Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't Know What's Wrong?


  • This topic is locked This topic is locked
3 replies to this topic

#1 msgracie

msgracie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 June 2008 - 03:50 PM

Hello everyone!

Recently my little brother accidentally opened a file and it infected my whole computer. My computer has been running slower than usual, and my browsers (both Opera and Firefox) frequently freeze for 5-10 seconds everytime I load a new webpage.
I don't even want to get started with Internet Explorer, everytime I open it i get a million popups from Kaspersky. I don't exactly remember what each of them said, but one of them said something about winlogon.exe
I am currently being protected by Kaspersky Internet Security 7.0
I ran SUPERAntiSpyware to try to remove everything but even after rebooting the trojans are still there.

Here's my log:

Deckard's System Scanner v20071014.68
Run by Gracie on 2008-06-20 16:39:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gracie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:48 PM, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Kaspersky Internet Security 7.0\avp.exe
C:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Rainlendar2\Rainlendar2.exe
C:\Avedesk\AVEDESK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gracie\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe
C:\HIJACK~1\Gracie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} - C:\WINDOWS\system32\ddcAppQj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9988C888-5CC2-46B3-8465-49499067690B} - C:\WINDOWS\system32\xxyyaAPI.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [OmniPass] "C:\Program Files\Softex\OmniPass\scureapp.exe"
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [AVP] "C:\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [2cf56492] rundll32.exe "C:\WINDOWS\system32\yenrujdu.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [AVEDESK] "C:\Avedesk\AVEDESK.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: ddcAppQj - ddcAppQj.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O20 - Winlogon Notify: yayaywx - yayaywx.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

--
End of file - 10793 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 15:05:37 0 d-------- C:\VundoFix Backups
2008-06-20 10:10:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 10:08:17 0 d-------- C:\SUPERAntiSpyware
2008-06-20 10:08:17 0 d-------- C:\Documents and Settings\Gracie\Application Data\SUPERAntiSpyware.com
2008-06-20 10:07:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 10:04:11 0 d-------- C:\HijackThis
2008-06-20 01:38:05 0 d-------- C:\Opera
2008-06-19 10:57:40 79872 --a------ C:\WINDOWS\system32\yenrujdu.dll
2008-06-18 21:46:44 0 d-------- C:\Documents and Settings\Gracie\Application Data\Nero
2008-06-18 21:31:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-18 21:31:23 0 d-------- C:\Program Files\Common Files\Nero
2008-06-18 21:11:21 0 d-------- C:\Nero 8
2008-06-18 18:57:11 616242 --ahs---- C:\WINDOWS\system32\IPAayyxx.ini2
2008-06-18 17:58:32 145 --a------ C:\WINDOWS\system32\winver.bat
2008-06-18 17:58:26 0 d-------- C:\WINDOWS\system32\349168
2008-06-15 23:55:46 109840 --a------ C:\WINDOWS\VidCap32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-15 23:55:46 102400 --a------ C:\WINDOWS\MMVEM.EXE <Not Verified; Meta Media Inc; mmedia mmvem>
2008-06-15 23:55:46 172032 --a------ C:\WINDOWS\JAPI2.DLL
2008-06-15 23:55:46 106496 --a------ C:\WINDOWS\JAPI.DLL
2008-06-15 23:46:36 81920 -ra------ C:\WINDOWS\system32\VM303STI.dll <Not Verified; VM; >
2008-06-15 23:46:36 40960 -ra------ C:\WINDOWS\system32\setupfilter.exe
2008-06-15 23:46:36 428160 -ra------ C:\WINDOWS\system32\drivers\vmfilter303.sys <Not Verified; Vimicro Corporation; Filter for VM303 with Face Tracking>
2008-06-15 23:46:36 392122 -ra------ C:\WINDOWS\system32\drivers\usbVM303.sys <Not Verified; Vimicro Corporation; >
2008-06-15 23:46:35 32768 -r------- C:\WINDOWS\Zoom.exe <Not Verified; Vimicro; >
2008-06-15 23:46:35 24576 -r------- C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2008-06-15 23:46:34 49152 -ra------ C:\WINDOWS\VMSnap3.EXE <Not Verified; ZSMCSNAP; ZSMCSNAP>
2008-06-15 23:46:34 102400 -ra------ C:\WINDOWS\VM303Cap.exe <Not Verified; www.zsmc.com.cn; www.zsmc.com.cn StillCap>
2008-06-15 23:46:34 176128 -ra------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2008-06-15 23:46:31 73728 --a------ C:\WINDOWS\VMInstNT.exe
2008-06-15 23:46:31 40960 --a------ C:\WINDOWS\VM303UninstNT.exe
2008-06-15 23:46:28 0 d-------- C:\WINDOWS\EffectResources
2008-06-15 23:19:25 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 23:19:25 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 23:18:00 98336 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 23:18:00 8044320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 23:18:00 0 d-------- C:\Kaspersky Internet Security 7.0
2008-06-15 23:17:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-15 22:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-14 10:29:00 0 d-------- C:\Program Files\Common Files\NSV
2008-06-14 10:27:18 0 d-------- C:\Winamp
2008-06-14 10:27:18 0 d-------- C:\Documents and Settings\Gracie\Application Data\Winamp
2008-06-13 21:02:06 0 d-------- C:\Program Files\Microsoft Works
2008-06-13 21:00:52 0 d-------- C:\Program Files\Microsoft.NET
2008-06-13 20:49:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-13 20:47:40 0 dr-h----- C:\MSOCache
2008-06-09 14:06:43 0 d-------- C:\download
2008-06-08 22:16:03 0 d-------- C:\WINDOWS\OAT Achiever - Optometry Admission Test


-- Find3M Report ---------------------------------------------------------------

2008-06-20 10:07:01 0 d-------- C:\Program Files\Common Files
2008-06-19 22:57:17 0 d-------- C:\Documents and Settings\Gracie\Application Data\Skype
2008-06-16 00:07:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:11:46 3 --a------ C:\WINDOWS\msdbc_10203519.dat
2008-05-12 22:18:36 0 d-------- C:\Program Files\Windows Live
2008-05-03 19:27:00 4399 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 17:43:57 0 d-------- C:\Documents and Settings\Gracie\Application Data\Adobe
2008-04-04 14:47:40 35736 --a------ C:\Documents and Settings\Gracie\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}]
C:\WINDOWS\system32\ddcAppQj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9988C888-5CC2-46B3-8465-49499067690B}]
C:\WINDOWS\system32\xxyyaAPI.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 04:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/06/2006 02:09 PM]
"batterymiser"="C:\Program Files\LG Software\Battery Miser\batterymiser.exe" [29/09/2006 06:29 PM]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 08:00 AM C:\WINDOWS\system32\rundll32.exe]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [13/04/2006 10:21 PM]
"RTHDCPL"="RTHDCPL.EXE" [11/01/2006 04:23 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [04/08/2004 08:00 AM C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 08:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [04/08/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 08:00 AM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [08/01/2006 07:35 AM]
"LG Direct Media Button Service"="LGDMEBTN.exe" [02/02/2006 04:59 PM C:\WINDOWS\system32\LGDMEBTN.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 08:24 PM]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [03/07/2005 03:20 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [27/02/2006 08:59 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [27/02/2006 08:56 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [27/02/2006 09:00 AM]
"AGRSMMSG"="AGRSMMSG.exe" [28/06/2006 09:32 PM C:\WINDOWS\AGRSMMSG.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 06:30 PM]
"IPO3"="C:\Program Files\LG Software\IP Operator 2005\IP Operator.exe" [24/04/2006 04:22 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/09/2007 06:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 03:17 AM C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [29/08/2006 10:58 PM]
"Domino"="C:\WINDOWS\Domino.EXE" []
"BigDog303"="C:\WINDOWS\VM303_STI.exe" []
"AVP"="C:\Kaspersky Internet Security 7.0\avp.exe" [08/02/2008 06:36 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/04/2008 05:14 PM]
"NBKeyScan"="C:\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 05:29 PM]
"2cf56492"="C:\WINDOWS\system32\yenrujdu.dll" [19/06/2008 10:57 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [11/11/2007 05:00 PM]
"SRSTrayApp"="C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe" [09/02/2006 11:17 AM]
"Rainlendar2"="C:\Rainlendar2\Rainlendar2.exe" [30/12/2007 06:23 AM]
"AVEDESK"="C:\Avedesk\AVEDESK.EXE" [26/10/2005 12:44 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ProxyWay"="C:\ProxyWay\proxyway.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 06:07 PM]
"SUPERAntiSpyware"="C:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe [17/02/2008 2:46:55 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS\system32\bmpsap.dll [29/09/2006 06:29 PM 114688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]
"{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}"= C:\WINDOWS\system32\ddcAppQj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcAppQj]
ddcAppQj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09/01/2008 01:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 08/01/2006 07:36 AM 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 16/01/2006 02:49 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
winzzd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayaywx]
yayaywx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,C:\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyyaAPI

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVEDESK]
"C:\DOCUME~1\Gracie\LOCALS~1\Temp\Rar$EX00.140\AVEDESK.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
"C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"C:\Program Files\Logitech\ImageStudio\ISStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"rundll32.exe" "C:\WINDOWS\system32\seixpfkm.dll",setvm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqryjhd.dll]
"C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\uqryjhd.dll,jmiwskb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-20 16:41:22 ------------

Please help me!! :thumbsup:

Edited by msgracie, 20 June 2008 - 09:13 PM.


BC AdBot (Login to Remove)

 


#2 msgracie

msgracie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 June 2008 - 09:14 PM

:thumbsup:

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 28 June 2008 - 03:38 AM

Hello, my name is fenzodahl512 and welcome to BC.. Since its already one week from your post, please post a fresh Deckard System Scanner log for further review..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 06 July 2008 - 04:41 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users