Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Bugs & Spyware Blue Screen


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dark Lolita

Dark Lolita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 13 June 2008 - 04:18 PM

When I boot into windows normal, I have a blue screen with a yellow and blue sign telling me to install spyware remover tool. A few seconds later if I do not click anything tiny black beetles begin to eat away at my desktop. I was able to locate the file for the wallpaper (phcjgc0er87.bmp) and the Screen saver (blphcjgj0er87.scr) as well as thier process (lphcjgcj0er87.exe) but when i kill process & delete files, reboot they return again.

My computer is a dell laptop inspiron e1505 running windows media center edition service pack 2

HijackThis log follows

-----------------
Deckard's System Scanner v20071014.68
Run by arthur woods on 2008-06-13 14:08:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as arthur woods.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:39, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\lphcjgcj0er87.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\arthur woods\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ARTHUR~1.EXE

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [lphcjgcj0er87] C:\WINDOWS\system32\lphcjgcj0er87.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SAS\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [SUPERAntiSpyware] E:\SAS\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - S-1-5-21-1930736788-3286635285-459299610-1005 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.32.17/ttinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8912 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080611-091254-183 O15 - Trusted Zone: *.errorprotector.com
backup-20080611-091254-204 O15 - Trusted Zone: *.drivecleaner.com
backup-20080611-091254-235 O15 - Trusted Zone: *.drivecleaner.com (HKLM)
backup-20080611-091254-254 O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20080611-091254-324 O15 - Trusted Zone: *.errorprotector.com (HKLM)
backup-20080611-091254-358 O15 - Trusted Zone: *.systemdoctor.com
backup-20080611-091254-523 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080611-091254-963 O15 - Trusted Zone: *.imageservr.com

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
3 catchme - c:\combofix\catchme.sys (file missing)
3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
1 parportt - system32\drivers\parportt.sys (file missing)
1 SASDIFSV - e:\sas\sasdifsv.sys (file missing)
3 SASENUM - e:\sas\sasenum.sys (file missing)
1 SASKUTIL - e:\sas\saskutil.sys (file missing)
3 wanatw (WAN Miniport (ATW)) - system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3 DSBrokerService - c:\program files\dellsupport\brkrsvc.exe
3 MHN - c:\windows\system32\svchost.exe
2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
2 NWCWorkstation (Client Service for NetWare) - c:\windows\system32\svchost.exe
3 p2pgasvc (Peer Networking Group Authentication) - c:\windows\system32\svchost.exe
2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe
2 SNMP (SNMP Service) - c:\windows\system32\snmp.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 14:55:01 450 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 12:05:29 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-06-13 12:05:25 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-06-13 12:05:24 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-06-13 10:50:41 0 d-------- C:\712d2cb253ced22ba248
2008-06-13 09:09:43 52736 --a------ C:\WINDOWS\system32\blphcjgcj0er87.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-12 12:21:27 0 d--h----- C:\$AVG8.VAULT$
2008-06-10 20:42:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:45:49 0 d-------- C:\WINDOWS\system32\msmq
2008-06-10 16:33:00 0 d-------- C:\Program Files\Trend Micro
2008-06-10 16:21:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 16:16:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-10 16:01:21 0 dr-h----- C:\Documents and Settings\arthur woods\Recent
2008-06-10 14:07:05 0 d-------- C:\Program Files\Enigma Software Group
2008-06-09 21:59:52 2680 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 20:39:49 0 d-------- C:\Program Files\VS Revo Group
2008-06-09 15:35:21 0 d-------- C:\Documents and Settings\arthur woods\Application Data\Malwarebytes
2008-06-09 14:46:12 0 d-------- C:\WINDOWS\pss
2008-06-09 14:39:24 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-09 14:37:05 0 d-------- C:\Program Files\AVG
2008-06-09 14:37:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-09 12:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 11:45:18 0 d-------- C:\Documents and Settings\arthur woods\Application Data\SUPERAntiSpyware.com
2008-06-09 11:45:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-07 23:01:15 0 d-------- C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87
2008-06-07 22:59:40 92160 --a------ C:\WINDOWS\system32\lphcjgcj0er87.exe
2008-06-07 22:56:24 0 d-------- C:\Documents and Settings\arthur woods\Application Data\uTorrent
2008-06-07 22:56:11 0 d-------- C:\Program Files\uTorrent
2008-06-07 22:53:33 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-07 22:53:14 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-06-13 12:48:54 30890 --a------ C:\logfile
2008-06-13 10:18:58 0 d-------- C:\Documents and Settings\arthur woods\Application Data\LimeWire
2008-06-12 12:21:27 0 d-------- C:\Program Files\DIGStream
2008-06-10 20:13:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-10 17:55:01 0 d-------- C:\Program Files\Online Services
2008-06-10 17:54:02 0 d-------- C:\Program Files\Windows NT
2008-06-09 21:31:17 0 d-------- C:\Program Files\Google
2008-06-09 21:31:17 0 d-------- C:\Program Files\BAE
2008-06-09 20:45:20 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-09 15:16:50 0 d-------- C:\Program Files\Common Files\AOL
2008-06-07 22:53:29 0 d-------- C:\Program Files\Common Files
2008-06-06 17:01:46 70144 --a------ C:\WINDOWS\system32\userinit.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 02:00]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 12:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 09:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 18:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [06/12/2006 09:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 13:57]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 23:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 11:46]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 11:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/23/2005 22:08]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [03/14/2007 19:59]
"lphcjgcj0er87"="C:\WINDOWS\system32\lphcjgcj0er87.exe" [06/07/2008 22:59]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/09/2008 14:39]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" []
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 14:44]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 14:45]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 14:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/12/2006 09:23]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48]
"bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [07/13/2005 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 00:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 09:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 14:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/30/2007 19:22]
"SUPERAntiSpyware"="E:\SAS\SUPERAntiSpyware.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]

C:\Documents and Settings\arthur woods\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 6:24:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=00000000
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-13 14:10:08 ------------


I am not able to connect this laptop to the web. I belive that what ever virus it has has disabled Internet wireless, Hardwired internet as well as sound.

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 16 June 2008 - 08:51 PM

Hello Dark Lolita, my name is fenzodahl512 and welcome to Bleeping Computer..

Firstly, tell me the exact location of this file phcjgc0er87.bmp


Please do the following...

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [lphcjgcj0er87] C:\WINDOWS\system32\lphcjgcj0er87.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\phcjgc0er87.bmp /s
    C:\WINDOWS\system32\blphcjgcj0er87.scr
    C:\WINDOWS\system32\lphcjgcj0er87.exe
    C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please go to Start >> Run and copy/paste below and press Enter

netsh winsock reset

Please restart your computer. It's important!



Please post the following logs in your next reply..

1. OTMoveIt2
2. a fresh Deckard System Scanner log (after the final step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Dark Lolita

Dark Lolita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 16 June 2008 - 11:53 PM

Here is my OTMoveit log.

< C:\phcjgc0er87.bmp /s >
File/Folder C:\phcjgc0er87.bmp not found.
C:\WINDOWS\system32\blphcjgcj0er87.scr moved successfully.
C:\WINDOWS\system32\lphcjgcj0er87.exe moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Packages moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine\Autorun moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87\Quarantine moved successfully.
C:\Documents and Settings\arthur woods\Application Data\shclgcj0er87 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_223347

I cannot paste the Deckard scanner log. I have tried to run it several times and it gets to Searching for created files and locks up. The little window goes blank. I have left it for hours hoping that it would finally finish but it never did. Yesterday I ran it at 3pm and let it run til almost midnight. It never finished. This worries me because it used to run fine before. Maybe i have a funky copy? I am going to try getting a fresh copy and run that one. If it works I will post in a new post. Thanks so much for all you have done so far. Its nice to turn my laptop on and see the desktop i put there and no bugs.

Edited by Dark Lolita, 17 June 2008 - 11:43 AM.


#4 Dark Lolita

Dark Lolita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 17 June 2008 - 01:39 PM

I finally got it. The Deckards System Scanner log:

Deckard's System Scanner v20071014.68
Run by arthur woods on 2008-06-17 10:38:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as arthur woods.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:43, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ARTHUR~1.EXE

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SAS\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [SUPERAntiSpyware] E:\SAS\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1930736788-3286635285-459299610-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - S-1-5-21-1930736788-3286635285-459299610-1005 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.32.17/ttinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8516 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-13 12:05:29 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-06-13 12:05:25 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-06-13 12:05:24 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-06-13 10:50:41 0 d-------- C:\712d2cb253ced22ba248
2008-06-12 12:21:27 0 d--h----- C:\$AVG8.VAULT$
2008-06-10 20:42:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:45:49 0 d-------- C:\WINDOWS\system32\msmq
2008-06-10 16:33:00 0 d-------- C:\Program Files\Trend Micro
2008-06-10 16:21:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 16:16:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-10 16:01:21 0 dr-h----- C:\Documents and Settings\arthur woods\Recent
2008-06-10 14:07:05 0 d-------- C:\Program Files\Enigma Software Group
2008-06-09 21:59:52 2680 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 20:39:49 0 d-------- C:\Program Files\VS Revo Group
2008-06-09 15:35:21 0 d-------- C:\Documents and Settings\arthur woods\Application Data\Malwarebytes
2008-06-09 14:46:12 0 d-------- C:\WINDOWS\pss
2008-06-09 14:39:24 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-09 14:37:05 0 d-------- C:\Program Files\AVG
2008-06-09 14:37:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-09 12:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 11:45:18 0 d-------- C:\Documents and Settings\arthur woods\Application Data\SUPERAntiSpyware.com
2008-06-09 11:45:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-07 22:56:24 0 d-------- C:\Documents and Settings\arthur woods\Application Data\uTorrent
2008-06-07 22:56:11 0 d-------- C:\Program Files\uTorrent
2008-06-07 22:53:33 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-07 22:53:14 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-06-17 10:32:39 31954 --a------ C:\logfile
2008-06-17 01:01:30 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 10:18:58 0 d-------- C:\Documents and Settings\arthur woods\Application Data\LimeWire
2008-06-12 12:21:27 0 d-------- C:\Program Files\DIGStream
2008-06-10 20:13:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-10 17:55:01 0 d-------- C:\Program Files\Online Services
2008-06-10 17:54:02 0 d-------- C:\Program Files\Windows NT
2008-06-09 21:31:17 0 d-------- C:\Program Files\Google
2008-06-09 21:31:17 0 d-------- C:\Program Files\BAE
2008-06-09 20:45:20 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-09 15:16:50 0 d-------- C:\Program Files\Common Files\AOL
2008-06-07 22:53:29 0 d-------- C:\Program Files\Common Files
2008-06-06 17:01:46 70144 --a------ C:\WINDOWS\system32\userinit.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 02:00]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 12:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 09:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 18:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 13:57]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 23:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 11:46]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 11:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/23/2005 22:08]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [03/14/2007 19:59]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/09/2008 14:39]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" []
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 14:44]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 14:45]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 14:41]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48]
"bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [07/13/2005 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 00:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 09:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 14:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/30/2007 19:22]
"SUPERAntiSpyware"="E:\SAS\SUPERAntiSpyware.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]

C:\Documents and Settings\arthur woods\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 6:24:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=00000000
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"HideClock"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-17 11:26:59 ------------



Dunno if this has anything to do with it. But My taskbar is behaving badly. It hides itself and when i can get it to show. It doesn't show running applications. its just sorta there. Thanks again for all the help. Soo happy my laptop is starting to behave normal.

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 17 June 2008 - 02:40 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please include a fresh Deckard System Scanner log in your next reply..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 25 June 2008 - 04:34 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users