Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Hijacked With Red Screen And Bio Hazzard Symbol


  • This topic is locked This topic is locked
20 replies to this topic

#1 UH60wife

UH60wife

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 20 June 2008 - 09:59 AM

This is my first time dealing with something like this, as well as posting on a help forum so please bare with me.

This all started when I opened a zipped file, apon doing AVAST went off saying I had files infected with WIN32 LTS and another Saying WIN32 Bouncer-B [Tool]. I had avast delete the files, however soon after I started getting all kinds of false popups saying I was infected with all kinds of thing sand I should buy this and that. I googled the bouncer B and DLed a suggested removal tool spydocter, after dling and scanning I was then told to remove what it had found I have to buy the program. I then removed the program. Then my desktop changed to red with a bio hazzard symbol and said my privacy was in danger. I started looking that up and came across a thread that said to fix it using Smitfraudfix I followed the threads instructions pressing 2 and the cleaning registry. I fixed the Desktop Background and I reset my pic, only to come back later to a blue screen. Now it takes a very long time for my computer to start up, it will load my original desktop picture with out and icons or startup menu, then the screen goes blue and the icons load, the start up menu comes up I get a runtime error, and my automatic updates bubble pops up telling me that I am at risk that they are turned off, I tryed to turn them on manually but it wont let me. Then about 10-15 minutes after getting everything up and going I lose my icons and startup menu all that I can see is my browser windows if I have them open at the time. Im sorry if this is all very scattered Im trying to be as detailed as possiable, but not really sure what is relivant and what is not. I would greatly appreciate any help I can get!


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-20 23:28:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-06-20 14:28:27 UTC - RP614 - Deckard's System Scanner Restore Point
28: 2008-06-20 09:19:34 UTC - RP613 - System Checkpoint
27: 2008-06-19 08:22:59 UTC - RP612 - System Checkpoint
26: 2008-06-18 06:58:34 UTC - RP611 - Spyware Doctor: Cleaning Threats
25: 2008-06-18 06:16:20 UTC - RP610 - Last known good configuration


-- First Restore Point --
1: 2008-06-18 06:16:06 UTC - RP586 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:38, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:Program FilesDigital Media Readershwiconem.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesJavajre1.5.0_06binjusched.exe
C:WINDOWSsystem32hphmon07.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoCameraAssistant.exe
C:WINDOWSsystem32ElkCtrl.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesHPdigital imagingbinhpqtra08.exe
C:Program FilesHPDigital Imagingbinhpohmr08.exe
C:Program FilesHPDigital Imagingbinhpotdd01.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesHPDigital Imagingbinhpqgalry.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Documents and SettingsOwnerDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1Owner.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = By Hawaiian Telcom
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: QXK Olive - {72492997-CCC3-4C07-BCB8-D2D7BFB65F7F} - C:WINDOWSksendlbtdpl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {8E820B6C-3F42-4594-AE1B-1998DF4CF042} - C:WINDOWSsystem32khfGwWMd.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:WINDOWSsystem32urqQggfg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:WINDOWSvrmdtneg.dll
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunKistEM] C:Program FilesDigital Media Readershwiconem.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [Reminder] %WINDIR%CreatorRemind_XP.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb99.exe
O4 - HKLM..Run: [HPHUPD07] C:Program FilesHP{C8EEAA89-0A3E-441f-B646-17A46F5D6954}hphupd07.exe
O4 - HKLM..Run: [HPHmon07] C:WINDOWSsystem32hphmon07.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechCameraAssistant] C:Program FilesLogitechVideoCameraAssistant.exe
O4 - HKLM..Run: [LogitechVideo[inspector]] C:Program FilesLogitechVideoInstallHelper.exe /inspect
O4 - HKLM..Run: [LogitechCameraService(E)] C:WINDOWSsystem32ElkCtrl.exe /automation
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [00802cab] rundll32.exe "C:WINDOWSsystem32nwujyypf.dll",b
O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:Program FilesLimeWireLimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixbigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPdigital imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPdigital imagingbinhpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsOwnerStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O20 - Winlogon Notify: urqQggfg - C:WINDOWSSYSTEM32urqQggfg.dll
O21 - SSODL: VoidDriveMon - {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:WINDOWSResourcesVoidDriveMon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ahvpsvc - HP - C:WINDOWSsystem32driversHPZid412.sys
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

--
End of file - 10497 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:windowssystem32driversasctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:windowssystem32driverslvprcmon.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:windowssystem32driverssunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S0 fcdabus - c:windowssystem32driversfcdabus.sys (file missing)
S0 FVXSCSI - c:windowssystem32driversfvxscsi.sys (file missing)
S3 GoProto (GoProto Protocol Driver) - c:windowssystem32driversgoprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 TnIDriver - c:docume~1ownerlocals~1temptni1fca.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 23:09:01 438 --a------ C:WINDOWSTasksRegCure Program Check.job
2008-06-19 03:00:00 372 --a------ C:WINDOWSTasksRegCure.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2009-01-30 16:21:54 0 d-------- C:Program FilesInfogrames Interactive
2009-01-10 09:31:21 0 d-------- C:Program FilesMicrosoft Games
2009-01-10 09:23:34 0 d-------- C:WINDOWSSxsCaPendDel
2009-01-08 02:26:03 0 d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2009-01-06 17:53:51 0 d-------- C:Documents and SettingsAll UsersApplication DataTrophy Bass 2007
2009-01-04 04:13:39 0 d-------- C:Documents and SettingsOwnerApplication DataFarStone
2008-06-20 23:31:01 0 d-------- C:Program FilesTrend Micro
2008-06-20 17:56:11 91392 --a------ C:WINDOWSsystem32nwujyypf.dll
2008-06-19 01:41:06 0 d-------- C:VundoFix Backups
2008-06-19 00:25:51 4576 --a------ C:WINDOWSsystem32tmp.reg
2008-06-19 00:24:58 25600 --a------ C:WINDOWSsystem32WS2Fix.exe
2008-06-19 00:24:58 289144 --a------ C:WINDOWSsystem32VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 00:24:58 86528 --a------ C:WINDOWSsystem32VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 00:24:58 288417 --a------ C:WINDOWSsystem32SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 00:24:58 53248 --a------ C:WINDOWSsystem32Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 00:24:58 82944 --a------ C:WINDOWSsystem32IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 00:24:58 51200 --a------ C:WINDOWSsystem32dumphive.exe
2008-06-19 00:24:58 81920 --a------ C:WINDOWSsystem32404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 23:32:57 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataLavasoft
2008-06-18 23:10:02 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataMozilla
2008-06-18 23:03:30 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataIdentities
2008-06-18 23:03:30 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataGtek
2008-06-18 23:03:30 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataAOL
2008-06-18 23:03:29 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataSampleView
2008-06-18 23:03:29 0 d---s---- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataMicrosoft
2008-06-18 23:03:28 0 dr------- C:Documents and SettingsAdministrator.THETUCKERFAMILYMy Documents
2008-06-18 23:03:28 0 d--h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYLocal Settings
2008-06-18 23:03:28 0 dr------- C:Documents and SettingsAdministrator.THETUCKERFAMILYFavorites
2008-06-18 23:03:28 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYDesktop
2008-06-18 23:03:28 0 d---s---- C:Documents and SettingsAdministrator.THETUCKERFAMILYCookies
2008-06-18 23:03:28 0 dr-h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication Data
2008-06-18 23:03:28 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYApplication DataYou've Got Pictures Screensaver
2008-06-18 23:03:27 0 d-------- C:Documents and SettingsAdministrator.THETUCKERFAMILYWINDOWS
2008-06-18 23:03:27 0 d--h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYTemplates
2008-06-18 23:03:27 0 dr------- C:Documents and SettingsAdministrator.THETUCKERFAMILYStart Menu
2008-06-18 23:03:27 0 dr-h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYSendTo
2008-06-18 23:03:27 0 dr-h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYRecent
2008-06-18 23:03:27 0 d--h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYPrintHood
2008-06-18 23:03:27 0 d--h----- C:Documents and SettingsAdministrator.THETUCKERFAMILYNetHood
2008-06-18 23:03:26 1310720 --ah----- C:Documents and SettingsAdministrator.THETUCKERFAMILYNTUSER.DAT
2008-06-18 20:21:22 0 d-------- C:WINDOWSsystem32763444
2008-06-18 15:22:34 0 --a------ C:WINDOWSPowerReg.dat
2008-06-18 15:19:12 0 d-------- C:Program FilesCommon FilesDownload Manager
2008-06-18 15:15:55 127214 --ahs---- C:WINDOWSsystem32dMWwGfhk.ini2
2008-06-18 15:15:51 322944 --a------ C:WINDOWSsystem32khfGwWMd.dll
2008-06-18 14:22:12 180224 --a------ C:WINDOWSxvorfwbd.dll
2008-06-18 14:22:12 155648 --a------ C:WINDOWSvrmdtneg.dll
2008-06-18 14:22:12 94208 --a------ C:WINDOWSexwd.exe
2008-06-18 14:21:08 28800 --a------ C:WINDOWSsystem32urqQggfg.dll
2008-06-10 16:41:01 0 d-------- C:Program FilesVirtools


-- Find3M Report ---------------------------------------------------------------

2008-06-20 21:54:17 2070 --a------ C:Documents and SettingsOwnerApplication Datawklnhst.dat
2008-06-18 15:19:12 0 d-------- C:Program FilesCommon Files
2008-06-10 16:09:41 0 d-------- C:Documents and SettingsOwnerApplication DataAdobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}]
C:WINDOWSksendlbtdpl.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{8E820B6C-3F42-4594-AE1B-1998DF4CF042}]
06/18/2008 15:15 322944 --a------ C:WINDOWSsystem32khfGwWMd.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{984C42AE-0B1D-4495-B16B-935DA5671133}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/18/2008 14:21 28800 --a------ C:WINDOWSsystem32urqQggfg.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [07/10/2001 05:50]
"SunKistEM"="C:Program FilesDigital Media Readershwiconem.exe" [11/16/2004 08:04]
"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [11/03/2004 13:24]
"SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:WINDOWSsoundman.exe]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [09/19/2005 01:32]
"nwiz"="nwiz.exe" [09/19/2005 01:32 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [09/19/2005 01:32]
"Recguard"="%WINDIR%SMINSTRECGUARD.EXE" []
"Reminder"="%WINDIR%CreatorRemind_XP.exe" []
"SunJavaUpdateSched"="C:Program FilesJavajre1.5.0_06binjusched.exe" [11/11/2005 08:03]
"HPDJ Taskbar Utility"="C:WINDOWSsystem32spooldriversw32x863hpztsb99.exe" [12/23/2004 01:40]
"HPHUPD07"="C:Program FilesHP{C8EEAA89-0A3E-441f-B646-17A46F5D6954}hphupd07.exe" [03/17/2005 14:08]
"HPHmon07"="C:WINDOWSsystem32hphmon07.exe" [03/17/2005 13:59]
"LVCOMSX"="C:WINDOWSsystem32LVCOMSX.EXE" [12/10/2005 10:32]
"LogitechCameraAssistant"="C:Program FilesLogitechVideoCameraAssistant.exe" [12/08/2005 05:26]
"LogitechVideo[inspector]"="C:Program FilesLogitechVideoInstallHelper.exe" [12/08/2005 05:33]
"LogitechCameraService(E)"="C:WINDOWSsystem32ElkCtrl.exe" [11/02/2004 12:22]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [02/19/2006 21:41]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [12/06/2006 09:55]
"NWEReboot"="" []
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [12/04/2007 22:00]
"00802cab"="C:WINDOWSsystem32nwujyypf.dll" [06/20/2008 17:56]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"="C:Program FilesMSN MessengerMsnMsgr.exe" []
"Yahoo! Pager"="C:Program FilesYahoo!MessengerYahooMessenger.exe" [12/01/2006 16:49]
"LDM"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe" [01/01/2005 19:08]
"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [03/31/2006 11:45]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [05/24/2007 20:27]
"EasyLinkAdvisor"="C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" [04/03/2006 15:07]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/05/2004 04:00]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunservices]
"p2p networking"=p2pnetworking.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:WINDOWSsystem32urqQggfg.dll [06/18/2008 14:21 28800]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
"VoidDriveMon"= {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:WINDOWSResourcesVoidDriveMon.dll [06/18/2008 20:21 12838]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyurqQggfg]
urqQggfg.dll 06/18/2008 14:21 28800 C:WINDOWSsystem32urqQggfg.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32khfGwWMd


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bd5d32d1-5c90-11d9-926d-806d6172696f}]
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d03084d1-6658-11d9-8f0e-806d6172696f}]
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
AutoRuncommand- "K:Install FreeAgent Tools.exe" /run




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7820 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-20 23:33:30 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3100+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 478.42 MiB / 144.29 MiB
Pagefile Memory (total/avail): 975.3 MiB / 656.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.91 MiB

C: is Fixed (NTFS) - 88.39 GiB total, 60.76 GiB free.
D: is Fixed (FAT32) - 4.76 GiB total, 2.71 GiB free.
E: is CDROM (Unformatted)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

.PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
PARTITION0 (bootable) - Installable File System - 88.39 GiB - C:
PARTITION1 - Unknown - 4.76 GiB - D:

.PHYSICALDRIVE2 - Generic USB CF Reader USB Device

.PHYSICALDRIVE4 - Generic USB MS Reader USB Device

.PHYSICALDRIVE1 - Generic USB SD Reader USB Device

.PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: avast! antivirus 4.7.1098 [VPS 080107-0] v4.7.1098 (ALWIL Software) Outdated

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Application Loader"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe"="C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe:*:Enabled:AOLTsMon"
"C:Program FilesCommon FilesAOLTopSpeed2.0aoltpspd.exe"="C:Program FilesCommon FilesAOLTopSpeed2.0aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:Program FilesCommon FilesAOL1131383480EEAOLServiceHost.exe"="C:Program FilesCommon FilesAOL1131383480EEAOLServiceHost.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLSystem Informationsinf.exe"="C:Program FilesCommon FilesAOLSystem Informationsinf.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLAOL Spyware ProtectionAOLSP Scheduler.exe"="C:Program FilesCommon FilesAOLAOL Spyware ProtectionAOLSP Scheduler.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLAOL Spyware Protectionasp.exe"="C:Program FilesCommon FilesAOLAOL Spyware Protectionasp.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAolCoachen_enplayerAOLNySEV.exe"="C:Program FilesCommon FilesAolCoachen_enplayerAOLNySEV.exe:*:Enabled:AOL"
"C:Program FilesYahoo!MessengerYPager.exe"="C:Program FilesYahoo!MessengerYPager.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Disabled:LimeWire"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:Program FilesuTorrentutorrent.exe"="C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent"
"C:Program FilesHPdigital imagingbinhpqtra08.exe"="C:Program FilesHPdigital imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:Program FilesHPdigital imagingbinhpqste08.exe"="C:Program FilesHPdigital imagingbinhpqste08.exe:*:Enabled:hpqste08.exe"
"C:Program FilesHPdigital imagingbinhpofxm08.exe"="C:Program FilesHPdigital imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:Program FilesHPdigital imagingbinhposfx08.exe"="C:Program FilesHPdigital imagingbinhposfx08.exe:*:Enabled:hposfx08.exe"
"C:Program FilesHPdigital imagingbinhposid01.exe"="C:Program FilesHPdigital imagingbinhposid01.exe:*:Enabled:hposid01.exe"
"C:Program FilesHPdigital imagingbinhpqscnvw.exe"="C:Program FilesHPdigital imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:Program FilesHPdigital imagingbinhpqkygrp.exe"="C:Program FilesHPdigital imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:Program FilesHPdigital imagingbinhpqCopy.exe"="C:Program FilesHPdigital imagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:Program FilesHPdigital imagingbinhpfccopy.exe"="C:Program FilesHPdigital imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:Program FilesHPdigital imagingbinhpzwiz01.exe"="C:Program FilesHPdigital imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:Program FilesHPdigital imagingUnloadHpqPhUnl.exe"="C:Program FilesHPdigital imagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:Program FilesHPdigital imagingUnloadHpqDIA.exe"="C:Program FilesHPdigital imagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe"
"C:Program FilesHPdigital imagingbinhpoews01.exe"="C:Program FilesHPdigital imagingbinhpoews01.exe:*:Enabled:hpoews01.exe"
"C:Program FilesHPdigital imagingbinhpqnrs08.exe"="C:Program FilesHPdigital imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:Program FilesMorpheusMorpheus.exe"="C:Program FilesMorpheusMorpheus.exe:*:Enabled:Morpheus"
"C:Program FilesBitLordBitLord.exe"="C:Program FilesBitLordBitLord.exe:*:Enabled:BitLord"
"C:Program FilesOperaOpera.exe"="C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser"
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:Program FilesZone.com Deluxe GamesWheel of Fortune DeluxeWheel of Fortune Deluxe.exe"="C:Program FilesZone.com Deluxe GamesWheel of Fortune DeluxeWheel of Fortune Deluxe.exe:*:Enabled:Wheel of Fortune Deluxe"
"C:Program Files2K GamesFiraxis GamesSid Meier's Civilization 4 GoldCivilization4.exe"="C:Program Files2K GamesFiraxis GamesSid Meier's Civilization 4 GoldCivilization4.exe:*:Enabled:Sid Meier's Civilization 4 Gold"
"C:Program Files2K GamesFiraxis GamesSid Meier's Civilization 4 GoldWarlordsCiv4Warlords.exe"="C:Program Files2K GamesFiraxis GamesSid Meier's Civilization 4 GoldWarlordsCiv4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsOwnerApplication Data
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=THETUCKERFAMILY
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsOwner
LANG=C
LOGONSERVER=THETUCKERFAMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:Program FilesMozilla Firefox;%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESCOMMON FILESULEAD SYSTEMSMPEG;C:PROGRAM FILESCOMMON FILESGTK2.0BIN;C:PYTHON25;C:WINDOWS;C:WINDOWSSYSTEM32WBEM;C:WINDOWSSYSTEM32;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1OwnerLOCALS~1Temp
TMP=C:DOCUME~1OwnerLOCALS~1Temp
USERDOMAIN=THETUCKERFAMILY
USERNAME=Owner
USERPROFILE=C:Documents and SettingsOwner
windir=C:WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator.THETUCKERFAMILY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
--> C:WINDOWSUNNeroVision.exe /UNINSTALL
--> C:WINDOWSUNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.42 --> "C:Program Files7-ZipUninstall.exe"
Ad-Aware SE Personal --> C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe" -l0x9
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
avast! Antivirus --> rundll32 C:PROGRA~1ALWILS~1Avast4Setupsetiface.dll,RunSetup
BigFix --> C:WINDOWSISUNINST.EXE -f"C:Program FilesBigFixUninst.isu" -c"C:Program FilesBigFixLibUninstallHelper.dll"
BitLord 1.1 --> C:Program FilesBitLorduninst.exe
Digital Media Reader --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ffdshow (remove only) --> "C:Program Filesffdshowuninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar4.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
HP Image Zone 4.7 --> C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 7.0 --> C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:Program FilesHPDigital Imaging{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}Setuphpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart and Deskjet 7.0.A --> C:Program FilesHPDigital Imaging{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}setuphpzscr01.exe -datfile hposcr09.dat
HP Photosmart Cameras 4.5 --> C:Program FilesHPDigital Imaging{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}setuphpzscr01.exe -datfile hpiscr01.dat
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
InterActual Player --> C:Program FilesInterActualInterActual Playerinuninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:PROGRA~1LINKSY~1AUInst.dll,ExUninstall
Logitech Desktop Messenger --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C191BE7C-8542-4A61-973A-714EF76C5995}setup.exe" -l0x9
Logitech® Camera Driver --> "C:Program FilesCommon FilesLogitechQCDRVBINSETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash Player 8 --> MsiExec.exe /X{A3703922-84E3-4318-B0A1-04EFAD449A04}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{48D9A460-9FA3-4E16-9533-2DF1C1F5129F}
Majesty - Gold Edition --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{212125C1-E5A3-4810-A057-C20FB2A79327}setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:Program FilesCommon FilesMicrosoft SharedPicture It!RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2005 --> C:Program FilesMicrosoft Money 2005MNYCoreFilesSetupuninst.exe /s:120
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.11) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero BurnRights --> C:WINDOWSUNNeroBurnRights.exe /UNINSTALL
Nero Suite --> C:Program FilesCommon FilesNeroUninstallsetupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:WINDOWSsystem32nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:Program FilesHPDigital ImagingOCRhpzscr01.exe -datfile hpqbud11.dat
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Photosmart 330,380 Series --> C:Program FilesHP{C8EEAA89-0A3E-441f-B646-17A46F5D6954}setuphpzscr01.exe -datfile hphscr01.dat
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
QuickTime --> C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
RealPlayer Basic --> C:Program FilesCommon FilesRealUpdaternuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458) -->
SoftV92 Data Fax Modem with SmartCP --> C:Program FilesCONEXANTCNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1HXFSETUP.EXE -U -IURSLST5K.inf
Viewpoint Media Player --> C:Program FilesViewpointViewpoint Experience TechnologymtsAxInstaller.exe /u
Virtools 3D Life Player --> C:Program FilesVirtools3D Life PlayerWebplayerConfig.exe -u
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
Yahoo! Messenger --> C:PROGRA~1Yahoo!MESSEN~1UNWISE.EXE /U C:PROGRA~1Yahoo!MESSEN~1INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type4058 / Error
Event Submitted/Written: 06/20/2008 07:34:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4053 / Error
Event Submitted/Written: 06/20/2008 01:42:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00a600ca.
Processing media-specific event for [hpqste08.exe!ws!]

Event Record #/Type4034 / Error
Event Submitted/Written: 06/19/2008 01:03:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x009beadc.
Processing media-specific event for [hpqste08.exe!ws!]

Event Record #/Type4032 / Error
Event Submitted/Written: 06/19/2008 00:25:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vacfix.exe, version 0.12.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00002664.
Processing media-specific event for [vacfix.exe!ws!]

Event Record #/Type4024 / Error
Event Submitted/Written: 06/18/2008 08:45:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [rundll32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12021687 / Error
Event Submitted/Written: 06/20/2008 11:11:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
FVXSCSI



-- End of Deckard's System Scanner: finished at 2008-06-20 23:33:30 ------------
------------
Sorry I couldnt find The edit button to post the Kaspersky Scan results.


Here they are. Once agian Thank you for taking the time to help me out :thumbsup:

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 11:11:26
Records in database: 880097
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:
D:
E:
F:
G:
H:
I:
Scan statistics
Files scanned 106023
Threat name 10
Infected objects 15
Suspicious objects 0
Duration of the scan 01:53:03

File name Threat name Threats count
C:DeckardSystem Scanner20080622204217backupDOCUME~1OwnerLOCALS~1TempTemporary Directory 1 for count.jar-28590ead-69c4f914.zipBlackBox.class Infected: Exploit.Java.ByteVerify 1
C:DeckardSystem Scanner20080622204217backupDOCUME~1OwnerLOCALS~1TempTemporary Internet FilesContent.IE5G1MZ41YNcounter[1].htm Infected: Exploit.HTML.IESlice.p 1
C:Documents and SettingsOwnerApplication DataSunJavaDeploymentcachejavapiv1.0jarcount.jar-28590ead-69c4f914.zip Infected: Exploit.Java.ByteVerify 2
C:Documents and SettingsOwnerApplication DataSunJavaDeploymentcachejavapiv1.0jarcount.jar-28590ead-69c4f914.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:Documents and SettingsOwnerApplication DataSunJavaDeploymentcachejavapiv1.0jarjvmimpro.jar-3ad601a5-631f0119.zip Infected: Exploit.Java.Gimsh.b 1
C:Documents and SettingsOwnerApplication DataSunJavaDeploymentcachejavapiv1.0jarjvmimpro.jar-4941f397-2221c4bc.zip Infected: Exploit.Java.Gimsh.b 1
C:Documents and SettingsOwnerApplication DataSunJavaDeploymentcachejavapiv1.0jarjvmimpro.jar-6b13a7e7-6ef1b888.zip Infected: Exploit.Java.Gimsh.b 1
C:Documents and SettingsOwnerDesktopSmitfraudFixReboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:Documents and SettingsOwnerDesktopSmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:WINDOWSexwd.exe Infected: Trojan.Win32.Vapsup.gzo 1
C:WINDOWSResourcesVoidDriveMon.dll Infected: Trojan.Win32.Agent.ryf 1
C:WINDOWSsystem32763444763444.dll Infected: not-a-virus:AdWare.Win32.E404.dj 1
C:WINDOWSvrmdtneg.dll Infected: Trojan.Win32.Vapsup.gzq 1
C:WINDOWSxvorfwbd.dll Infected: Trojan.Win32.Vapsup.gxx 1
The selected area was scanned.

Merged posts. ~ OB

Edited by Orange Blossom, 22 June 2008 - 08:52 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 28 June 2008 - 03:43 AM

Hello, my name is fenzodahl512 and welcome to BC.. Since its already one week from your first post, please post a fresh Deckard System Scanner log for further review...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 28 June 2008 - 10:34 PM

Thank you so very much for helping me. I know you guys are super busy!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-29 12:30:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:44, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hphmon07.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {72492997-CCC3-4C07-BCB8-D2D7BFB65F7F} - C:\WINDOWS\ksendlbtdpl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O2 - BHO: (no name) - {EBA6CB1B-6025-443E-B39D-DA9EF13CF0C0} - C:\WINDOWS\system32\khfGwWMd.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe
O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\vgkquqhy.dll",b
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: VoidDriveMon - {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10571 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel
2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-28 18:47:03 92032 --a------ C:\WINDOWS\system32\vgkquqhy.dll
2008-06-22 19:01:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-22 18:42:04 91904 --a------ C:\WINDOWS\system32\kbqmwxht.dll
2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro
2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups
2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents
2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop
2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies
2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates
2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood
2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT
2008-06-18 20:21:22 0 d-------- C:\WINDOWS\system32\763444
2008-06-18 15:22:34 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-18 15:15:55 86751 --ahs---- C:\WINDOWS\system32\dMWwGfhk.ini2
2008-06-18 15:15:51 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll
2008-06-18 14:22:12 180224 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-18 14:22:12 155648 --a------ C:\WINDOWS\vrmdtneg.dll
2008-06-18 14:22:12 94208 --a------ C:\WINDOWS\exwd.exe
2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools


-- Find3M Report ---------------------------------------------------------------

2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files
2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}]
C:\WINDOWS\ksendlbtdpl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBA6CB1B-6025-443E-B39D-DA9EF13CF0C0}]
06/18/2008 15:15 322944 --a------ C:\WINDOWS\system32\khfGwWMd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24]
"SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32]
"nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00]
"00802cab"="C:\WINDOWS\system32\vgkquqhy.dll" [06/28/2008 18:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"p2p networking"=p2pnetworking.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"VoidDriveMon"= {8b05d7df-7833-400f-ba89-7fa5e2340f2f} - C:\WINDOWS\Resources\VoidDriveMon.dll [06/18/2008 20:21 12838]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGwWMd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
AutoRun\command- "K:\Install FreeAgent Tools.exe" /run




-- End of Deckard's System Scanner: finished at 2008-06-29 12:31:43 ------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 29 June 2008 - 03:27 AM

Hello, thanks for the reply.. Please do the following....



Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 29 June 2008 - 10:11 PM

ComboFix 08-06-20.4 - Owner 2008-06-29 21:37:35.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\Dxccwrd.dll
C:\Documents and Settings\Owner\Application Data\Dxcdmns.dll
C:\Documents and Settings\Owner\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Dxc.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\exwd.exe
C:\WINDOWS\resources\VoidDriveMon.dll
C:\WINDOWS\system32\763444
C:\WINDOWS\system32\763444\763444.dll
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\dMWwGfhk.ini
C:\WINDOWS\system32\dMWwGfhk.ini2
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\eulfmaho.ini
C:\WINDOWS\system32\fpyyjuwn.ini
C:\WINDOWS\system32\gdkobyny.ini
C:\WINDOWS\system32\gpopqxih.ini
C:\WINDOWS\system32\juvwlwqr.ini
C:\WINDOWS\system32\khfGwWMd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrgyghin.ini
C:\WINDOWS\system32\pmioeywo.ini
C:\WINDOWS\system32\qwmofxeb.ini
C:\WINDOWS\system32\thxwmqbk.ini
C:\WINDOWS\system32\vfjdraeh.ini
C:\WINDOWS\system32\winio.vxd
C:\WINDOWS\system32\wnngixpy.ini
C:\WINDOWS\system32\yhquqkgv.ini
C:\WINDOWS\vrmdtneg.dll
C:\WINDOWS\xvorfwbd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2009-01-30 16:24 . 1998-09-25 19:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2009-01-30 16:24 . 1998-06-17 19:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2009-01-30 16:24 . 1997-01-23 04:45 484,352 --a------ C:\WINDOWS\system32\MSVCP50D.DLL
2009-01-30 16:24 . 2000-03-07 19:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2009-01-30 16:24 . 1998-06-17 19:00 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL
2009-01-30 16:21 . 2009-01-30 16:21 <DIR> d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31 . 2009-01-10 09:31 <DIR> d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23 . 2009-01-10 09:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2009-01-09 15:23 . 2001-08-18 09:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2009-01-09 15:23 . 2001-08-18 09:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-29 18:46 . 2008-06-29 18:46 92,032 --a------ C:\WINDOWS\system32\owyeoimp.dll
2008-06-22 19:01 . 2008-06-22 19:06 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-22 18:42 . 2008-06-22 18:42 91,904 --a------ C:\WINDOWS\system32\kbqmwxht.dll
2008-06-20 23:31 . 2008-06-20 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 23:27 . 2008-06-20 23:27 <DIR> d-------- C:\Deckard
2008-06-19 01:41 . 2008-06-19 01:41 <DIR> d-------- C:\VundoFix Backups
2008-06-19 00:25 . 2008-06-20 19:03 4,576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-19 00:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-19 00:24 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-19 00:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-19 00:24 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-19 00:24 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-19 00:24 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-19 00:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-18 23:32 . 2008-06-18 23:32 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:03 . 2004-08-27 18:54 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03 . 2005-11-08 02:12 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03 . 2005-11-08 02:41 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03 . 2007-02-17 07:00 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03 . 2006-03-22 07:19 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03 . 2008-06-18 23:03 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY
2008-06-18 15:22 . 2008-06-18 15:22 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-18 15:19 . 2008-06-18 15:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-18 15:19 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-18 14:21 . 2008-06-18 14:21 28,800 --a------ C:\WINDOWS\system32\urqQggfg.dll.vir
2008-06-11 18:41 . 2008-06-11 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 18:41 . 2008-06-11 18:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 15:06 . 2008-04-14 20:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:06 . 2008-04-14 20:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:02 . 2008-06-11 03:02 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-10 16:41 . 2008-06-10 16:41 <DIR> d-------- C:\Program Files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Laconic Software
2009-01-03 19:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-20 12:54 2,070 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 12:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}]
C:\WINDOWS\ksendlbtdpl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"= "C:\WINDOWS\vrmdtneg.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 16:49 4662776]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-01-01 19:08 67128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 11:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 20:27 68856]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 15:07 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 05:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-16 08:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 13:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-27 08:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-19 01:32 7204864]
"nwiz"="nwiz.exe" [2005-09-19 01:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-19 01:32 86016]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 16:42 212992]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-26 11:24 966656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 08:03 36975]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [2004-12-23 01:40 172032]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [2005-03-17 14:08 49152]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [2005-03-17 13:59 622592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-10 10:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-08 05:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-08 05:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-02 12:22 262144]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 21:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 09:55 282624]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 22:00 79224]
"00802cab"="C:\WINDOWS\system32\owyeoimp.dll" [2008-06-29 18:46 92032]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
\Shell\AutoRun\command - "K:\Install FreeAgent Tools.exe" /run

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 01:03:55 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-18 18:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-29 09:15:31 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 10:04:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\pmioeywo.ini 294 bytes


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\digital imaging\bin\hpohmr08.exe
C:\Program Files\HP\digital imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
C:\Program Files\HP\digital imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-06-30 10:20:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 01:19:36

Pre-Run: 78,771,290,112 bytes free
Post-Run: 78,891,376,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

259 --- E O F --- 2008-06-11 18:04:48




;;;;;;;;;;;;;;;;;;

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-30 12:10:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:08, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon07.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {72492997-CCC3-4C07-BCB8-D2D7BFB65F7F} - C:\WINDOWS\ksendlbtdpl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\WINDOWS\vrmdtneg.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe
O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\owyeoimp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10023 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel
2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-29 21:37:05 0 d-------- C:\cmdcons
2008-06-29 21:33:12 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 21:33:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 21:33:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 21:33:12 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 21:33:12 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 21:33:12 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 21:33:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 21:33:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 18:46:06 92032 --a------ C:\WINDOWS\system32\owyeoimp.dll
2008-06-22 19:01:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-22 18:42:04 91904 --a------ C:\WINDOWS\system32\kbqmwxht.dll
2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro
2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups
2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents
2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop
2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies
2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates
2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood
2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT
2008-06-18 15:22:34 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools


-- Find3M Report ---------------------------------------------------------------

2008-06-29 18:15:20 118642 --a------ C:\WINDOWS\hpoins09.dat
2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files
2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}]
C:\WINDOWS\ksendlbtdpl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24]
"SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32]
"nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00]
"00802cab"="C:\WINDOWS\system32\owyeoimp.dll" [06/29/2008 18:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
AutoRun\command- "K:\Install FreeAgent Tools.exe" /run




-- End of Deckard's System Scanner: finished at 2008-06-30 12:10:45 ------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 30 June 2008 - 03:44 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\owyeoimp.dll
C:\WINDOWS\system32\kbqmwxht.dll
C:\WINDOWS\PowerReg.dat
C:\WINDOWS\system32\urqQggfg.dll.vir
C:\WINDOWS\ksendlbtdpl.dll
C:\WINDOWS\vrmdtneg.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72492997-CCC3-4C07-BCB8-D2D7BFB65F7F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"=-
[-HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[-HKEY_CLASSES_ROOT\vrmdtneg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[-HKEY_CLASSES_ROOT\vrmdtneg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00802cab"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





Please post the following logs in your next reply...Post each log in separate post..

1. ComboFix
2. Malwarebytes'
3. a fresh HijackThis (after Malwarebytes' step)



Regards
fenzodahl512

Edited by fenzodahl512, 30 June 2008 - 03:44 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 30 June 2008 - 04:46 AM

ComboFix 08-06-20.4 - Owner 2008-06-30 18:23:15.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\ksendlbtdpl.dll
C:\WINDOWS\PowerReg.dat
C:\WINDOWS\system32\kbqmwxht.dll
C:\WINDOWS\system32\owyeoimp.dll
C:\WINDOWS\system32\urqQggfg.dll.vir
C:\WINDOWS\vrmdtneg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\PowerReg.dat
C:\WINDOWS\system32\kbqmwxht.dll
C:\WINDOWS\system32\owyeoimp.dll
C:\WINDOWS\system32\urqQggfg.dll.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2009-01-30 16:24 . 1998-09-25 19:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2009-01-30 16:24 . 1998-06-17 19:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2009-01-30 16:24 . 1997-01-23 04:45 484,352 --a------ C:\WINDOWS\system32\MSVCP50D.DLL
2009-01-30 16:24 . 2000-03-07 19:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2009-01-30 16:24 . 1998-06-17 19:00 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL
2009-01-30 16:21 . 2009-01-30 16:21 <DIR> d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31 . 2009-01-10 09:31 <DIR> d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23 . 2009-01-10 09:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2009-01-09 15:23 . 2004-08-04 19:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-09 15:23 . 2001-08-18 08:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2009-01-09 15:23 . 2001-08-18 09:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2009-01-09 15:23 . 2001-08-18 09:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-30 10:08 . 2008-06-30 10:20 354 ---hs---- C:\WINDOWS\system32\pmioeywo.ini
2008-06-22 19:01 . 2008-06-22 19:06 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-20 23:31 . 2008-06-20 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 23:27 . 2008-06-20 23:27 <DIR> d-------- C:\Deckard
2008-06-19 01:41 . 2008-06-19 01:41 <DIR> d-------- C:\VundoFix Backups
2008-06-19 00:25 . 2008-06-20 19:03 4,576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-19 00:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-19 00:24 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-19 00:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-19 00:24 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-19 00:24 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-19 00:24 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-19 00:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-18 23:32 . 2008-06-18 23:32 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:03 . 2004-08-27 18:54 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03 . 2005-11-08 02:12 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03 . 2005-11-08 02:41 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03 . 2007-02-17 07:00 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03 . 2006-03-22 07:19 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03 . 2008-06-18 23:03 <DIR> d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY
2008-06-18 15:19 . 2008-06-18 15:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-18 15:19 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-11 18:41 . 2008-06-11 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 18:41 . 2008-06-11 18:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 15:06 . 2008-04-14 20:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:06 . 2008-04-14 20:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:02 . 2008-06-11 03:02 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-10 16:41 . 2008-06-10 16:41 <DIR> d-------- C:\Program Files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Laconic Software
2009-01-03 19:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-20 12:54 2,070 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 12:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_10.19.10.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 01:03:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 09:29:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 09:29:35 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 16:49 4662776]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-01-01 19:08 67128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 11:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 20:27 68856]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 15:07 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 05:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-16 08:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 13:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-27 08:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-19 01:32 7204864]
"nwiz"="nwiz.exe" [2005-09-19 01:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-19 01:32 86016]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 16:42 212992]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-26 11:24 966656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 08:03 36975]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [2004-12-23 01:40 172032]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [2005-03-17 14:08 49152]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [2005-03-17 13:59 622592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-10 10:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-08 05:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-08 05:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-02 12:22 262144]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 21:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 09:55 282624]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 22:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
\Shell\AutoRun\command - "K:\Install FreeAgent Tools.exe" /run

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 09:29:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-18 18:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-29 09:15:31 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 18:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\digital imaging\bin\hpohmr08.exe
C:\Program Files\HP\digital imaging\bin\hpotdd01.exe
C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-06-30 18:43:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 09:42:50
ComboFix2.txt 2008-06-30 01:20:46

Pre-Run: 78,877,933,568 bytes free
Post-Run: 78,857,981,952 bytes free

192 --- E O F --- 2008-06-11 18:04:48

#8 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 30 June 2008 - 05:26 AM

Malwarebytes' Anti-Malware 1.19
Database version: 907
Windows 5.1.2600 Service Pack 2

7:24:51 PM 6/30/2008
mbam-log-6-30-2008 (19-24-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 140553
Time elapsed: 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d533de66-2b14-490e-b016-2720ce19dca1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6ae377b2-39f5-46e8-8b93-0cf4ba12dada} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eae7a9c6-14c8-4855-ba97-84bc5f4cd910} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6e82c9d-3bf1-4657-8e45-3dea97d1b88c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrmdtneg.bkod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrmdtneg.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\exwd.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Resources\VoidDriveMon.dll.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kbqmwxht.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfGwWMd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\owyeoimp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqQggfg.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\763444\763444.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP609\A0184538.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP611\A0186657.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP614\A0197713.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP615\A0200716.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP615\A0200795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP615\A0202435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP617\A0203506.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP617\A0203507.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP617\A0203508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP617\A0203521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP617\A0203525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP618\A0203587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP618\A0203588.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#9 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 30 June 2008 - 05:36 AM

And Last but not least ;) The HL. Thank you so very much again for taking the time out to help me with this big mess I made for myself :thumbsup: I look forward to the next step.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-30 19:31:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:44, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon07.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe
O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9431 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel
2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-30 18:51:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-30 18:51:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 18:51:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 21:37:05 0 d-------- C:\cmdcons
2008-06-29 21:33:12 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 21:33:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 21:33:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 21:33:12 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 21:33:12 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 21:33:12 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 21:33:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 21:33:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 19:01:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro
2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups
2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents
2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop
2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies
2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates
2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood
2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools


-- Find3M Report ---------------------------------------------------------------

2008-06-29 18:15:20 118642 --a------ C:\WINDOWS\hpoins09.dat
2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files
2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24]
"SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32]
"nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
AutoRun\command- "K:\Install FreeAgent Tools.exe" /run




-- End of Deckard's System Scanner: finished at 2008-06-30 19:32:37 ------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 30 June 2008 - 07:29 AM

Hello, thanks for the reply.. Please do the following...

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE




NEXT


Please copy and paste the following into a Notepad

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BA52B914-B692-46c4-B683-905236F6F655}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{CD292324-974F-4224-D074-CACA427AA030}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.

If you do not sure how to make a registry file, please visit HERE for the tutorial.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please post the following logs in your next reply.. Please post each log in separate post..

1. Kaspersky Webscanner
2. A fresh Deckard System Scanner (after Kaspersky step)
3. Tell me about your computer condition..



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 01 July 2008 - 01:07 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 01, 2008 01:53:25
Records in database: 900976
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 103897
Threat name: 7
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:25:43


File name / Threat name / Threats count
C:\Deckard\System Scanner\20080622204217\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for count.jar-28590ead-69c4f914.zip\BlackBox.class Infected: Exploit.Java.ByteVerify 1
C:\Deckard\System Scanner\20080622204217\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\G1MZ41YN\counter[1].htm Infected: Exploit.HTML.IESlice.p 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-69c4f914.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-69c4f914.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-631f0119.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-2221c4bc.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6ef1b888.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\vrmdtneg.dll.vir Infected: Trojan.Win32.Vapsup.gzq 1
C:\QooBox\Quarantine\C\WINDOWS\xvorfwbd.dll.vir Infected: Trojan.Win32.Vapsup.gxx 1

The selected area was scanned.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-01 15:04:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:28, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon07.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\LINKSY~1\LinksysAgent.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe
O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ahvpsvc - HP - C:\WINDOWS\system32\drivers\HPZid412.sys
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9105 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2009-01-30 16:21:54 0 d-------- C:\Program Files\Infogrames Interactive
2009-01-10 09:31:21 0 d-------- C:\Program Files\Microsoft Games
2009-01-10 09:23:34 0 d-------- C:\WINDOWS\SxsCaPendDel
2009-01-08 02:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 17:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
2009-01-04 04:13:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone
2008-06-30 18:51:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-30 18:51:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 18:51:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 21:37:05 0 d-------- C:\cmdcons
2008-06-29 21:33:12 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 21:33:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 21:33:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 21:33:12 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 21:33:12 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 21:33:12 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 21:33:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 21:33:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 19:01:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-06-20 23:31:01 0 d-------- C:\Program Files\Trend Micro
2008-06-19 01:41:06 0 d-------- C:\VundoFix Backups
2008-06-19 00:25:51 4576 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 00:24:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-19 00:24:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 00:24:58 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 00:24:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 00:24:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 00:24:58 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 00:24:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 00:24:58 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 23:32:57 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Lavasoft
2008-06-18 23:10:02 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Mozilla
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Identities
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Gtek
2008-06-18 23:03:30 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\AOL
2008-06-18 23:03:29 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\SampleView
2008-06-18 23:03:29 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\Microsoft
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\My Documents
2008-06-18 23:03:28 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Local Settings
2008-06-18 23:03:28 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Favorites
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Desktop
2008-06-18 23:03:28 0 d---s---- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Cookies
2008-06-18 23:03:28 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data
2008-06-18 23:03:28 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Application Data\You've Got Pictures Screensaver
2008-06-18 23:03:27 0 d-------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\WINDOWS
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Templates
2008-06-18 23:03:27 0 dr------- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Start Menu
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\SendTo
2008-06-18 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\Recent
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\PrintHood
2008-06-18 23:03:27 0 d--h----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NetHood
2008-06-18 23:03:26 1310720 --ah----- C:\Documents and Settings\Administrator.THETUCKERFAMILY\NTUSER.DAT
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 16:41:01 0 d-------- C:\Program Files\Virtools


-- Find3M Report ---------------------------------------------------------------

2008-06-29 18:15:20 118642 --a------ C:\WINDOWS\hpoins09.dat
2008-06-20 21:54:17 2070 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 15:19:12 0 d-------- C:\Program Files\Common Files
2008-06-10 16:09:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/10/2001 05:50]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/16/2004 08:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 13:24]
"SoundMan"="SOUNDMAN.EXE" [09/27/2005 08:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/19/2005 01:32]
"nwiz"="nwiz.exe" [09/19/2005 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/19/2005 01:32]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 08:03]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe" [12/23/2004 01:40]
"HPHUPD07"="C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe" [03/17/2005 14:08]
"HPHmon07"="C:\WINDOWS\system32\hphmon07.exe" [03/17/2005 13:59]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/10/2005 10:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/08/2005 05:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/08/2005 05:33]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/02/2004 12:22]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 21:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/06/2006 09:55]
"NWEReboot"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 22:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/01/2006 16:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 19:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/31/2006 11:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/24/2007 20:27]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 15:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0b7d32-7071-11dc-bfb4-0040caad705b}]
AutoRun\command- "K:\Install FreeAgent Tools.exe" /run




-- End of Deckard's System Scanner: finished at 2008-07-01 15:06:11 ------------

#12 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 01 July 2008 - 01:13 AM

Its running much better! Thank you! My desktop is back to normal no more scary images or blue screens I'm not losing my icons or start menu any longer. Everything is running much much faster. All the horrid IE toolbars are gone and I am actually using it at the moment for the first time in a long while with out getting all kinds if crazy popups!

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 01 July 2008 - 01:45 AM

Just a little bit more..



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-69c4f914.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-631f0119.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-2221c4bc.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6ef1b888.zip


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply.. Post each log on separate post:
  • ComboFix
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 UH60wife

UH60wife
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 July 2008 - 06:11 AM

Ive tried to do the CFScript.txt into combo fix but CF keeps getting stuck on the generating log page I left it for a full day and it never did anything, I tried agian and still got stuck at the same place, I didnt touch it the whole time it was running :thumbsup:

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 05 July 2008 - 09:55 AM

Ok.. Skip that part and do the following...


please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6



After that, please download and install Java Runtime Environment (JRE) 6 Update 6


Then, please post a fresh Deckard System Scanner log in your next reply.. Tell me about your computer condition...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users