Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RED BACKGROUND OF DOOM! [RESOLVED]

Started by Caboose04 , Jan 28 2008 05:10 AM

This topic is locked

#1
Caboose04

Posted 28 January 2008 - 05:10 AM

New Member

Member
9 posts

Hi I Need help as you can see =P I Clicked a bad link and closed the window and my background was changed >.< and right now im getting pop ups in IE
I would greatly appreciate any help. I Deleted the file in the Windows folder that was named Privacy_danger or something like that dont know if that was a good thing to do or not i have my HJTlog and SmitFraudFix reports and combofix will not work for some reason

HJTLOG

Logfile of HijackThis v1.99.1
Scan saved at 2:53:20 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Programs\Zboard\Zboard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CABOOSE\Desktop\HJT\Removal.exe

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: SXG Advisor - {B0F2B740-1E56-450F-93FE-C23419DEC7C6} - C:\WINDOWS\dopfwrltfx.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: aslpmqk - {49B29E77-15FD-40F4-A229-F5BB648FF5F6} - C:\WINDOWS\aslpmqk.dll
O21 - SSODL: bxsnvqt - {66DBAD4D-1B17-4203-96EE-57868C3C9DD4} - C:\WINDOWS\bxsnvqt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

SMITFRAUDFIX

SmitFraudFix v2.276

Scan done at 2:43:59.76, Mon 01/28/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Programs\Zboard\Zboard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CABOOSE

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CABOOSE\Application Data

C:\Documents and Settings\CABOOSE\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CABOOSE\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11g Wireless PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.11
DNS Server Search Order: 68.105.29.11
DNS Server Search Order: 68.105.28.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.111.16.30 68.111.16.25 68.1.208.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.111.16.30 68.111.16.25 68.1.208.30

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#2
Rorschach112

Posted 28 January 2008 - 10:13 AM

Ralphie

Retired Staff
47,710 posts

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
Caboose04

Posted 28 January 2008 - 10:21 PM

New Member

Topic Starter
Member
9 posts

Alright here is the Logs you wanted

Smitfraudfix Log

SmitFraudFix v2.277

Scan done at 19:55:27.59, Mon 01/28/2008
Run from C:\Documents and Settings\CABOOSE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\Documents and Settings\CABOOSE\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AC9BFE63-9CFF-457B-95DA-70130B58632F}: DhcpNameServer=68.111.16.30 68.111.16.25 68.1.208.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.111.16.30 68.111.16.25 68.1.208.30

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Main Log

Deckard's System Scanner v20071014.68
Run by CABOOSE on 2008-01-28 20:05:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
68: 2008-01-29 04:05:21 UTC - RP346 - Deckard's System Scanner Restore Point
67: 2008-01-28 05:38:26 UTC - RP345 - Installed VeohTV BETA
66: 2008-01-27 14:38:51 UTC - RP344 - System Checkpoint
65: 2008-01-26 13:38:51 UTC - RP343 - System Checkpoint
64: 2008-01-25 12:38:50 UTC - RP342 - System Checkpoint

-- First Restore Point --
1: 2007-11-23 11:24:21 UTC - RP279 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as CABOOSE.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-28 20:06:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Programs\Zboard\Zboard.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CABOOSE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: SXG Advisor - {B0F2B740-1E56-450F-93FE-C23419DEC7C6} - C:\WINDOWS\dopfwrltfx.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O21 - SSODL: aslpmqk - {49B29E77-15FD-40F4-A229-F5BB648FF5F6} - C:\WINDOWS\aslpmqk.dll
O21 - SSODL: bxsnvqt - {66DBAD4D-1B17-4203-96EE-57868C3C9DD4} - C:\WINDOWS\bxsnvqt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6157 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\CABOOSE\Desktop\HJT\backups\) ---------

backup-20061210-160434-219 O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
backup-20061210-160434-225 O2 - BHO: (no name) - {C2E61DF7-6639-4B2D-A57B-DA6256F48B1F} - C:\WINDOWS\system32\ssqpq.dll (file missing)
backup-20061210-160434-268 O2 - BHO: (no name) - {5B4926DE-D92B-A707-79B5-06DED9A49269} - C:\WINDOWS\system32\nkdwfqm.dll (file missing)
backup-20061210-160434-279 O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\xcnovrcg.dll (file missing)
backup-20061210-160434-357 O2 - BHO: (no name) - {5FCFB96D-6439-F01A-1D1A-01C78C6963AE} - C:\WINDOWS\system32\jzarjsg.dll (file missing)
backup-20061210-160434-362 R3 - URLSearchHook: (no name) - {A2CFE8BA-0F06-7F8F-7240-2FD73E0C64C6} - C:\WINDOWS\system32\fjxkdpy.dll (file missing)
backup-20061210-160434-454 O2 - BHO: (no name) - {3FDF44CE-41DB-601E-1725-06490A83D940} - C:\WINDOWS\system32\ydsxqjk.dll (file missing)
backup-20061210-160434-556 O2 - BHO: (no name) - {A2CFE8BA-0F06-7F8F-7240-2FD73E0C64C6} - C:\WINDOWS\system32\fjxkdpy.dll (file missing)
backup-20061210-160434-772 O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
backup-20061210-161021-296 O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll (file missing)
backup-20061210-161021-866 O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\reilewhu.dll
backup-20061215-005056-204 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 TNET1130 (802.11 WLAN) - c:\windows\system32\drivers\tnet1130.sys <Not Verified; Texas Instruments; TNET1130 WLAN Adapter>

S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; autoplay Application>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 DCSPGSRV (DiamondCS ProcessGuard Service v3.410) - "c:\program files\processguard\dcsuserprot.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30908086&REV_03\4&6C79FC5&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30908086&REV_03\4&6C79FC5&0&00E0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_4E538086&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_4E538086&REV_01\3&61AAA01&0&FB
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Device (RFCOMM Protocol TDI)
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Bluetooth Device (RFCOMM Protocol TDI)
PNP Device ID: ROOT\NET\0000
Service: RFCOMM

-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 05:30:00 298 --a------ C:\WINDOWS\Tasks\Ace Optimizer Maintenance.job
2008-01-23 22:20:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-28 19:48:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-28 02:48:33 0 d-------- C:\ComboFix(2)
2008-01-28 02:43:30 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 02:43:30 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-28 02:43:30 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-27 21:31:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-27 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-27 21:31:13 0 d-------- C:\WINDOWS\CSC
2008-01-22 01:13:07 0 d-------- C:\Program Files\uTorrent
2008-01-19 19:02:24 90112 --a------ C:\WINDOWS\fknxwqf.exe
2008-01-19 19:02:24 258048 --a------ C:\WINDOWS\dopfwrltfx.dll
2008-01-19 19:02:24 196608 --a------ C:\WINDOWS\aslpmqk.dll <Not Verified; ; aslpmqk>
2007-12-29 01:02:47 0 d-------- C:\Program Files\AVS4YOU
2007-12-29 00:10:57 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\AVS4YOU
2007-12-29 00:10:46 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-29 00:08:42 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-29 00:08:42 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-29 00:08:42 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>

-- Find3M Report ---------------------------------------------------------------

2008-01-28 19:55:34 3274 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 23:40:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\LimeWire
2008-01-27 21:26:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\uTorrent
2008-01-26 02:30:26 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\dvdcss
2008-01-23 15:10:48 0 d-------- C:\Program Files\Record Smart 10
2008-01-07 01:02:37 0 d-------- C:\Program Files\DivX
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files
2007-12-25 11:00:53 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\Ideazon
2007-12-25 10:50:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-08 03:30:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 22:21:53 0 d-------- C:\Program Files\iTunes
2007-12-05 22:21:36 0 d-------- C:\Program Files\iPod
2007-12-05 22:20:14 0 d-------- C:\Program Files\QuickTime
2007-12-05 22:17:42 0 d-------- C:\Program Files\Apple Software Update
2007-12-05 22:16:35 0 d-------- C:\Program Files\Common Files\Apple
2007-12-04 00:16:52 0 d-------- C:\Program Files\Common Files\Nero
2007-10-29 19:46:24 3532 --a------ C:\drmHeader.bin

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0F2B740-1E56-450F-93FE-C23419DEC7C6}]
01/19/2008 04:40 PM 258048 --a------ C:\WINDOWS\dopfwrltfx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 02:06 AM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [06/07/2006 04:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 08:07 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [04/06/2004 06:05 PM]
"nwiz"="nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2007 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 12:09 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 08:07 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Zboard"="E:\Programs\Zboard\Zboard.exe" [12/20/2005 02:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/03/2007 04:43 PM]
"@"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {49B29E77-15FD-40F4-A229-F5BB648FF5F6} - C:\WINDOWS\aslpmqk.dll [01/19/2008 04:40 PM 196608]
"bxsnvqt"= {66DBAD4D-1B17-4203-96EE-57868C3C9DD4} - C:\WINDOWS\bxsnvqt.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn]
C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"<NO NAME>"=
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

-- End of Deckard's System Scanner: finished at 2008-01-28 20:08:21 ------------

Extra Log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 12%
Physical Memory (total/avail): 3581.9 MiB / 3134.01 MiB
Pagefile Memory (total/avail): 5468.79 MiB / 5181.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 42.93 GiB total, 15.09 GiB free.
D: is CDROM (CDFS)
E: is Fixed (FAT32) - 698.34 GiB total, 501.53 GiB free.
H: is CDROM (UDF)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 54610H6 - 42.94 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 42.93 GiB - C:

\\.\PHYSICALDRIVE1 - DMI USB2.0 Storage USB Device - 698.51 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 698.51 GiB - E:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1043 [VPS 080128-0] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"E:\\Programs\\Binaries\\UT3.exe"="E:\\Programs\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\\Documents and Settings\\CABOOSE\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\CABOOSE\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CABOOSE\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QUE-V3CSH6IUYS3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CABOOSE
LOGONSERVER=\\QUE-V3CSH6IUYS3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CABOOSE\LOCALS~1\Temp
TMP=C:\DOCUME~1\CABOOSE\LOCALS~1\Temp
USERDOMAIN=QUE-V3CSH6IUYS3
USERNAME=CABOOSE
USERPROFILE=C:\Documents and Settings\CABOOSE
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

CABOOSE (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Fraps (remove only) --> "C:\Program Files\Fraps\uninstall.exe"
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Intel Audio Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
IZArc 3.5 beta 3 --> "C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Logo Design Studio --> "C:\WINDOWS\Logo Design Studio\uninstall.exe" "/U:E:\Programs\Uninstall\uninstall.xml"
Lux Delux 5.64 --> "C:\Program Files\Lux\unins000.exe"
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Project Standard 2003 --> MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{BACAC922-93AA-438C-BECA-6EEF6B15151F}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v3.9 Beta 5 --> "C:\Program Files\NewsLeecher\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pinnacle PCI Performance Enhancer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}\setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Record Smart 1.0 --> C:\Program Files\Record Smart 10\UNINST.EXE
Rhapsody Player Engine --> MsiExec.exe /I{6A136B9A-1895-436F-83F8-30D9C68BB6EA}
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Super DVD Creator 9.25.0 --> "C:\Program Files\Super DVD Creator 9.25.0\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Unreal Tournament 3 --> "C:\Documents and Settings\CABOOSE\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint...completed.html"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
ZEngine --> MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}

-- Application Event Log -------------------------------------------------------

Event Record #/Type5565 / Error
Event Submitted/Written: 01/28/2008 08:03:05 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type5560 / Error
Event Submitted/Written: 01/28/2008 07:48:47 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type5555 / Error
Event Submitted/Written: 01/28/2008 02:28:39 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type5545 / Error
Event Submitted/Written: 01/24/2008 09:11:53 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : anotify: Shared heap exhausted or damaged, process ID 82c, total alloc:39a60...

Event Record #/Type5544 / Error
Event Submitted/Written: 01/24/2008 09:11:53 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : anotify: Shared heap exhausted or damaged, process ID 82c, total alloc:39a60...

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type24456 / Error
Event Submitted/Written: 01/28/2008 08:03:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DiamondCS ProcessGuard Service v3.410 service failed to start due to the following error:
%%3

Event Record #/Type24451 / Error
Event Submitted/Written: 01/28/2008 08:01:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24450 / Error
Event Submitted/Written: 01/28/2008 07:58:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type24449 / Error
Event Submitted/Written: 01/28/2008 07:54:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24448 / Error
Event Submitted/Written: 01/28/2008 07:54:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

-- End of Deckard's System Scanner: finished at 2008-01-28 20:08:21 ------------

#4
Rorschach112

Posted 29 January 2008 - 08:36 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: SXG Advisor - {B0F2B740-1E56-450F-93FE-C23419DEC7C6} - C:\WINDOWS\dopfwrltfx.dll
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll (file missing)
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O21 - SSODL: aslpmqk - {49B29E77-15FD-40F4-A229-F5BB648FF5F6} - C:\WINDOWS\aslpmqk.dll
O21 - SSODL: bxsnvqt - {66DBAD4D-1B17-4203-96EE-57868C3C9DD4} - C:\WINDOWS\bxsnvqt.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\fknxwqf.exe
C:\WINDOWS\dopfwrltfx.dll
C:\WINDOWS\aslpmqk.dll
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

#5
Caboose04

Posted 29 January 2008 - 07:47 PM

New Member

Topic Starter
Member
9 posts

Here is the OTMoveit log

OTMOVEIT

File/Folder C:\WINDOWS\fknxwqf.exe not found.
File/Folder C:\WINDOWS\dopfwrltfx.dll not found.
File/Folder C:\WINDOWS\aslpmqk.dll not found.
[Custom Input]
< purity >
C:\WINDOWS\system32\ΑppPatch moved successfully.

OTMoveIt2 v1.0.15 log created on 01292008_173640

DSS LOG

Deckard's System Scanner v20071014.68
Run by CABOOSE on 2008-01-29 17:38:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as CABOOSE.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-29 17:38:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\CABOOSE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: aslpmqk - {C5FB1380-4396-4F44-8F72-7D1C6101514C} - C:\WINDOWS\aslpmqk.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5618 bytes

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-29 17:19:04 0 d-------- C:\WINDOWS\privacy_danger
2008-01-28 19:48:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-28 02:48:33 0 d-------- C:\ComboFix(2)
2008-01-28 02:43:30 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 02:43:30 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-28 02:43:30 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-27 21:31:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-27 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-27 21:31:13 0 d-------- C:\WINDOWS\CSC
2008-01-22 01:13:07 0 d-------- C:\Program Files\uTorrent
2007-12-29 01:02:47 0 d-------- C:\Program Files\AVS4YOU
2007-12-29 00:10:57 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\AVS4YOU
2007-12-29 00:10:46 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-29 00:08:42 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-29 00:08:42 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-29 00:08:42 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>

-- Find3M Report ---------------------------------------------------------------

2008-01-28 19:55:34 3274 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 23:40:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\LimeWire
2008-01-27 21:26:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\uTorrent
2008-01-26 02:30:26 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\dvdcss
2008-01-23 15:10:48 0 d-------- C:\Program Files\Record Smart 10
2008-01-07 01:02:37 0 d-------- C:\Program Files\DivX
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files
2007-12-25 11:00:53 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\Ideazon
2007-12-25 10:50:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-08 03:30:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 22:21:53 0 d-------- C:\Program Files\iTunes
2007-12-05 22:21:36 0 d-------- C:\Program Files\iPod
2007-12-05 22:20:14 0 d-------- C:\Program Files\QuickTime
2007-12-05 22:17:42 0 d-------- C:\Program Files\Apple Software Update
2007-12-05 22:16:35 0 d-------- C:\Program Files\Common Files\Apple
2007-12-04 00:16:52 0 d-------- C:\Program Files\Common Files\Nero
2007-10-29 19:46:24 3532 --a------ C:\drmHeader.bin

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 02:06 AM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [06/07/2006 04:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 08:07 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [04/06/2004 06:05 PM]
"nwiz"="nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2007 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 12:09 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 08:07 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Zboard"="E:\Programs\Zboard\Zboard.exe" [12/20/2005 02:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/03/2007 04:43 PM]
"@"="" []

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {C5FB1380-4396-4F44-8F72-7D1C6101514C} - C:\WINDOWS\aslpmqk.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"<NO NAME>"=
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{048bc2a2-82be-11dc-9e9c-00e098d7c409}]
AutoRun\command- D:\ONSPCLCK.exe

-- End of Deckard's System Scanner: finished at 2008-01-29 17:38:57 ------------

#6
Rorschach112

Posted 29 January 2008 - 08:12 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O21 - SSODL: aslpmqk - {C5FB1380-4396-4F44-8F72-7D1C6101514C} - C:\WINDOWS\aslpmqk.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please run the OTMoveIt2 by OldTimer again.

Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\privacy_danger
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

#7
Caboose04

Posted 31 January 2008 - 02:16 AM

New Member

Topic Starter
Member
9 posts

The file was moved sorry forgot to copy it ;( here is the new DSS LOG

DSS LOG

Deckard's System Scanner v20071014.68
Run by CABOOSE on 2008-01-31 00:12:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as CABOOSE.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-31 00:12:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\CABOOSE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: aslpmqk - {13EE8F0E-34C6-401E-96E2-F3BA9A434689} - C:\WINDOWS\aslpmqk.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5561 bytes

-- Files created between 2007-12-31 and 2008-01-31 -----------------------------

2008-01-28 19:48:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-28 02:48:33 0 d-------- C:\ComboFix(2)
2008-01-28 02:43:30 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 02:43:30 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-28 02:43:30 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-27 21:31:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-27 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-27 21:31:13 0 d-------- C:\WINDOWS\CSC
2008-01-22 01:13:07 0 d-------- C:\Program Files\uTorrent

-- Find3M Report ---------------------------------------------------------------

2008-01-31 00:08:26 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\uTorrent
2008-01-31 00:08:21 0 d-------- C:\Program Files\Trillian
2008-01-31 00:02:57 0 d-------- C:\Program Files\Record Smart 10
2008-01-28 19:55:34 3274 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 23:40:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\LimeWire
2008-01-26 02:30:26 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\dvdcss
2008-01-07 01:02:37 0 d-------- C:\Program Files\DivX
2007-12-29 01:07:56 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-29 01:07:53 0 d-------- C:\Program Files\AVS4YOU
2007-12-29 00:10:57 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\AVS4YOU
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files
2007-12-25 11:00:53 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\Ideazon
2007-12-25 10:50:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-08 03:30:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 22:21:53 0 d-------- C:\Program Files\iTunes
2007-12-05 22:21:36 0 d-------- C:\Program Files\iPod
2007-12-05 22:20:14 0 d-------- C:\Program Files\QuickTime
2007-12-05 22:17:42 0 d-------- C:\Program Files\Apple Software Update
2007-12-05 22:16:35 0 d-------- C:\Program Files\Common Files\Apple
2007-12-04 00:16:52 0 d-------- C:\Program Files\Common Files\Nero

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 02:06 AM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [06/07/2006 04:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 08:07 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [04/06/2004 06:05 PM]
"nwiz"="nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2007 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 12:09 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 08:07 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Zboard"="E:\Programs\Zboard\Zboard.exe" [12/20/2005 02:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/03/2007 04:43 PM]
"@"="" []

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {13EE8F0E-34C6-401E-96E2-F3BA9A434689} - C:\WINDOWS\aslpmqk.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"<NO NAME>"=
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{048bc2a2-82be-11dc-9e9c-00e098d7c409}]
AutoRun\command- D:\ONSPCLCK.exe

-- End of Deckard's System Scanner: finished at 2008-01-31 00:13:13 ------------

Edited by Caboose04, 31 January 2008 - 02:18 AM.

#8
Rorschach112

Posted 31 January 2008 - 09:31 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O21 - SSODL: aslpmqk - {13EE8F0E-34C6-401E-96E2-F3BA9A434689} - C:\WINDOWS\aslpmqk.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Reboot and post a new DSS log

#9
Caboose04

Posted 01 February 2008 - 04:49 AM

New Member

Topic Starter
Member
9 posts

Alright here is the Spyware scan and new DSS Log

SUPERAntiSpyware Scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2008 at 01:28 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:10:34

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 6577
Registry threats detected : 45
File items scanned : 53465
File threats detected : 35

Adware.ClickSpring/Outer Info Network
HKLM\Software\Classes\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}#AppID
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\InprocServer32
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\InprocServer32#ThreadingModel
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\ProgID
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\Programmable
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\TypeLib
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\VersionIndependentProgID
C:\PROGRAM FILES\OIN SEARCH\OINSEARCH.DLL
HKCR\OINSearchToolbar.OINSBarBand
HKCR\OINSearchToolbar.OINSBarBand\CLSID
HKCR\OINSearchToolbar.OINSBarBand\CurVer
HKCR\OINSearchToolbar.OINSBarBand.1
HKCR\OINSearchToolbar.OINSBarBand.1\CLSID
HKCR\AppId\JamingoToolbar.DLL
HKCR\AppId\JamingoToolbar.DLL#AppID
HKCR\AppId\{3689DAB5-D3B0-49BD-A7BD-EE5D71419BE8}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{C697105A-01E0-49F6-9661-A486A4C1C25C}
HKCR\CLSID\{C697105A-01E0-49F6-9661-A486A4C1C25C}
HKCR\CLSID\{C697105A-01E0-49F6-9661-A486A4C1C25C}\InprocServer32
HKCR\CLSID\{C697105A-01E0-49F6-9661-A486A4C1C25C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTQN.DLL

Adware.Tracking Cookie
C:\Documents and Settings\CABOOSE\Cookies\caboose@atwola[1].txt
C:\Documents and Settings\CABOOSE\Cookies\caboose@html[1].txt
C:\Documents and Settings\CABOOSE\Cookies\caboose@revsci[1].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.Elite Media
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup#DisplayName
C:\WINDOWS\em06y.ini

Trojan.WinBo32/Enhance
HKU\S-1-5-21-527237240-682003330-725345543-1003\Software\System\sysuid

Malware.Safety Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#DisplayName

Trojan.VXGame-Gen
C:\WINDOWS\SYSTEM32\VEXGA4ME1.EXE

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT

Trace.Known Threat Sources
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\ind_txt[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\ind_tbl_bord[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\orng_cut1[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\orng_cut3[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\ind_txt_bg[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\support[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\box_cut3[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\download_bttn[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\download[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\logo[1].jpg
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\home[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\box_bttm_bord[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\ind_img4[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\ind_img5[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\ind_box1[1].jpg
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\box_cut4[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\css[1].css
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\spacer[2].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\ind_img1[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\bg_tbl[1].jpg
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\ind_img3[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\spacer[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\orng_cut2[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\orng_cut4[1].gif
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\09IZWLIJ\css_land[1].css
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\DK95ZT5R\main[1].htm
C:\Documents and Settings\CABOOSE\Local Settings\Temporary Internet Files\Content.IE5\PNF5BFDN\ind_box[1].jpg

DSS LOG

Deckard's System Scanner v20071014.68
Run by CABOOSE on 2008-02-01 02:43:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as CABOOSE.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-01 02:43:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Programs\Zboard\Zboard.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\CABOOSE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: aslpmqk - {36835124-3C4A-45D8-9620-894887C5EF42} - C:\WINDOWS\aslpmqk.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6061 bytes

-- Files created between 2008-01-01 and 2008-02-01 -----------------------------

2008-02-01 01:44:11 0 d-------- C:\WINDOWS\privacy_danger
2008-02-01 00:13:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-01 00:13:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-01 00:13:09 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\SUPERAntiSpyware.com
2008-01-28 19:48:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-28 02:48:33 0 d-------- C:\ComboFix(2)
2008-01-28 02:43:30 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 02:43:30 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-28 02:43:30 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-27 21:31:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-27 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-27 21:31:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-27 21:31:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-27 21:31:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-27 21:31:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-27 21:31:13 0 d-------- C:\WINDOWS\CSC
2008-01-22 01:13:07 0 d-------- C:\Program Files\uTorrent

-- Find3M Report ---------------------------------------------------------------

2008-02-01 00:12:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 00:12:25 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\uTorrent
2008-01-31 04:49:03 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\dvdcss
2008-01-31 00:08:21 0 d-------- C:\Program Files\Trillian
2008-01-31 00:02:57 0 d-------- C:\Program Files\Record Smart 10
2008-01-28 19:55:34 3274 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 23:40:13 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\LimeWire
2008-01-07 01:02:37 0 d-------- C:\Program Files\DivX
2007-12-29 01:07:56 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-29 01:07:53 0 d-------- C:\Program Files\AVS4YOU
2007-12-29 00:10:57 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\AVS4YOU
2007-12-29 00:09:08 0 d-------- C:\Program Files\Common Files
2007-12-25 11:00:53 0 d-------- C:\Documents and Settings\CABOOSE\Application Data\Ideazon
2007-12-25 10:50:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-05 22:21:53 0 d-------- C:\Program Files\iTunes
2007-12-05 22:21:36 0 d-------- C:\Program Files\iPod
2007-12-05 22:20:14 0 d-------- C:\Program Files\QuickTime
2007-12-05 22:17:42 0 d-------- C:\Program Files\Apple Software Update
2007-12-05 22:16:35 0 d-------- C:\Program Files\Common Files\Apple
2007-12-04 00:16:52 0 d-------- C:\Program Files\Common Files\Nero

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 02:06 AM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [06/07/2006 04:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 08:07 PM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [04/06/2004 06:05 PM]
"nwiz"="nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2007 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 12:09 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 08:07 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Zboard"="E:\Programs\Zboard\Zboard.exe" [12/20/2005 02:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/03/2007 04:43 PM]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {36835124-3C4A-45D8-9620-894887C5EF42} - C:\WINDOWS\aslpmqk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"<NO NAME>"=
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

-- End of Deckard's System Scanner: finished at 2008-02-01 02:44:01 ------------

#10
Rorschach112

Posted 01 February 2008 - 06:31 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans check the box beside Reg - Disabled MS Config Items.
Under Rootkit Search change that to Yes.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

#11
Caboose04

Posted 02 February 2008 - 02:37 AM

New Member

Topic Starter
Member
9 posts

here is the report

Attached Files

WinPFind35.Txt 226.06KB 92 downloads

#12
Rorschach112

Posted 02 February 2008 - 07:04 AM

Ralphie

Retired Staff
47,710 posts

Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (DCSPGSRV) DiamondCS ProcessGuard Service v3.410 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ProcessGuard\dcsuserprot.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SigmatelSysTrayApp -> sttray.exe
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar2.dll [&Google]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> DAEMON Tools hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
[Files/Folders - Created Within 30 days]
YY -> privacy_danger -> %SystemRoot%\privacy_danger
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.

Also post a new HijackThis log

#13
Caboose04

Posted 02 February 2008 - 10:54 PM

New Member

Topic Starter
Member
9 posts

Alright here are all 3

Winpfind3u Fix

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service DCSPGSRV stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\privacy_danger\images folder moved successfully.
C:\WINDOWS\privacy_danger folder moved successfully.
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta42 fix logfile created on 02022008_204218

HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:49:33 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Programs\Zboard\Zboard.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CABOOSE\Desktop\HJT\Removal.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zboard] E:\Programs\Zboard\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Attached Files

WinPFind35.Txt 51.68KB 138 downloads

#14
Rorschach112

Posted 03 February 2008 - 07:53 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also tell me how your PC is running

#15
Caboose04

Posted 04 February 2008 - 11:27 PM

New Member

Topic Starter
Member
9 posts

Hello sorry to so long to reply but was a bit busy here is the scan log it didnt find anything ^-^ and the computer is running good as far as I know.
Thanks for the help just let me know if there is anything else I should do i hope my donation is good enough

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/04/2008 at 08:58 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:27:15

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 6568
Registry threats detected : 0
File items scanned : 53883
File threats detected : 0

Edited by Caboose04, 04 February 2008 - 11:32 PM.