Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups


  • Please log in to reply
26 replies to this topic

#1 LostLearner

LostLearner

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 12 November 2007 - 08:19 AM

I keep getting popus and I've found my Internet Options, Privacy Settings keep going to Accept All Cookies. After Running these programs all day Sunday Nov, 11 2007.... All day long. I still have these. Here is a lis of programs I ran yesterday... Ad-Aware, SpyBot S&D, BitDefender 3 times, Nortons Anti Virus, and I have Windows Defender. And McAfee stinger, McAfee didn't find anything.

I tride running in Safe mode and my Windows Explorer kept shutting down. I tried restartting Windows explorer several times and It would go bake to a black screen. I did remover a lot with BitDefender... I love that one... Anyway after all that i ran HijackThis. Here is the report...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:30 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Big Free Clock\bigclock.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Global Startup: Rogers Yahoo! Online Protection.lnk = C:\Program Files\Yahoo!\YOP\yop.exe
O4 - Global Startup: Shortcut to Navw32.exe.lnk = C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 14148 bytes

Please let me know If I need to do anything else. I'm still new at this. Thanks

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 November 2007 - 10:46 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum LostLearner :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 13 November 2007 - 08:46 AM

Thanks Richie,I followed your instructions as best I could. When I booted into Safe Mode to run the SDFix I again had no Explorer so I pressed CTRL-ALT-DEL and went to "File\New Task (Run...) and Browsed to C:\SDFix\RunThis.bat, After running SDFix and rebooting I was scared out of my mind with all the popups coming up, then I went back to your instructions that I had printed out and had to find Combofix to download.I had to do it from another computer. Sorry about that... ( Wife and KIds... )

Anyway here are the results you were asking for... I'm not sure if you want them all but I will give you what I think you're asking for.

SDFix:

SDFix: Version 1.114

Run by James I. Calhoun on Mon 11/12/2007 at 10:00 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Z.DAT - Deleted
C:\n.bat - Deleted
C:\winlogon.exe - Deleted


Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Combofix

ComboFix 07-11-08.1 - James I. Calhoun 2007-11-13 7:32:06.1 - NTFSx86
Running from: C:\Documents and Settings\James I. Calhoun\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Live Safety Center.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\wtvkitzu.dllbox
C:\z.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:04 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
O2 - BHO: (no name) - {2970A353-E514-4109-BA5D-9A48A4F08DE9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64FFD52D-0EA9-4A27-A1E5-DD41E6AAB8D4} - C:\WINDOWS\system32\ddabc.dll
O2 - BHO: {8feca502-34ea-25eb-dc54-9fc6b1fbeac6} - {6caebf1b-6cf9-45cd-be52-ae43205acef8} - C:\WINDOWS\system32\mfiosfqg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wtvkitzu.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} - (no file)
O2 - BHO: (no name) - {D315BA3D-6909-4DC8-A993-A3C54C623B67} - (no file)
O2 - BHO: (no name) - {F1B4E23C-73C6-4462-8196-0EC774169B2F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wtvkitzu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4c4f8a30] rundll32.exe "C:\WINDOWS\system32\gaeetnko.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Global Startup: Rogers Yahoo! Online Protection.lnk = C:\Program Files\Yahoo!\YOP\yop.exe
O4 - Global Startup: Shortcut to Navw32.exe.lnk = C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\SYSTEM32\tuvsrqq.dll
O20 - Winlogon Notify: wtvkitzu - C:\WINDOWS\SYSTEM32\wtvkitzu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 15636 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 13 November 2007 - 08:52 AM

Could you post the entire contents of C:\Combofix.txt
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Posted Image
Posted Image

#5 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 13 November 2007 - 09:03 AM

Thanks Richie,I followed your instructions as best I could. When I booted into Safe Mode to run the SDFix I again had no Explorer so I pressed CTRL-ALT-DEL and went to "File\New Task (Run...) and Browsed to C:\SDFix\RunThis.bat, After running SDFix and rebooting I was scared out of my mind with all the popups coming up, then I went back to your instructions that I had printed out and had to find Combofix to download.I had to do it from another computer. Sorry about that... ( Wife and KIds... )
Anyway here are the results you were asking for... I'm not sure if you want them all but I will give you what I think you're asking for.


SDFix:
SDFix: Version 1.114

Run by James I. Calhoun on Mon 11/12/2007 at 10:00 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Z.DAT - Deleted
C:\n.bat - Deleted
C:\winlogon.exe - Deleted


Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Combofix:

ComboFix 07-11-08.1 - James I. Calhoun 2007-11-13 7:32:06.1 - NTFSx86
Running from: C:\Documents and Settings\James I. Calhoun\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Live Safety Center.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\wtvkitzu.dllbox
C:\z.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:04 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
O2 - BHO: (no name) - {2970A353-E514-4109-BA5D-9A48A4F08DE9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64FFD52D-0EA9-4A27-A1E5-DD41E6AAB8D4} - C:\WINDOWS\system32\ddabc.dll
O2 - BHO: {8feca502-34ea-25eb-dc54-9fc6b1fbeac6} - {6caebf1b-6cf9-45cd-be52-ae43205acef8} - C:\WINDOWS\system32\mfiosfqg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wtvkitzu.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} - (no file)
O2 - BHO: (no name) - {D315BA3D-6909-4DC8-A993-A3C54C623B67} - (no file)
O2 - BHO: (no name) - {F1B4E23C-73C6-4462-8196-0EC774169B2F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wtvkitzu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4c4f8a30] rundll32.exe "C:\WINDOWS\system32\gaeetnko.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Global Startup: Rogers Yahoo! Online Protection.lnk = C:\Program Files\Yahoo!\YOP\yop.exe
O4 - Global Startup: Shortcut to Navw32.exe.lnk = C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\SYSTEM32\tuvsrqq.dll
O20 - Winlogon Notify: wtvkitzu - C:\WINDOWS\SYSTEM32\wtvkitzu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 15636 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 13 November 2007 - 09:28 AM

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it later once you're system is clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\tuvsrqq.dll
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\mfiosfqg.dll
C:\WINDOWS\system32\wtvkitzu.dll
C:\WINDOWS\system32\gaeetnko.dll

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} - (no file)
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
O2 - BHO: (no name) - {2970A353-E514-4109-BA5D-9A48A4F08DE9} - (no file)
O2 - BHO: (no name) - {64FFD52D-0EA9-4A27-A1E5-DD41E6AAB8D4} - C:\WINDOWS\system32\ddabc.dll
O2 - BHO: {8feca502-34ea-25eb-dc54-9fc6b1fbeac6} - {6caebf1b-6cf9-45cd-be52-ae43205acef8} - C:\WINDOWS\system32\mfiosfqg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} - (no file)
O2 - BHO: (no name) - {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wtvkitzu.dll
O2 - BHO: (no name) - {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} - (no file)
O2 - BHO: (no name) - {D315BA3D-6909-4DC8-A993-A3C54C623B67} - (no file)
O2 - BHO: (no name) - {F1B4E23C-73C6-4462-8196-0EC774169B2F} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wtvkitzu.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [4c4f8a30] rundll32.exe "C:\WINDOWS\system32\gaeetnko.dll",b
O4 - Global Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\SYSTEM32\tuvsrqq.dll
O20 - Winlogon Notify: wtvkitzu - C:\WINDOWS\SYSTEM32\wtvkitzu.dll

Exit Hijackthis.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#7 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 13 November 2007 - 08:46 PM

IT seems to be getting better. I think I'm catching on to some of the stuff you're looking at. It still hasn't remonved the "tuvsrqq.dll" file info yet. I was going to try deletting it from the Registry But I thought you may want to do something different... So I've left it for now.


Here are the files you asked for...
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

Extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1022.42 MiB / 478.55 MiB
Pagefile Memory (total/avail): 2459.5 MiB / 1984.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.19 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 91.96 GiB free.
D: is Fixed (NTFS) - 74.52 GiB total, 42.97 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250620AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD800JD-00JNC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\James I. Calhoun\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIM
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\James I. Calhoun
LOGONSERVER=\\JIM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\WINDOWS\DPDrv;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JAMESI~1.CAL\LOCALS~1\Temp
TMP=C:\DOCUME~1\JAMESI~1.CAL\LOCALS~1\Temp
USERDOMAIN=JIM
USERNAME=James I. Calhoun
USERPROFILE=C:\Documents and Settings\James I. Calhoun
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

James I. Calhoun (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActiveHome™ --> C:\WINDOWS\DEL_AH.EXE C:\PROGRA~1\HOMECO~1\INSTALL.LOG "Uninstall ActiveHome™"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adventure Pinball --> C:\Program Files\AdventurePinball\System\Setup.exe uninstall "Adventure Pinball"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Army Men --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The 3DO Company\Army Men\Uninst.isu"
Army Men Sarge's War --> MsiExec.exe /I{FCC373B6-1FBD-4280-A4BF-E371095DABE8}
Auto Gordian Knot 2.27 --> C:\Program Files\AutoGK\uninst.exe
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Free Clock --> C:\Program Files\Big Free Clock\Uninstal.exe
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
BOSS Fonts Manager --> C:\WINDOWS\IsUninst.exe -fC:\BOSSFonts\Uninst.isu
Canon CanoScan Toolbox 5.0 --> "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
Canon S750 --> C:\WINDOWS\system32\CNMCP3q.exe "-PRINTERNAMECanon S750" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmi0409.dll"
CanoScan LiDE 70 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x0009
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CloneCD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Elaborate Bytes\CloneCD\Uninst.isu" -c"C:\Program Files\Elaborate Bytes\CloneCD\InstallHelp.dll"
Codec Pack - All In 1 6.0.2.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertMovie 1.1 --> C:\Program Files\ConvertMovie 1.1\uninst.exe
Core Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
DAEMON Tools --> MsiExec.exe /I{83895843-3A51-4C93-9DF3-2BDB65C7E54A}
DigitalPersona Password Manager 1.0.1 --> MsiExec.exe /I{C6C136D9-B41E-46ED-A8ED-A84D18B7CA31}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMI Browse --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.5.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
Easy Video Splitter 1.28 --> "C:\Program Files\Easy Video Splitter\unins000.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Faces --> C:\WINDOWS\iun6002.exe "C:\Program Files\Faces\irunin.ini"
ffdshow [rev 1272] [2007-06-10] --> "C:\Program Files\ffdshow\unins000.exe"
Film Factory --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Foto Fusion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E89726D-13A9-45BC-A4D8-B9EF8EF42409}\setup.exe"
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
Games X Copy --> MsiExec.exe /X{22CDDA47-7205-4C64-B594-C94C5EE2CE70}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Guitar Pro 5.1 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HC PC-Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
Icon Lock-iT 2000 - 21 day trial --> C:\PROGRA~1\MOONVA~1\ICONLO~1\UNWISE.EXE C:\PROGRA~1\MOONVA~1\ICONLO~1\INSTALL.LOG
InfoView --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo Home Theater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL
InterVideo WinDVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
iSofter DVD Ripper Platinum 3.0.2007.205 --> "C:\Program Files\iSofter\DVDPlatinum\unins000.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_c33cd5\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LifeView TVR --> C:\Program Files\LifeView TVR\Uninstal.EXE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitechģ Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Luxor - Amun Rising --> "C:\Program Files\Oberon Media\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Oberon Media\Luxor - Amun Rising\install.log"
Macrogaming SweetIM 2.1 --> MsiExec.exe /X{6F9962AA-C9C7-47CF-B73C-19AF479530D3}
Messiah --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Shiny\Messiah\Uninst.isu"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Ree Ree Khao San Pack --> MsiExec.exe /X{CE78496E-7E42-45A7-91AE-7A349C97C7E9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Windows Theme Nunavut --> MsiExec.exe /X{047815FB-4E38-42D5-95CB-8A131DDD8668}
Microsoft Windows Theme Ontario --> MsiExec.exe /X{9757283E-3FCA-4F3D-9257-928859318E55}
Mobile Phone Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BAA26DB-2D4E-42B6-BC3F-3B58144A64B6} /l1033
Motorola homesight™ Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\James I. Calhoun\Application Data\InstallShield Installation Information\{6D576488-B9AE-42A6-991A-92740A9FA447}\setup.exe" -l0x9
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NILE THEME --> MsiExec.exe /X{B19C841C-D60A-462F-AB86-4FDD51A77FA3}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Panasonic MPEG1 Encoder Software Ver.2.51 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PWI\Encoder2.51\Uninst.isu"
PC Camera (6029 CIF) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\Setup.exe" -l0x9
PENTAX Optio 60 Driver --> C:\PROGRA~1\PENTAX~1\UNWISE.EXE C:\PROGRA~1\PENTAX~1\INSTALL.LOG
PerformanceTest v6.1 --> "C:\Program Files\PerformanceTest\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Powertoys For Windows XP --> MsiExec.exe /I{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}
Presto! PageManager 7.15.14 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Safeworld PC Surveillance --> C:\Program Files\Safeworld PC Surveillance\SafeWorld.exe /uninstall
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel USB-IR Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\Setup.exe"
SiSoftware Sandra Lite XII --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\unins000.exe"
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson PC Suite --> MsiExec.exe /I{26B5D684-75D6-44B9-BBFF-D4100F43092A}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Trek Armada II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Activision\Star Trek Armada II\STA2.isu"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SweetIM For Internet Explorer 3.0b --> MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
Theme Hospital --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TVR --> C:\Program Files\LifeView TVR\Uninstal.EXE
Ulead PhotoImpact 10 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE58B892-3825-4610-A6A2-E6EFCA83BD97}\Setup.exe" -l0x9
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB 2.0 Setup program --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VIA Technologies, INC.\USB 2.0 Setup program\Uninst.isu"
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.2 final uninstall --> "C:\Program Files\XviD\unins001.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type24814 / Success
Event Submitted/Written: 11/13/2007 07:26:06 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type24809 / Warning
Event Submitted/Written: 11/13/2007 07:23:50 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type24808 / Warning
Event Submitted/Written: 11/13/2007 07:23:50 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type24781 / Success
Event Submitted/Written: 11/13/2007 07:17:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type24776 / Warning
Event Submitted/Written: 11/13/2007 07:14:12 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type975191 / Error
Event Submitted/Written: 11/13/2007 07:25:25 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type975189 / Error
Event Submitted/Written: 11/13/2007 07:24:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Philips WDM Video Decoder service failed to start due to the following error:
%%1058

Event Record #/Type975188 / Error
Event Submitted/Written: 11/13/2007 07:24:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Remote HID Service service failed to start due to the following error:
%%2

Event Record #/Type975187 / Error
Event Submitted/Written: 11/13/2007 07:24:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAA7130 TV Card service failed to start due to the following error:
%%1058

Event Record #/Type975186 / Error
Event Submitted/Written: 11/13/2007 07:24:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The %OWC_USBEHCD.DeviceDesc% service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2007-11-13 20:23:10 ------------


Main.txt

Deckard's System Scanner v20071014.68
Run by James I. Calhoun on 2007-11-13 20:19:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2007-11-14 01:19:44 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2007-11-13 23:56:40 UTC - RP7 - Software Distribution Service 3.0
6: 2007-11-13 22:04:09 UTC - RP6 - Last known good configuration
5: 2007-11-13 22:03:04 UTC - RP5 - ComboFix created restore point
4: 2007-11-13 22:03:02 UTC - RP4 - Windows Defender Checkpoint


-- First Restore Point --
1: 2007-11-13 22:03:00 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-13 20:22:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TaskSwitch.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Big Free Clock\bigclock.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\James I. Calhoun\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
O2 - BHO: (no name) - {369E17F9-CD9E-4E4F-BA60-36A4479F2E11} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: Rogers Yahoo! Online Protection.lnk = ?
O4 - Global Startup: Shortcut to Navw32.exe.lnk = C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\system32\tuvsrqq.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe
O24 - Desktop Component 0: - O24 - Desktop Component 1: - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gifO24 - Desktop Component 2: - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.pngO24 - Desktop Component 3: - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 14863 bytes

-- HijackThis Fixed Entries (C:\Program Files\Trend Micro\HijackThis\backups\) -

backup-20071113-201135-155 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20071113-201135-175 O2 - BHO: (no name) - {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} - (no file)
backup-20071113-201135-176 O4 - HKLM\..\Run: [ScanRegistry] C:\W
backup-20071113-201135-208 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
backup-20071113-201135-382 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20071113-201135-438 O2 - BHO: (no name) - {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} - (no file)
backup-20071113-201135-462 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
backup-20071113-201135-545 O2 - BHO: (no name) - {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} - (no file)
backup-20071113-201135-648 O2 - BHO: (no name) - {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} - (no file)
backup-20071113-201135-659 O2 - BHO: (no name) - {F1B4E23C-73C6-4462-8196-0EC774169B2F} - (no file)
backup-20071113-201135-665 O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\SYSTEM32\tuvsrqq.dll
backup-20071113-201135-680 O2 - BHO: (no name) - {369E17F9-CD9E-4E4F-BA60-36A4479F2E11} - C:\WINDOWS\system32\mlljj.dll
backup-20071113-201135-684 O2 - BHO: (no name) - {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} - (no file)
backup-20071113-201135-690 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071113-201135-698 O2 - BHO: (no name) - {D315BA3D-6909-4DC8-A993-A3C54C623B67} - (no file)
backup-20071113-201135-710 O15 - Trusted Zone: http://www.msi.com.tw
backup-20071113-201135-820 O4 - Global Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
backup-20071113-201135-823 O2 - BHO: {8feca502-34ea-25eb-dc54-9fc6b1fbeac6} - {6caebf1b-6cf9-45cd-be52-ae43205acef8} - C:\WINDOWS\system32\mfiosfqg.dll (file missing)
backup-20071113-201135-858 O2 - BHO: (no name) - {2970A353-E514-4109-BA5D-9A48A4F08DE9} - (no file)
backup-20071113-201135-901 O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
backup-20071113-201617-131 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
backup-20071113-201824-446 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 gxc108b - c:\windows\system32\drivers\gxc108b.sys
R0 gxc108p - c:\windows\system32\drivers\gxc108p.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R3 actser - c:\windows\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 LVCap138 (LifeView LR138 Capture Driver) - c:\windows\system32\drivers\lvcap138.sys <Not Verified; Animation Technologies Inc.; Lifeview ® LR138 TV Card>
R3 lvtuner (LifeView WDM TV Tuner) - c:\windows\system32\drivers\lvtuner.sys <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>

S2 OMSCAN - \sysö?? (file missing)
S2 ousbehci (%OWC_USBEHCD.DeviceDesc%) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S3 avcgbdr (Adaptec GameBridge AVC-14X0/15X0) - c:\windows\system32\drivers\avcgbdr.sys (file missing)
S3 avcgbfl (Adaptec GameBridge AVC-14X0/15X0 Loader) - c:\windows\system32\drivers\avcgbfl.sys (file missing)
S3 catchme - c:\docume~1\jamesi~1.cal\locals~1\temp\catchme.sys (file missing)
S3 DualCoreCenter - c:\program files\ati technologies\ati.ace\ntglm7x.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 FLASHSYS - c:\windows\system32\drivers\flashsys.sys
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 jfdcd - c:\docume~1\jamesi~1.cal\locals~1\temp\jfdcd.sys (file missing)
S3 NRKCTL32 - d:\my shared\computer info i need this\computer info i need this\nrkctl32.sys (file missing)
S3 nuvaud2 (NUVision II Audio Service) - c:\windows\system32\drivers\nuvaud2.sys <Not Verified; Zoran Ltd.; USBVision>
S3 NUVision (SuperXan USBVision (4)) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Zoran Ltd.; USBVision>
S3 nuvvid2 (NUVision II Video Service) - c:\windows\system32\drivers\nuvvid2.sys <Not Verified; Zoran Ltd.; USBVision>
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI CoreCenter>
S3 RushTopDevice2 - c:\program files\ati technologies\ati.ace\rushtop.sys (file missing)
S3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
S3 STIrUsb (STIrUsb.sys SigmaTel USB-IrDA Adapter) - c:\windows\system32\drivers\irstusb.sys <Not Verified; SigmaTel, Inc.; SigmaTel STIr>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DPFUSMgr (Windows XP FUS Manager) - c:\program files\digitalpersona\bin\dpfusmgr.exe <Not Verified; DigitalPersona, Inc.; DPFUSMgr Module>
R2 DpHost (Biometric Authentication Service) - c:\program files\digitalpersona\bin\dphost.exe <Not Verified; DigitalPersona, Inc.; DPHOST Module>

S2 LvHidSvc (Remote HID Service) - c:\windows\system32\lvhidsvc.exe (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-13 19:26:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-12 20:00:16 598 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - James I. Calhoun.job
2007-11-12 12:42:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-13 and 2007-11-13 -----------------------------

2007-11-13 17:02:49 8630 --ahs---- C:\WINDOWS\system32\jjllm.ini2
2007-11-13 17:02:42 313440 --a------ C:\WINDOWS\system32\mlljj.dll
2007-11-13 07:08:03 81472 --a------ C:\WINDOWS\system32\qwitxlwp.dll
2007-11-12 21:59:01 0 d-------- C:\WINDOWS\ERUNT
2007-11-12 21:51:58 0 d-------- C:\Program Files\Sun
2007-11-12 21:46:14 0 d-------- C:\Program Files\Common Files\Java
2007-11-12 21:28:22 144480 --a------ C:\WINDOWS\system32\sthrjjja.dll
2007-11-12 21:25:28 81472 --a------ C:\WINDOWS\system32\qbvbdqfw.dll
2007-11-12 21:25:22 89664 --a------ C:\WINDOWS\system32\lgemxont.dll
2007-11-12 06:50:37 0 d-------- C:\Program Files\Trend Micro
2007-11-11 15:24:13 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 00:00:42 85056 --a------ C:\WINDOWS\system32\qygvfxuj.dll
2007-11-11 00:00:25 81472 --a------ C:\WINDOWS\system32\xvluohfi.dll
2007-11-10 14:02:54 81472 --a------ C:\WINDOWS\system32\qkwnojqh.dll
2007-11-10 13:59:53 85056 --a------ C:\WINDOWS\system32\nqgarcgv.dll
2007-11-09 23:32:58 88128 --a------ C:\WINDOWS\system32\ggyexswa.dll
2007-11-09 20:59:33 77888 --a------ C:\WINDOWS\system32\staqcnns.dll
2007-11-09 20:53:56 88128 --a------ C:\WINDOWS\system32\tewmctyo.dll
2007-11-09 16:11:01 88128 --a------ C:\WINDOWS\system32\wdnnmmix.dll
2007-11-09 16:08:02 77888 --a------ C:\WINDOWS\system32\insnrnwu.dll
2007-11-09 09:48:29 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-09 08:42:27 88128 --a------ C:\WINDOWS\system32\afgcbitl.dll
2007-11-09 08:42:21 77888 --a------ C:\WINDOWS\system32\seqtvoti.dll
2007-11-09 08:41:45 35328 --a------ C:\WINDOWS\system32\ssqrqoo.dll
2007-11-09 08:07:39 77888 --a------ C:\WINDOWS\system32\poclcbyj.dll
2007-11-09 08:04:39 88128 --a------ C:\WINDOWS\system32\evehqhvy.dll
2007-11-08 23:20:47 80448 --a------ C:\WINDOWS\system32\pfnwajxl.dll
2007-11-08 20:01:54 80448 --a------ C:\WINDOWS\system32\fiktyqhu.dll
2007-11-08 18:13:32 80448 --a------ C:\WINDOWS\system32\kkhtnbmp.dll
2007-11-08 13:05:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-08 12:58:20 0 dr-h----- C:\Documents and Settings\James I. Calhoun\Recent
2007-11-08 07:13:46 80448 --a------ C:\WINDOWS\system32\cqawxsee.dll
2007-11-07 20:23:34 35328 --a------ C:\WINDOWS\system32\qomlmji.dll
2007-11-06 09:21:38 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-06 09:18:12 35328 --a------ C:\WINDOWS\system32\tuvsrqq.dll
2007-11-06 09:17:52 0 d-------- C:\WINDOWS\system32\Mz18r
2007-11-05 19:08:55 0 d-------- C:\Program Files\ABF software
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-13 20:21:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-12 21:51:29 0 d-------- C:\Program Files\Java
2007-11-12 21:46:14 0 d-------- C:\Program Files\Common Files
2007-11-12 19:44:29 0 d-------- C:\Program Files\EPSON Print CD
2007-11-12 17:35:58 0 d-------- C:\Program Files\iTunes
2007-11-12 17:34:13 0 d-------- C:\Program Files\QuickTime
2007-11-09 23:57:13 0 d-------- C:\Program Files\Oberon Media
2007-11-09 22:42:58 0 d-------- C:\Program Files\Windows Live Safety Center
2007-11-01 21:35:05 0 d-------- C:\Program Files\Motorola Home Monitor
2007-10-14 18:08:05 0 d-------- C:\Program Files\MumboJumbo
2007-10-14 17:35:52 0 d-------- C:\Program Files\MSECache
2007-10-14 13:07:27 0 d-------- C:\Program Files\GameSpy Arcade
2007-10-10 07:27:28 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-10-05 22:29:21 0 d-------- C:\Program Files\Home Control
2007-10-04 08:03:46 0 d-------- C:\Documents and Settings\James I. Calhoun\Application Data\AdobeUM
2007-10-03 16:55:49 0 d-------- C:\Program Files\Symantec
2007-10-01 20:07:43 0 d-------- C:\Documents and Settings\James I. Calhoun\Application Data\Symantec
2007-10-01 08:26:19 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-10-01 08:26:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-22 18:34:08 0 d-------- C:\Program Files\iPod
2007-09-15 15:20:10 0 d-------- C:\Program Files\Macrogaming
2007-09-15 09:55:02 0 d-------- C:\Program Files\Apple Software Update
2007-09-13 06:00:49 0 d-------- C:\Program Files\cpu-z-140
2007-09-07 17:47:57 218976601 --a------ C:\Program Files\3do.zip
2007-08-31 15:11:39 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-08-31 15:11:39 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-08-24 07:36:16 8784 --a------ C:\logfile


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}]
11/06/2007 09:18 AM 35328 --a------ C:\WINDOWS\system32\tuvsrqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{369E17F9-CD9E-4E4F-BA60-36A4479F2E11}]
11/13/2007 05:02 PM 313440 --a------ C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/04/2006 02:59 AM C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/09/2006 10:25 PM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [10/08/2001 11:59 AM]
"FastUser"="C:\WINDOWS\system32\fast.exe" [10/08/2001 11:59 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/09/2006 10:25 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 12:48 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"BigFreeClock"="C:\Program Files\Big Free Clock\bigclock.exe" [08/10/2006 02:19 PM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 05:08 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\ALCMTR.EXE]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Rogers Yahoo! Online Protection.lnk - C:\Program Files\Yahoo!\YOP\yop.exe [8/23/2007 9:17:44 PM]
Shortcut to Navw32.exe.lnk - C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe [1/14/2007 4:09:38 AM]
Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe [11/3/2006 6:20:12 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\tuvsrqq.dll [11/06/2007 09:18 AM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 10/13/2004 06:29 PM 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrqq]
tuvsrqq.dll 11/06/2007 09:18 AM 35328 C:\WINDOWS\system32\tuvsrqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 12/06/2005 08:16 PM 176128 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljj.dll
"Notification Packages"= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Big Free Clock.lnk]
backup=C:\WINDOWS\pss\Big Free Clock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4c4f8a30]
rundll32.exe "C:\WINDOWS\system32\gaeetnko.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
"C:\Program Files\LifeView TVR\RecSche.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote]
"C:\Program Files\LifeView TVR\remote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-11-13 20:23:10 ------------

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 13 November 2007 - 09:18 PM

Please double-click OTMoveIt.exe to run it.
Copy the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\qwitxlwp.dll
C:\WINDOWS\system32\sthrjjja.dll
C:\WINDOWS\system32\qbvbdqfw.dll
C:\WINDOWS\system32\lgemxont.dll
C:\WINDOWS\system32\qygvfxuj.dll
C:\WINDOWS\system32\xvluohfi.dll
C:\WINDOWS\system32\qkwnojqh.dll
C:\WINDOWS\system32\nqgarcgv.dll
C:\WINDOWS\system32\ggyexswa.dll
C:\WINDOWS\system32\staqcnns.dll
C:\WINDOWS\system32\tewmctyo.dll
C:\WINDOWS\system32\wdnnmmix.dll
C:\WINDOWS\system32\insnrnwu.dll
C:\WINDOWS\system32\afgcbitl.dll
C:\WINDOWS\system32\seqtvoti.dll
C:\WINDOWS\system32\ssqrqoo.dll
C:\WINDOWS\system32\poclcbyj.dll
C:\WINDOWS\system32\evehqhvy.dll
C:\WINDOWS\system32\pfnwajxl.dll
C:\WINDOWS\system32\fiktyqhu.dll
C:\WINDOWS\system32\kkhtnbmp.dll
C:\WINDOWS\system32\cqawxsee.dll
C:\WINDOWS\system32\qomlmji.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\tuvsrqq.dll
C:\WINDOWS\system32\Mz18r

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix2.reg to your desktop.
Then double click on the fix2.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{369E17F9-CD9E-4E4F-BA60-36A4479F2E11}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrqq]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4c4f8a30]


Also post a new Hijackthis log.
Posted Image
Posted Image

#9 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 13 November 2007 - 10:55 PM

I think I hit the wrong keys when postting. I better be more carefull from now on...lol



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:53 PM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Big Free Clock\bigclock.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\tuvsrqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {970FADF9-C1ED-43AB-A990-FC3DC7BF8C8E} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: Rogers Yahoo! Online Protection.lnk = C:\Program Files\Yahoo!\YOP\yop.exe
O4 - Global Startup: Shortcut to Navw32.exe.lnk = C:\Program Files\Symantec\Norton AntiVirus\Navw32.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: tuvsrqq - C:\WINDOWS\SYSTEM32\tuvsrqq.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 13658 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 14 November 2007 - 09:40 AM

Download VirtumundoBegone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Save VirtumundoBeGone.exe to your desktop.
Run VirtumundoBeGone.exe and follow the instructions.
Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
When it has finished, restart your pc.
It will create a log on your desktop called VBG.TXT,post the entire contents of that log into your next reply.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.
Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Also post a new Hijackthis log.
Posted Image
Posted Image

#11 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 14 November 2007 - 07:48 PM

Hi. How are you tonight

Here is the newest ones we've done. I missed coppying the 2 files from the Vundo fix but I did get the VirtumundoBeGone Log.


VBG.TXT



[11/14/2007, 18:32:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\James I. Calhoun\Desktop\VirtumundoBeGone.exe" )
[11/14/2007, 18:32:56] - Detected System Information:
[11/14/2007, 18:32:56] - Windows Version: 5.1.2600, Service Pack 2
[11/14/2007, 18:32:56] - Current Username: James I. Calhoun (Admin)
[11/14/2007, 18:32:56] - Windows is in SAFE mode with Networking.
[11/14/2007, 18:32:56] - Searching for Browser Helper Objects:
[11/14/2007, 18:32:56] - BHO 1: {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/14/2007, 18:32:56] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[11/14/2007, 18:32:56] - BHO 4: {1C1DD717-53B2-485E-A17B-C9977C205E10} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - Checking for HKLM\...\Winlogon\Notify\tuvsrqq
[11/14/2007, 18:32:56] - Found: HKLM\...\Winlogon\Notify\tuvsrqq - This is probably Virtumundo.
[11/14/2007, 18:32:56] - Assigning {1C1DD717-53B2-485E-A17B-C9977C205E10} MSEvents Object
[11/14/2007, 18:32:56] - BHO list has been changed! Starting over...
[11/14/2007, 18:32:56] - BHO 1: {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/14/2007, 18:32:56] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[11/14/2007, 18:32:56] - BHO 4: {1C1DD717-53B2-485E-A17B-C9977C205E10} (MSEvents Object)
[11/14/2007, 18:32:56] - ALERT: Found MSEvents Object!
[11/14/2007, 18:32:56] - BHO 5: {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 6: {2970A353-E514-4109-BA5D-9A48A4F08DE9} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 7: {6569f685-0470-4cf6-a581-1e977615d063} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - Checking for HKLM\...\Winlogon\Notify\gvhmetwn
[11/14/2007, 18:32:56] - Key not found: HKLM\...\Winlogon\Notify\gvhmetwn, continuing.
[11/14/2007, 18:32:56] - BHO 8: {6caebf1b-6cf9-45cd-be52-ae43205acef8} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/14/2007, 18:32:56] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 11: {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:56] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/14/2007, 18:32:56] - BHO 13: {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} ()
[11/14/2007, 18:32:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:56] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 14: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - Checking for HKLM\...\Winlogon\Notify\ofhoitwe
[11/14/2007, 18:32:57] - Found: HKLM\...\Winlogon\Notify\ofhoitwe - This is probably Virtumundo.
[11/14/2007, 18:32:57] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/14/2007, 18:32:57] - BHO list has been changed! Starting over...
[11/14/2007, 18:32:57] - BHO 1: {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/14/2007, 18:32:57] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[11/14/2007, 18:32:57] - BHO 4: {1C1DD717-53B2-485E-A17B-C9977C205E10} (MSEvents Object)
[11/14/2007, 18:32:57] - ALERT: Found MSEvents Object!
[11/14/2007, 18:32:57] - BHO 5: {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 6: {2970A353-E514-4109-BA5D-9A48A4F08DE9} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 7: {6569f685-0470-4cf6-a581-1e977615d063} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - Checking for HKLM\...\Winlogon\Notify\gvhmetwn
[11/14/2007, 18:32:57] - Key not found: HKLM\...\Winlogon\Notify\gvhmetwn, continuing.
[11/14/2007, 18:32:57] - BHO 8: {6caebf1b-6cf9-45cd-be52-ae43205acef8} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/14/2007, 18:32:57] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 11: {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/14/2007, 18:32:57] - BHO 13: {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 14: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/14/2007, 18:32:57] - ALERT: Found MSEvents Object!
[11/14/2007, 18:32:57] - BHO 15: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/14/2007, 18:32:57] - BHO 16: {B3D6E3F1-5E22-47D4-A570-BADFB62BE12A} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 17: {C403397D-2052-4950-ADE6-BDF2ED9C1209} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - Checking for HKLM\...\Winlogon\Notify\mlljj
[11/14/2007, 18:32:57] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[11/14/2007, 18:32:57] - BHO 18: {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 19: {D315BA3D-6909-4DC8-A993-A3C54C623B67} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - BHO 20: {F1B4E23C-73C6-4462-8196-0EC774169B2F} ()
[11/14/2007, 18:32:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:32:57] - No filename found. Continuing.
[11/14/2007, 18:32:57] - Finished Searching Browser Helper Objects
[11/14/2007, 18:32:57] - *** Detected MSEvents Object
[11/14/2007, 18:32:57] - Trying to remove MSEvents Object...
[11/14/2007, 18:32:59] - Terminating Process: IEXPLORE.EXE
[11/14/2007, 18:32:59] - Terminating Process: RUNDLL32.EXE
[11/14/2007, 18:32:59] - Disabling Automatic Shell Restart
[11/14/2007, 18:32:59] - Terminating Process: EXPLORER.EXE
[11/14/2007, 18:32:59] - Suspending the NT Session Manager System Service
[11/14/2007, 18:32:59] - Terminating Windows NT Logon/Logoff Manager
[11/14/2007, 18:32:59] - Re-enabling Automatic Shell Restart
[11/14/2007, 18:32:59] - File to disable: C:\WINDOWS\system32\tuvsrqq.dll
[11/14/2007, 18:32:59] - Renaming C:\WINDOWS\system32\tuvsrqq.dll -> C:\WINDOWS\system32\tuvsrqq.dll.vir
[11/14/2007, 18:33:00] - File successfully renamed!
[11/14/2007, 18:33:00] - Removing HKLM\...\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/14/2007, 18:33:00] - Removing HKCR\CLSID\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/14/2007, 18:33:00] - Adding Kill Bit for ActiveX for GUID: {1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/14/2007, 18:33:00] - Deleting ATLEvents/MSEvents Registry entries
[11/14/2007, 18:33:00] - Removing HKLM\...\Winlogon\Notify\tuvsrqq
[11/14/2007, 18:33:00] - Searching for Browser Helper Objects:
[11/14/2007, 18:33:00] - BHO 1: {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} ()
[11/14/2007, 18:33:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:00] - No filename found. Continuing.
[11/14/2007, 18:33:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/14/2007, 18:33:00] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[11/14/2007, 18:33:00] - BHO 4: {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} ()
[11/14/2007, 18:33:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:00] - No filename found. Continuing.
[11/14/2007, 18:33:00] - BHO 5: {2970A353-E514-4109-BA5D-9A48A4F08DE9} ()
[11/14/2007, 18:33:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:00] - No filename found. Continuing.
[11/14/2007, 18:33:00] - BHO 6: {6569f685-0470-4cf6-a581-1e977615d063} ()
[11/14/2007, 18:33:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - Checking for HKLM\...\Winlogon\Notify\gvhmetwn
[11/14/2007, 18:33:01] - Key not found: HKLM\...\Winlogon\Notify\gvhmetwn, continuing.
[11/14/2007, 18:33:01] - BHO 7: {6caebf1b-6cf9-45cd-be52-ae43205acef8} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/14/2007, 18:33:01] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 10: {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/14/2007, 18:33:01] - BHO 12: {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 13: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/14/2007, 18:33:01] - ALERT: Found MSEvents Object!
[11/14/2007, 18:33:01] - BHO 14: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/14/2007, 18:33:01] - BHO 15: {B3D6E3F1-5E22-47D4-A570-BADFB62BE12A} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 16: {C403397D-2052-4950-ADE6-BDF2ED9C1209} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - Checking for HKLM\...\Winlogon\Notify\mlljj
[11/14/2007, 18:33:01] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[11/14/2007, 18:33:01] - BHO 17: {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 18: {D315BA3D-6909-4DC8-A993-A3C54C623B67} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - BHO 19: {F1B4E23C-73C6-4462-8196-0EC774169B2F} ()
[11/14/2007, 18:33:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:01] - No filename found. Continuing.
[11/14/2007, 18:33:01] - Finished Searching Browser Helper Objects
[11/14/2007, 18:33:01] - *** Detected MSEvents Object
[11/14/2007, 18:33:01] - Trying to remove MSEvents Object...
[11/14/2007, 18:33:02] - Terminating Process: IEXPLORE.EXE
[11/14/2007, 18:33:02] - Terminating Process: RUNDLL32.EXE
[11/14/2007, 18:33:02] - Disabling Automatic Shell Restart
[11/14/2007, 18:33:02] - Terminating Process: EXPLORER.EXE
[11/14/2007, 18:33:02] - Suspending the NT Session Manager System Service
[11/14/2007, 18:33:03] - Terminating Windows NT Logon/Logoff Manager
[11/14/2007, 18:33:03] - Re-enabling Automatic Shell Restart
[11/14/2007, 18:33:03] - File to disable: C:\WINDOWS\system32\ofhoitwe.dll
[11/14/2007, 18:33:03] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/14/2007, 18:33:03] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/14/2007, 18:33:03] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/14/2007, 18:33:03] - Deleting ATLEvents/MSEvents Registry entries
[11/14/2007, 18:33:03] - Removing HKLM\...\Winlogon\Notify\ofhoitwe
[11/14/2007, 18:33:03] - Searching for Browser Helper Objects:
[11/14/2007, 18:33:03] - BHO 1: {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} ()
[11/14/2007, 18:33:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:03] - No filename found. Continuing.
[11/14/2007, 18:33:03] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/14/2007, 18:33:03] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[11/14/2007, 18:33:03] - BHO 4: {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} ()
[11/14/2007, 18:33:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:03] - No filename found. Continuing.
[11/14/2007, 18:33:03] - BHO 5: {2970A353-E514-4109-BA5D-9A48A4F08DE9} ()
[11/14/2007, 18:33:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 6: {6569f685-0470-4cf6-a581-1e977615d063} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - Checking for HKLM\...\Winlogon\Notify\gvhmetwn
[11/14/2007, 18:33:04] - Key not found: HKLM\...\Winlogon\Notify\gvhmetwn, continuing.
[11/14/2007, 18:33:04] - BHO 7: {6caebf1b-6cf9-45cd-be52-ae43205acef8} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/14/2007, 18:33:04] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 10: {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/14/2007, 18:33:04] - BHO 12: {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 13: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/14/2007, 18:33:04] - BHO 14: {B3D6E3F1-5E22-47D4-A570-BADFB62BE12A} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 15: {C403397D-2052-4950-ADE6-BDF2ED9C1209} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - Checking for HKLM\...\Winlogon\Notify\mlljj
[11/14/2007, 18:33:04] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[11/14/2007, 18:33:04] - BHO 16: {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 17: {D315BA3D-6909-4DC8-A993-A3C54C623B67} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - BHO 18: {F1B4E23C-73C6-4462-8196-0EC774169B2F} ()
[11/14/2007, 18:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/14/2007, 18:33:04] - No filename found. Continuing.
[11/14/2007, 18:33:04] - Finished Searching Browser Helper Objects
[11/14/2007, 18:33:04] - Finishing up...
[11/14/2007, 18:33:04] - A restart is needed.
[11/14/2007, 18:33:24] - Attempting to Restart via STOP error (Blue Screen!)

There was no blue screen though...


HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:05 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Big Free Clock\bigclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {067D455D-E7BD-4CAB-B416-5B78DCFA6E4F} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1DD2F230-8C9F-4E15-AE4B-A474F4D628CD} - (no file)
O2 - BHO: (no name) - {252775AF-BD81-44F3-96D1-BA704CC67E6F} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: (no name) - {2970A353-E514-4109-BA5D-9A48A4F08DE9} - (no file)
O2 - BHO: {360d5167-79e1-185a-6fc4-0740586f9656} - {6569f685-0470-4cf6-a581-1e977615d063} - C:\WINDOWS\system32\gvhmetwn.dll
O2 - BHO: (no name) - {6caebf1b-6cf9-45cd-be52-ae43205acef8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E31BE1A-1376-46D6-B408-4AFD28B3B3BB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90CE9E5B-1BA1-49D4-8486-7D5432A8204E} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B3D6E3F1-5E22-47D4-A570-BADFB62BE12A} - (no file)
O2 - BHO: (no name) - {D1304447-B5A0-48DD-80EE-D2C1BB954BD3} - (no file)
O2 - BHO: (no name) - {D315BA3D-6909-4DC8-A993-A3C54C623B67} - (no file)
O2 - BHO: (no name) - {F1B4E23C-73C6-4462-8196-0EC774169B2F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigFreeClock] C:\Program Files\Big Free Clock\bigclock.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {292E38C5-1653-11D6-8FBE-000102384007} (WebDvrX Control) - file:///C:/Documents%20and%20Settings/James%20I.%20Calhoun/My%20Documents/Work/45%20Driftwood/45D%20Cams/WebDVR.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174340510781
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDiginet Control) - http://video.vyanet.com/WebDiginet.CAB
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Unknown owner - C:\WINDOWS\system32\lvhidsvc.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif

--
End of file - 14402 bytes


I hope this helps

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 14 November 2007 - 08:59 PM

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.
Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Also post a new Hijackthis log.
Posted Image
Posted Image

#13 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 14 November 2007 - 11:18 PM

I downloaded VundoFix.exe and ran it... No files found.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 15 November 2007 - 08:26 AM

See if you can do the following,try posting the entire contents of C:\ComboFix.txt

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#15 LostLearner

LostLearner
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toront, Ontario, Canada
  • Local time:04:27 AM

Posted 15 November 2007 - 09:30 AM

Good morning Richie




ComboFix 07-11-08.3 - James I. Calhoun 2007-11-15 9:09:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.567 [GMT -5:00]
Running from: C:\Documents and Settings\James I. Calhoun\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Live Safety Center.lnk
C:\Documents and Settings\James I. Calhoun\Desktop\Online Security Guide.lnk
C:\Documents and Settings\James I. Calhoun\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\mlljj.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 05:12 85,056 --a------ C:\WINDOWS\system32\yybrjnqh.dll
2007-11-15 05:09 79,936 --a------ C:\WINDOWS\system32\aweoomrh.dll
2007-11-15 00:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-15 00:16 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-11-15 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-14 18:40 <DIR> d-------- C:\VundoFix Backups
2007-11-14 05:12 81,472 --a------ C:\WINDOWS\system32\gvhmetwn.dll
2007-11-14 05:09 85,056 --a------ C:\WINDOWS\system32\mbufigxl.dll
2007-11-13 20:19 <DIR> d-------- C:\Deckard
2007-11-13 07:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 21:59 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-12 21:51 <DIR> d-------- C:\Program Files\Sun
2007-11-12 21:46 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-12 06:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-11 15:24 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 14:00 <DIR> d-------- C:\Temp\Reg 11 11 07
2007-11-09 09:48 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 09:18 35,328 --a------ C:\WINDOWS\system32\tuvsrqq.dll.vir
2007-11-05 19:08 <DIR> d-------- C:\Program Files\ABF software
2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 12:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 13:24 --------- d-----w C:\Program Files\Oberon Media
2007-11-13 02:51 --------- d-----w C:\Program Files\Java
2007-11-13 00:44 --------- d-----w C:\Program Files\EPSON Print CD
2007-11-12 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-12 22:35 --------- d-----w C:\Program Files\iTunes
2007-11-12 22:34 --------- d-----w C:\Program Files\QuickTime
2007-11-11 22:08 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-11 04:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 03:42 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-02 02:35 --------- d-----w C:\Program Files\Motorola Home Monitor
2007-10-31 00:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 00:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-14 23:08 --------- d-----w C:\Program Files\MumboJumbo
2007-10-14 22:35 --------- d-----w C:\Program Files\MSECache
2007-10-14 18:07 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-10 12:27 --------- d-----w C:\Program Files\Common Files\LogiShrd
2007-10-06 03:29 --------- d-----w C:\Program Files\Home Control
2007-10-04 13:03 --------- d-----w C:\Documents and Settings\James I. Calhoun\Application Data\AdobeUM
2007-10-03 21:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:55 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:55 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:55 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:55 --------- d-----w C:\Program Files\Symantec
2007-10-02 01:07 --------- d-----w C:\Documents and Settings\James I. Calhoun\Application Data\Symantec
2007-10-01 13:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 13:26 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-10-01 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-25 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-09-22 23:34 --------- d-----w C:\Program Files\iPod
2007-09-20 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 18:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 18:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 18:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 18:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 18:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 18:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 18:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-15 20:20 --------- d-----w C:\Program Files\Macrogaming
2007-09-15 14:55 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 22:47 218,976,601 ----a-w C:\Program Files\3do.zip
2007-08-31 20:11 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-08-31 20:11 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-13_ 7.47.22.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
- 2007-11-13 02:59:38 10,227,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-14 13:51:21 10,227,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2007-11-13 02:59:38 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-14 13:51:21 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2007-10-10 07:01:03 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-13 23:58:15 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-10 07:01:03 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-13 23:58:15 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-10 07:01:03 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-13 23:58:15 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-10 07:01:03 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-13 23:58:15 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-10 07:01:03 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-13 23:58:15 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-10 07:01:04 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-13 23:58:15 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-10 07:01:04 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-13 23:58:16 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-10 07:01:04 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-13 23:58:16 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-10 07:01:03 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-13 23:58:15 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-10 07:01:03 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-13 23:58:15 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-10 07:01:04 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-13 23:58:16 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-10 07:01:02 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-13 23:58:15 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-10 07:01:02 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-13 23:58:15 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-15 14:19:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{067D455D-E7BD-4CAB-B416-5B78DCFA6E4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DD2F230-8C9F-4E15-AE4B-A474F4D628CD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2970A353-E514-4109-BA5D-9A48A4F08DE9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6caebf1b-6cf9-45cd-be52-ae43205acef8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8063c60d-6698-4df8-b5d5-6b2668418181}]
2007-11-15 05:09 79936 --a------ C:\WINDOWS\system32\aweoomrh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E31BE1A-1376-46D6-B408-4AFD28B3B3BB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90CE9E5B-1BA1-49D4-8486-7D5432A8204E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3D6E3F1-5E22-47D4-A570-BADFB62BE12A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1304447-B5A0-48DD-80EE-D2C1BB954BD3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D315BA3D-6909-4DC8-A993-A3C54C623B67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1B4E23C-73C6-4462-8196-0EC774169B2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 02:59 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-09 22:25]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 11:59]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 11:59]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-09 22:25]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 12:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"BigFreeClock"="C:\Program Files\Big Free Clock\bigclock.exe" [2006-08-10 14:19]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"ScanRegistry"="C:\W" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"4c4f8a30"="C:\WINDOWS\system32\yybrjnqh.dll" [2007-11-15 05:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ad -f video -m logitech -d 10.5.1.2023

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\(001) Sunshine Girls\October 2007\Fri, October 5, 2007\ssg11.png
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\James I. Calhoun\My Documents\My Pictures\Gif's\bebe1.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 18:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2005-12-06 20:16 176128 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljj.dll
"Notification Packages"= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Big Free Clock.lnk]
backup=C:\WINDOWS\pss\Big Free Clock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
"C:\Program Files\LifeView TVR\RecSche.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote]
"C:\Program Files\LifeView TVR\remote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

R0 gxc108b;gxc108b;C:\WINDOWS\system32\DRIVERS\gxc108b.sys
R0 gxc108p;gxc108p;C:\WINDOWS\system32\Drivers\gxc108p.sys
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 LVCap138;LifeView LR138 Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys
R3 lvtuner;LifeView WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys
S2 PhilDec;Philips WDM Video Decoder;C:\WINDOWS\system32\DRIVERS\PhilDec.sys
S3 avcgbdr;Adaptec GameBridge AVC-14X0/15X0;C:\WINDOWS\system32\drivers\avcgbdr.sys
S3 avcgbfl;Adaptec GameBridge AVC-14X0/15X0 Loader;C:\WINDOWS\system32\Drivers\avcgbfl.sys
S3 DualCoreCenter;DualCoreCenter;\??\C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys
S3 FLASHSYS;FLASHSYS;\??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\JAMESI~1.CAL\LOCALS~1\Temp\jfdcd.sys
S3 NRKCTL32;NRKCTL32;\??\D:\My Shared\Computer Info I need this\Computer Info I need this\NRKCTL32.SYS
S3 NUVision;SuperXan USBVision (4);C:\WINDOWS\system32\DRIVERS\NUVision.sys
S3 PhilTune;Philips TV Tuner;C:\WINDOWS\system32\Drivers\PhilTune.sys
S3 RushTopDevice;RushTopDevice;\??\C:\Program Files\MSI\Core Center\RushTop.sys
S3 RushTopDevice2;RushTopDevice2;\??\C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 17:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-13 01:00:16 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - James I. Calhoun.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 09:21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-15 9:23:30 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 09:23
C:\ComboFix3.txt ... 2007-11-13 07:48
.
--- E O F ---




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users