Desktop Hijacked With Red Screen And Bio Hazzard Symbol

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Desktop Hijacked With Red Screen And Bio Hazzard Symbol

Options

UH60wife View Member Profile	Jun 20 2008, 09:59 AM Post #1
New Member Group: Members Posts: 14 Joined: 20-June 08 Member No.: 217,424	This is my first time dealing with something like this, as well as posting on a help forum so please bare with me. This all started when I opened a zipped file, apon doing AVAST went off saying I had files infected with WIN32 LTS and another Saying WIN32 Bouncer-B [Tool]. I had avast delete the files, however soon after I started getting all kinds of false popups saying I was infected with all kinds of thing sand I should buy this and that. I googled the bouncer B and DLed a suggested removal tool spydocter, after dling and scanning I was then told to remove what it had found I have to buy the program. I then removed the program. Then my desktop changed to red with a bio hazzard symbol and said my privacy was in danger. I started looking that up and came across a thread that said to fix it using Smitfraudfix I followed the threads instructions pressing 2 and the cleaning registry. I fixed the Desktop Background and I reset my pic, only to come back later to a blue screen. Now it takes a very long time for my computer to start up, it will load my original desktop picture with out and icons or startup menu, then the screen goes blue and the icons load, the start up menu comes up I get a runtime error, and my automatic updates bubble pops up telling me that I am at risk that they are turned off, I tryed to turn them on manually but it wont let me. Then about 10-15 minutes after getting everything up and going I lose my icons and startup menu all that I can see is my browser windows if I have them open at the time. Im sorry if this is all very scattered Im trying to be as detailed as possiable, but not really sure what is relivant and what is not. I would greatly appreciate any help I can get! Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-20 23:28:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 29: 2008-06-20 14:28:27 UTC - RP614 - Deckard's System Scanner Restore Point 28: 2008-06-20 09:19:34 UTC - RP613 - System Checkpoint 27: 2008-06-19 08:22:59 UTC - RP612 - System Checkpoint 26: 2008-06-18 06:58:34 UTC - RP611 - Spyware Doctor: Cleaning Threats 25: 2008-06-18 06:16:20 UTC - RP610 - Last known good configuration -- First Restore Point -- 1: 2008-06-18 06:16:06 UTC - RP586 - System Checkpoint Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 80% (more than 75%). Total Physical Memory: 479 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:31:38, on 6/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hphmon07.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\HP\digital imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QXK Olive - {72492997-CCC3-4C07-BCB8-D2D7BFB65F7F} - C:\WINDOWS\ksendlbtdpl.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8E820B6C-3F42-4594-AE1B-1998DF4CF042} - C:\WINDOWS\system32\khfGwWMd.dll O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file) O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\urqQggfg.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file) O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\WINDOWS\vrmdtneg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\nwujyypf.dll",b O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: urqQggfg - C:\WINDOWS\SYSTEM32\urqQggfg.dll O21 - SSODL: VoidDriveMon - {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 10497 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt> S0 fcdabus - c:\windows\system32\drivers\fcdabus.sys (file missing) S0 FVXSCSI - c:\windows\system32\drivers\fvxscsi.sys (file missing) S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module> S3 TnIDriver - c:\docume~1\owner\locals~1\temp\tni1fca.tmp (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-20 23:09:01 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2008-06-19 03:00:00 372 --a------ C:\WINDOWS\Tasks\RegCure.job -- Files created between 2008-05-20 and 2008-06-20 ----------------------------- 2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive 2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games 2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel 2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007 2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone 2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro 2008-06-20 17:56:11 91392 --a------ C:\WINDOWS\system32\nwujyypf.dll 2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups 2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft 2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL 2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView 2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft 2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents 2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings 2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites 2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop 2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies 2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data 2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver 2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates 2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu 2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo 2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood 2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT 2008-06-18 20:21:22 0 d-------- C:\WINDOWS\system32\763444 2008-06-18 15:22:34 0 --a------ C:\WINDOWS\PowerReg.dat 2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager 2008-06-18 15:15:55 127214 --ahs---- C:\WINDOWS\system32\dMWwGfhk.ini2 2008-06-18 15:15:51 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll 2008-06-18 14:22:12 180224 --a------ C:\WINDOWS\xvorfwbd.dll 2008-06-18 14:22:12 155648 --a------ C:\WINDOWS\vrmdtneg.dll 2008-06-18 14:22:12 94208 --a------ C:\WINDOWS\exwd.exe 2008-06-18 14:21:08 28800 --a------ C:\WINDOWS\system32\urqQggfg.dll 2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools -- Find3M Report --------------------------------------------------------------- 2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files 2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}] C:\WINDOWS\ksendlbtdpl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E820B6C-3F42-4594-AE1B-1998DF4CF042}] 06/18/2008 15:15 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}] 06/18/2008 14:21 28800 --a------ C:\WINDOWS\system32\urqQggfg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24] "SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32] "nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40] "HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08] "HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55] "NWEReboot"="" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00] "00802cab"="C:\WINDOWS\system32\nwujyypf.dll" [06/20/2008 17:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "p2p networking"=p2pnetworking.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExec uteHooks] "{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\urqQggfg.dll [06/18/2008 14:21 28800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject DelayLoad] "VoidDriveMon"= {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll [06/18/2008 20:21 12838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQggfg] urqQggfg.dll 06/18/2008 14:21 28800 C:\WINDOWS\system32\urqQggfg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGwWMd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint s2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint s2\{bd5d32d1-5c90-11d9-926d-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint s2\{d03084d1-6658-11d9-8f0e-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint s2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}] AutoRun\command- "K:\Install FreeAgent Tools.exe" /run -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7820 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-20 23:33:30 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Sempron™ Processor 3100+ Percentage of Memory in Use: 69% Physical Memory (total/avail): 478.42 MiB / 144.29 MiB Pagefile Memory (total/avail): 975.3 MiB / 656.71 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.91 MiB C: is Fixed (NTFS) - 88.39 GiB total, 60.76 GiB free. D: is Fixed (FAT32) - 4.76 GiB total, 2.71 GiB free. E: is CDROM (Unformatted) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 88.39 GiB - C: \PARTITION1 - Unknown - 4.76 GiB - D: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntivirusOverride is set. AV: avast! antivirus 4.7.1098 [VPS 080107-0] v4.7.1098 (ALWIL Software) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\D omainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\S tandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe::Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe::Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe::Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe::Enabled:AOL" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Disabled:LimeWire" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe::Enabled:µTorrent" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe::Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe::Enabled:hpqste08.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe::Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe::Enabled:hposfx08.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe::Enabled:hposid01.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe::Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe::Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe::Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe::Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe::Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe::Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe::Enabled:hpqdia.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe::Enabled:hpoews01.exe" "C:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe::Enabled:hpqnrs08.exe" "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe::Enabled:Morpheus" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe::Enabled:BitLord" "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe::Enabled:Opera Internet Browser" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"="C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe::Enabled:Wheel of Fortune Deluxe" "C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"="C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe::Enabled:Sid Meier's Civilization 4 Gold" "C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"="C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe::Enabled:Sid Meier's Civilization 4: Warlords" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=THETUCKERFAMILY ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LANG=C LOGONSERVER=\\THETUCKERFAMILY NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\GTK\2.0\BIN;C:\PYTHON25\;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SY STEM32; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2c02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=THETUCKERFAMILY USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Owner (admin)* Administrator.THETUCKERFAMILY (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\HP\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot HP Photosmart and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}\setup\hpzscr01.exe -datfile hpiscr01.dat hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA} InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328} Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetu p "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetu p "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9 Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Flash Player 8 --> MsiExec.exe /X{A3703922-84E3-4318-B0A1-04EFAD449A04} Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{48D9A460-9FA3-4E16-9533-2DF1C1F5129F} Majesty - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{212125C1-E5A3-4810-A057-C20FB2A79327}\setup.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11 Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B} Photosmart 330,380 Series --> C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\setup\hpzscr01.exe -datfile hphscr01.dat PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetu p "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Security Update for Step By Step Interactive Training (KB898458) --> SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type4058 / Error Event Submitted/Written: 06/20/2008 07:34:50 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type4053 / Error Event Submitted/Written: 06/20/2008 01:42:32 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00a600ca. Processing media-specific event for [hpqste08.exe!ws!] Event Record #/Type4034 / Error Event Submitted/Written: 06/19/2008 01:03:16 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x009beadc. Processing media-specific event for [hpqste08.exe!ws!] Event Record #/Type4032 / Error Event Submitted/Written: 06/19/2008 00:25:39 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application vacfix.exe, version 0.12.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00002664. Processing media-specific event for [vacfix.exe!ws!] Event Record #/Type4024 / Error Event Submitted/Written: 06/18/2008 08:45:55 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [rundll32.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type12021687 / Error Event Submitted/Written: 06/20/2008 11:11:13 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: FVXSCSI -- End of Deckard's System Scanner: finished at 2008-06-20 23:33:30 ------------ ------------ Sorry I couldnt find The edit button to post the Kaspersky Scan results. Here they are. Once agian Thank you for taking the time to help me out KASPERSKY ONLINE SCANNER 7 REPORT Monday, June 23, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 22, 2008 11:11:26 Records in database: 880097 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics Files scanned 106023 Threat name 10 Infected objects 15 Suspicious objects 0 Duration of the scan 01:53:03 File name Threat name Threats count C:\Deckard\System Scanner\20080622204217\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for count.jar-28590ead-69c4f914.zip\BlackBox.class Infected: Exploit.Java.ByteVerify 1 C:\Deckard\System Scanner\20080622204217\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\G1MZ41YN\counter[1].htm Infected: Exploit.HTML.IESlice.p 1 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-69c4f914.zip Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-69c4f914.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-631f0119.zip Infected: Exploit.Java.Gimsh.b 1 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-2221c4bc.zip Infected: Exploit.Java.Gimsh.b 1 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6ef1b888.zip Infected: Exploit.Java.Gimsh.b 1 C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\WINDOWS\exwd.exe Infected: Trojan.Win32.Vapsup.gzo 1 C:\WINDOWS\Resources\VoidDriveMon.dll Infected: Trojan.Win32.Agent.ryf 1 C:\WINDOWS\system32\763444\763444.dll Infected: not-a-virus:AdWare.Win32.E404.dj 1 C:\WINDOWS\vrmdtneg.dll Infected: Trojan.Win32.Vapsup.gzq 1 C:\WINDOWS\xvorfwbd.dll Infected: Trojan.Win32.Vapsup.gxx 1 The selected area was scanned. Merged posts. ~ OB This post has been edited by Orange Blossom: Jun 22 2008, 08:52 PM

fenzodahl512 View Member Profile	Jun 28 2008, 03:43 AM Post #2
Distinguished Member Group: HJT Team Posts: 766 Joined: 4-December 07 Member No.: 174,482	Hello, my name is fenzodahl512 and welcome to BC.. Since its already one week from your first post, please post a fresh Deckard System Scanner log for further review... Regards fenzodahl512 -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..

UH60wife View Member Profile	Jun 28 2008, 10:34 PM Post #3
New Member Group: Members Posts: 14 Joined: 20-June 08 Member No.: 217,424	Thank you so very much for helping me. I know you guys are super busy! Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-29 12:30:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 90% (more than 75%). Total Physical Memory: 479 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:44, on 6/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hphmon07.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\digital imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QXK Olive - {72492997-CCC3-4C07-BCB8-D2D7BFB65F7F} - C:\WINDOWS\ksendlbtdpl.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file) O2 - BHO: (no name) - {EBA6CB1B-6025-443E-B39D-DA9EF13CF0C0} - C:\WINDOWS\system32\khfGwWMd.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file) O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\WINDOWS\vrmdtneg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\vgkquqhy.dll",b O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O21 - SSODL: VoidDriveMon - {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 10571 bytes -- Files created between 2008-05-29 and 2008-06-29 ----------------------------- 2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive 2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games 2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel 2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007 2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone 2008-06-28 18:47:03 92032 --a------ C:\WINDOWS\system32\vgkquqhy.dll 2008-06-22 19:01:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager 2008-06-22 18:42:04 91904 --a------ C:\WINDOWS\system32\kbqmwxht.dll 2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro 2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups 2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft 2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek 2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL 2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView 2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft 2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents 2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings 2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites 2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop 2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies 2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data 2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver 2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates 2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu 2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo 2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood 2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood 2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT 2008-06-18 20:21:22 0 d-------- C:\WINDOWS\system32\763444 2008-06-18 15:22:34 0 --a------ C:\WINDOWS\PowerReg.dat 2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager 2008-06-18 15:15:55 86751 --ahs---- C:\WINDOWS\system32\dMWwGfhk.ini2 2008-06-18 15:15:51 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll 2008-06-18 14:22:12 180224 --a------ C:\WINDOWS\xvorfwbd.dll 2008-06-18 14:22:12 155648 --a------ C:\WINDOWS\vrmdtneg.dll 2008-06-18 14:22:12 94208 --a------ C:\WINDOWS\exwd.exe 2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools -- Find3M Report --------------------------------------------------------------- 2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files 2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}] C:\WINDOWS\ksendlbtdpl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBA6CB1B-6025-443E-B39D-DA9EF13CF0C0}] 06/18/2008 15:15 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24] "SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32] "nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40] "HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08] "HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55] "NWEReboot"="" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00] "00802cab"="C:\WINDOWS\system32\vgkquqhy.dll" [06/28/2008 18:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "p2p networking"=p2pnetworking.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "VoidDriveMon"= {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll [06/18/2008 20:21 12838] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGwWMd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}] AutoRun\command- "K:\Install FreeAgent Tools.exe" /run -- End of Deckard's System Scanner: finished at 2008-06-29 12:31:43 ------------

fenzodahl512 View Member Profile	Jun 29 2008, 03:27 AM Post #4
Distinguished Member Group: HJT Team Posts: 766 Joined: 4-December 07 Member No.: 174,482	Hello, thanks for the reply.. Please do the following.... Please visit below webpage for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log. Regards fenzodahl512 -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..

UH60wife

Jun 29 2008, 10:11 PM

Post #5

New Member

Group: Members
Posts: 14
Joined: 20-June 08
Member No.: 217,424

ComboFix 08-06-20.4 - Owner 2008-06-29 21:37:35.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\Dxccwrd.dll
C:\Documents and Settings\Owner\Application Data\Dxcdmns.dll
C:\Documents and Settings\Owner\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Dxc.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\exwd.exe
C:\WINDOWS\resources\VoidDriveMon.dll
C:\WINDOWS\system32\763444
C:\WINDOWS\system32\763444\763444.dll
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\dMWwGfhk.ini
C:\WINDOWS\system32\dMWwGfhk.ini2
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\eulfmaho.ini
C:\WINDOWS\system32\fpyyjuwn.ini
C:\WINDOWS\system32\gdkobyny.ini
C:\WINDOWS\system32\gpopqxih.ini
C:\WINDOWS\system32\juvwlwqr.ini
C:\WINDOWS\system32\khfGwWMd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrgyghin.ini
C:\WINDOWS\system32\pmioeywo.ini
C:\WINDOWS\system32\qwmofxeb.ini
C:\WINDOWS\system32\thxwmqbk.ini
C:\WINDOWS\system32\vfjdraeh.ini
C:\WINDOWS\system32\winio.vxd
C:\WINDOWS\system32\wnngixpy.ini
C:\WINDOWS\system32\yhquqkgv.ini
C:\WINDOWS\vrmdtneg.dll
C:\WINDOWS\xvorfwbd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2009-01-30 16:24 . 1998-09-25 19:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2009-01-30 16:24 . 1998-06-17 19:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2009-01-30 16:24 . 1997-01-23 04:45 484,352 --a------ C:\WINDOWS\system32\MSVCP50D.DLL
2009-01-30 16:24 . 2000-03-07 19:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2009-01-30 16:24 . 1998-06-17 19:00 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL
2009-01-30 16:21 . 2009-01-30 16:21 <DIR> d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31 . 2009-01-10 09:31 <DIR> d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23 . 2009-01-10 09:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2009-01-09 15:23 . 2001-08-18 09:02 9,600 --a--