Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection/spyware Ad Pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vesaria

Vesaria

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 17 April 2008 - 07:46 AM

I have run McAfee, Spybot, and Adaware and none have been able to remove. McAfee keeps alerting that I am infected with Trojan Vundo. I tried downloading the fixvundo removal tool and it was also unable to help. I am unable to run the Kaspersky scan but I got the DSS to work. Please see below. Any help would be greatly appreciated.

Deckard's System Scanner v20071014.68
Run by Smith on 2008-04-17 07:25:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-04-17 12:25:22 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-04-17 03:03:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Smith.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:25 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\All Users.WINDOWS\Application Data\jmpgjkrw\lmxkpklk.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\durexobe.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\WiFiConnector\NintendoWFCReg.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\PROGRA~1\McAfee\MPS\mps.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\McAfee\MPS\mpsevh.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
d:\PROGRA~1\mcafee\msc\mcuimgr.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Smith\Desktop\dss.exe
D:\DOCUME~1\Smith\Desktop\Smith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA Storm - {069E8B19-0EAC-45D6-A5B3-A10FF9B69F4C} - D:\WINDOWS\lgmxvpatfbo.dll
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: (no name) - {362A3BF9-69F3-4A7E-A4A8-923D6ED9BD6E} - D:\WINDOWS\system32\jkkIBQJa.dll (file missing)
O2 - BHO: (no name) - {3D0A9F3E-6BE4-4F2F-825D-E95F3D70CC77} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7AB4EB12-6162-4206-838A-45F1DE5643A1} - D:\WINDOWS\system32\ddcAtqRJ.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {B1CFCCEB-7A5E-4330-9EF9-D347C126DAF5} - D:\WINDOWS\system32\pmnLBrRj.dll (file missing)
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - D:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [antiviirus] D:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [acfbc0c9] rundll32.exe "D:\WINDOWS\system32\njbkortq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [nyyrghoo] D:\WINDOWS\system32\durexobe.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [GCcycsDQ2A] D:\Documents and Settings\All Users.WINDOWS\Application Data\jmpgjkrw\lmxkpklk.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Run Registration Tool.lnk = D:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: qoMdEXPh - D:\WINDOWS\
O21 - SSODL: CDService - {e3753af6-68c4-4f43-9b26-b3a38bee00e5} - D:\WINDOWS\Resources\CDService.dll
O21 - SSODL: zip - {cfaf79d0-1711-49ad-9e1f-4e5595dc34a6} - D:\WINDOWS\Installer\{cfaf79d0-1711-49ad-9e1f-4e5595dc34a6}\zip.dll (file missing)
O21 - SSODL: pmsoarbf - {0D351C11-D37D-4913-B137-E08A3F4323E2} - D:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {DD00AF10-97A7-4AEE-8277-78F45351CAEA} - D:\WINDOWS\omlbpkaw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - D:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 11441 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - d:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - d:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - d:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - d:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - d:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 FXDRV - f:\fxdrv.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - d:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - d:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - d:\windows\system32\drivers\symim.sys (file missing)
S3 USBIO (TrashTalk Drivers (usbio.sys)) - d:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - d:\program files\nero\nero8\nero backitup\nbservice.exe

S3 Imapi Helper - "d:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Nintendo Wi-Fi USB Connector
Device ID: USB\VID_0411&PID_008B\000D0BF8D539
Manufacturer: Nintendo
Name: Nintendo Wi-Fi USB Connector
PNP Device ID: USB\VID_0411&PID_008B\000D0BF8D539
Service: RT25USBAP

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021039&REV_00\3&61AAA01&0&1A
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021039&REV_00\3&61AAA01&0&1A
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-16 14:18:20 340 --a----c- D:\WINDOWS\Tasks\McDefragTask.job
2008-04-16 14:18:19 332 --a----c- D:\WINDOWS\Tasks\McQcTask.job
2008-04-14 09:12:00 284 --a----c- D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-07 19:21:13 342 --a----c- D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186528870.job


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-17 07:23:08 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-17 07:23:07 0 d------c- D:\WINDOWS\system32\Kaspersky Lab
2008-04-17 07:23:05 0 d------c- D:\WINDOWS\LastGood
2008-04-17 06:43:39 0 d-------- D:\WINDOWS\CSC
2008-04-16 23:34:13 0 d-------- D:\WINDOWS\privacy_danger
2008-04-16 23:04:40 87616 --a------ D:\WINDOWS\system32\njbkortq.dll
2008-04-16 23:03:57 198455 --ahs--c- D:\WINDOWS\system32\JRqtAcdd.ini2
2008-04-16 23:03:51 273408 --a----c- D:\WINDOWS\system32\ddcAtqRJ.dll
2008-04-16 19:06:17 0 d-------- D:\Documents and Settings\Smith\Documents and Settings
2008-04-16 14:27:01 0 d------c- D:\Smith
2008-04-16 14:27:01 0 d------c- D:\report
2008-04-16 14:27:01 0 d-------- D:\Documents and Settings\Smith\Application Data\Smith
2008-04-16 14:27:01 0 d-------- D:\Documents and Settings\Smith\Application Data\report
2008-04-16 14:27:01 0 d-------- D:\Documents and Settings\Smith\Application Data\Documents and Settings
2008-04-16 14:27:01 0 d-------- D:\Documents and Settings\Smith\Application Data\Application Data
2008-04-16 14:27:01 0 d------c- D:\cs
2008-04-16 14:27:01 0 d------c- D:\Application Data
2008-04-16 14:20:43 143360 --a------ D:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-16 14:18:08 0 d-------- D:\Program Files\McAfee.com
2008-04-16 14:18:04 0 d-------- D:\Program Files\Common Files\McAfee
2008-04-16 14:17:58 0 d-------- D:\Program Files\McAfee
2008-04-16 14:09:19 212220 --ahs--c- D:\WINDOWS\system32\jRrBLnmp.ini2
2008-04-16 14:07:56 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-04-16 14:05:33 0 d-------- D:\Documents and Settings\Smith\cs
2008-04-16 13:30:48 0 d-------- D:\Documents and Settings\Smith\report
2008-04-16 13:30:48 0 d-------- D:\Documents and Settings\Smith\Application Data\cs
2008-04-16 11:28:16 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-16 09:06:00 0 d-------- D:\Documents and Settings\Smith\Application Data\TmpRecentIcons
2008-04-16 07:38:05 27707 --ahs--c- D:\WINDOWS\system32\aJQBIkkj.ini2
2008-04-16 07:30:28 0 d-------- D:\Documents and Settings\Smith\ShoppingReport
2008-04-16 07:30:15 81920 --a----c- D:\WINDOWS\rtqmekwg.exe
2008-04-16 07:30:15 155648 --a----c- D:\WINDOWS\qtvglped.dll
2008-04-16 07:30:15 172032 --a----c- D:\WINDOWS\pmsoarbf.dll
2008-04-16 07:30:15 217088 --a----c- D:\WINDOWS\omlbpkaw.dll
2008-04-16 07:30:15 94208 --a----c- D:\WINDOWS\npqtsrak.exe
2008-04-16 07:30:15 270336 --a----c- D:\WINDOWS\lgmxvpatfbo.dll
2008-04-16 07:30:12 4096 --a----c- D:\WINDOWS\system32taack.dat
2008-04-16 07:30:12 4096 --a----c- D:\WINDOWS\system32hxiwlgpm.dat
2008-04-16 07:30:10 4096 --a----c- D:\WINDOWS\system32ssvchost.com
2008-04-16 07:30:09 4096 --a----c- D:\WINDOWS\system32bdn.com
2008-04-16 07:29:58 102400 --a----c- D:\WINDOWS\system32\durexobe.exe
2008-04-16 07:29:58 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\jmpgjkrw
2008-04-16 07:19:10 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-04-16 07:16:19 0 d-------- D:\Documents and Settings\Smith\Application Data\Symantec
2008-04-15 19:37:18 0 dr-h----- D:\Documents and Settings\Smith\Recent
2008-04-15 19:10:05 0 d-------- D:\Program Files\Lavasoft
2008-04-15 19:10:05 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-15 19:09:42 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 19:22:32 0 d-------- D:\Documents and Settings\Smith\Application Data\Nero
2008-04-01 19:18:27 0 d-------- D:\Program Files\Nero
2008-04-01 19:18:27 0 d-------- D:\Program Files\Common Files\Nero
2008-04-01 19:18:27 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-04-01 14:34:11 0 d-------- D:\Program Files\SlySoft
2008-03-30 17:53:15 0 d-------- D:\Documents and Settings\Smith\Application Data\TVU Networks
2008-03-30 17:53:15 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-03-20 13:40:07 0 d-------- D:\Program Files\The Weather Channel FW


-- Find3M Report ---------------------------------------------------------------

2008-04-16 14:18:04 0 d-------- D:\Program Files\Common Files
2008-04-16 07:50:30 0 d-------- D:\Program Files\Common Files\Symantec Shared
2008-04-15 14:16:59 0 d-------- D:\Program Files\AvRack
2008-03-16 12:56:29 0 d-------- D:\Program Files\Java
2008-03-09 18:35:42 0 d-------- D:\Program Files\WiFiConnector
2008-03-06 15:26:39 0 dr------- D:\Program Files\TypingMaster
2008-02-29 19:50:55 0 d-------- D:\Documents and Settings\Smith\Application Data\Move Networks
2008-02-24 18:14:33 0 d-------- D:\Program Files\Gabest
2008-02-01 17:15:24 146 --a------ D:\Documents and Settings\Smith\Application Data\wklnhst.dat
2008-01-30 16:10:46 274432 --a----c- D:\WINDOWS\system32\libcurl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{069E8B19-0EAC-45D6-A5B3-A10FF9B69F4C}]
04/16/2008 03:07 AM 270336 --a--c--- D:\WINDOWS\lgmxvpatfbo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{362A3BF9-69F3-4A7E-A4A8-923D6ED9BD6E}]
D:\WINDOWS\system32\jkkIBQJa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D0A9F3E-6BE4-4F2F-825D-E95F3D70CC77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/16/2008 10:17 AM 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB4EB12-6162-4206-838A-45F1DE5643A1}]
04/16/2008 11:03 PM 273408 --a--c--- D:\WINDOWS\system32\ddcAtqRJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1CFCCEB-7A5E-4330-9EF9-D347C126DAF5}]
D:\WINDOWS\system32\pmnLBrRj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="D:\WINDOWS\SiSUSBrg.exe" [07/12/2002 05:15 AM]
"SoundMan"="SOUNDMAN.EXE" [02/26/2004 03:53 AM D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [10/22/2006 12:22 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"googletalk"="D:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"antiviirus"="D:\Program Files\antiviirus.exe" []
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [03/12/2007 06:30 PM]
"acfbc0c9"="D:\WINDOWS\system32\njbkortq.dll" [04/16/2008 11:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"DW4"="D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]
"nyyrghoo"="D:\WINDOWS\system32\durexobe.exe" [04/16/2008 07:29 AM]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

D:\Documents and Settings\Smith\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
hp psc 1000 series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/9/2003 6:21:38 PM]
hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 6:11:12 PM]
Run Registration Tool.lnk - D:\Program Files\WiFiConnector\NintendoWFCReg.exe [3/9/2008 6:35:41 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"GCcycsDQ2A"=D:\Documents and Settings\All Users.WINDOWS\Application Data\jmpgjkrw\lmxkpklk.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDService"= {e3753af6-68c4-4f43-9b26-b3a38bee00e5} - D:\WINDOWS\Resources\CDService.dll [04/16/2008 07:30 AM 14374]
"zip"= {cfaf79d0-1711-49ad-9e1f-4e5595dc34a6} - D:\WINDOWS\Installer\{cfaf79d0-1711-49ad-9e1f-4e5595dc34a6}\zip.dll [ ]
"pmsoarbf"= {0D351C11-D37D-4913-B137-E08A3F4323E2} - D:\WINDOWS\pmsoarbf.dll [04/16/2008 03:07 AM 172032]
"omlbpkaw"= {DD00AF10-97A7-4AEE-8277-78F45351CAEA} - D:\WINDOWS\omlbpkaw.dll [04/16/2008 03:07 AM 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdEXPh]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\system32\ddcAtqRJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-17 07:30:18 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2400+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1023.48 MiB / 598.64 MiB
Pagefile Memory (total/avail): 2462.1 MiB / 2078.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 60.83 GiB free.
D: is Fixed (NTFS) - 18.64 GiB total, 4.07 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE1 - ST320011A - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.64 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD1200BB-00RDA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\ABC\\abc.exe"="D:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\TurboTax Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Documents and Settings\\Smith\\Application Data\\SopCast\\adv\\SopAdver.exe"="D:\\Documents and Settings\\Smith\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Taxes\\Turbo Tax Premier 2007\\TurboTax Premier 2007\\32bit\\ttax.exe"="C:\\Taxes\\Turbo Tax Premier 2007\\TurboTax Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Taxes\\Turbo Tax Premier 2007\\TurboTax Premier 2007\\32bit\\updatemgr.exe"="C:\\Taxes\\Turbo Tax Premier 2007\\TurboTax Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="D:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\SopCast\\sopvod.exe"="D:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"D:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="D:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users.WINDOWS
APPDATA=D:\Documents and Settings\Smith\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=RENPC
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Smith
LOGONSERVER=\\RENPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Smith\LOCALS~1\Temp
TMP=D:\DOCUME~1\Smith\LOCALS~1\Temp
USERDOMAIN=RENPC
USERNAME=Smith
USERPROFILE=D:\Documents and Settings\Smith
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Smith (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> D:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> D:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
ABC (remove only) --> D:\Program Files\ABC\Uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnswerWorks 4.0 Runtime - English --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Cakewalk VST Adapter 4 --> D:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
DreamStation DXi2 --> D:\WINDOWS\DSDXIRMV.EXE D:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Google Talk (remove only) --> "D:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2 --> "D:\Documents and Settings\Smith\Desktop\HijackThis.exe" /uninstall
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> D:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
McAfee SecurityCenter --> D:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internet Explorer Administration Kit 5 --> rundll32 advpack.dll,LaunchINFSection ieak5.inf,IEAK.Uninstall
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Resource Kit --> MsiExec.exe /I{90240409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> D:\Documents and Settings\Smith\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.13) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nintendo Wi-Fi USB Connector Registration Tool --> D:\Program Files\WiFiConnector\SoftAPUninst.exe
NVIDIA Drivers --> D:\WINDOWS\System32\nvudisp.exe UninstallGUI
PS3 Video 9 2.25 --> C:\Program Files\Video Converter\uninstaller.exe
PSP Video 9 2.25 --> C:\Program Files\Video Converter\uninstaller.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.52 --> "D:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Samsung USB Driver (MCCI 4.24 WHQL) --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}
SiS 900 PCI Fast Ethernet Adapter Driver --> D:\Progra~1\SiSLan\Uninst.exe
SONAR LE --> D:\PROGRA~1\Cakewalk\SONARL~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\SONARL~1\INSTALL.LOG
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Rosetta Stone --> D:\WINDOWS\unvise32.exe D:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
The Weather Channel Desktop --> D:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
TrashTalk --> "D:\Program Files\Datel\TrashTalk\unins000.exe"
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2005 --> C:\Taxes\TurboTax Premier 2005\TaxUnst.EXE "C:\Taxes\TurboTax Premier 2005\Uninstall.log" -NoGui
TurboTax Premier 2007 --> C:\Taxes\Turbo Tax Premier 2007\TurboTax Premier 2007\TaxUnst.EXE "C:\Taxes\Turbo Tax Premier 2007\TurboTax Premier 2007\Uninstall.log" -NoGui
TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax Premier 2006\Uninstall.log" -NoGui
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6b --> D:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "D:\Program Files\Gabest\VobSub\uninstall.exe"
WavePad Uninstall --> D:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Weather Services --> D:\WINDOWS\system32\control.exe D:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
WexTech AnswerWorks --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1597 / Error
Event Submitted/Written: 04/17/2008 06:51:25 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1589 / Error
Event Submitted/Written: 04/17/2008 06:07:26 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1561 / Error
Event Submitted/Written: 04/16/2008 08:29:45 PM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : 8

Event Record #/Type1556 / Error
Event Submitted/Written: 04/16/2008 07:13:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application FixVundo.exe, version 1.5.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1555 / Error
Event Submitted/Written: 04/16/2008 07:06:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6419 / Error
Event Submitted/Written: 04/17/2008 06:50:00 AM / 04/17/2008 06:50:01 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate Notice Service service to connect.

Event Record #/Type6414 / Error
Event Submitted/Written: 04/17/2008 06:48:20 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type6413 / Error
Event Submitted/Written: 04/17/2008 06:47:59 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McProMgr with arguments ""
in order to run the server:
{DB77BAA7-3DC1-4EE7-8067-2886475BE6F7}

Event Record #/Type6412 / Error
Event Submitted/Written: 04/17/2008 06:47:39 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK7
eeCtrl
Fips
IPSec
MPFP
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type6411 / Error
Event Submitted/Written: 04/17/2008 06:47:39 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-17 07:30:18 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 17 April 2008 - 01:35 PM

Hello Vesaria,

Welcome to Bleeping Computer :thumbsup:

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: DVA Storm - {069E8B19-0EAC-45D6-A5B3-A10FF9B69F4C} - D:\WINDOWS\lgmxvpatfbo.dll
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: (no name) - {362A3BF9-69F3-4A7E-A4A8-923D6ED9BD6E} - D:\WINDOWS\system32\jkkIBQJa.dll (file missing)
O2 - BHO: (no name) - {3D0A9F3E-6BE4-4F2F-825D-E95F3D70CC77} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7AB4EB12-6162-4206-838A-45F1DE5643A1} - D:\WINDOWS\system32\ddcAtqRJ.dll
O2 - BHO: (no name) - {B1CFCCEB-7A5E-4330-9EF9-D347C126DAF5} - D:\WINDOWS\system32\pmnLBrRj.dll (file missing)
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - D:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [antiviirus] D:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [acfbc0c9] rundll32.exe "D:\WINDOWS\system32\njbkortq.dll",b
O4 - HKCU\..\Run: [nyyrghoo] D:\WINDOWS\system32\durexobe.exe
O4 - HKLM\..\Policies\Explorer\Run: [GCcycsDQ2A] D:\Documents and Settings\All Users.WINDOWS\Application Data\jmpgjkrw\lmxkpklk.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O20 - Winlogon Notify: qoMdEXPh - D:\WINDOWS\
O21 - SSODL: CDService - {e3753af6-68c4-4f43-9b26-b3a38bee00e5} - D:\WINDOWS\Resources\CDService.dll
O21 - SSODL: zip - {cfaf79d0-1711-49ad-9e1f-4e5595dc34a6} - D:\WINDOWS\Installer\{cfaf79d0-1711-49ad-9e1f-4e5595dc34a6}\zip.dll (file missing)
O21 - SSODL: pmsoarbf - {0D351C11-D37D-4913-B137-E08A3F4323E2} - D:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {DD00AF10-97A7-4AEE-8277-78F45351CAEA} - D:\WINDOWS\omlbpkaw.dll
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 27 April 2008 - 12:03 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users