:
http://www.bleepingc....php?channel=32

Fill in the link to topic field with a link to this topic
Copy/paste the following into the Browse to the file you want to submit field:

C:\WINDOWS\system32\BROWSEUI.exe

Then press Send File, this will upload the file for analysis

Once complete, please post a new HijackThis log. Also, let me know how your computer is running now.
ASAP & UNITE Member

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·