Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Serial99 Help plz. Logs are posted

Started by nugent1 , Feb 10 2008 08:31 AM

  • Please log in to reply

#1
nugent1
Posted 10 February 2008 - 08:31 AM

nugent1

    Member

  • Member
  • PipPip
  • 12 posts
Followed the steps 2 days ago and thought my problems were solved until today when serial99 popped up in my address bar and had a pop up.
here are my logs from the steps


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:51 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\d2\D2Loader-1.11b.exe
C:\Program Files\Diablo II\D2Loader-1.11b.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp....p?showforum=169
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {470C6F7E-167B-4A5D-9B52-55A05F3B2C53} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {a4c4f4c1-3cc3-42b6-9834-de2121474adb} - C:\WINDOWS\system32\qdtgtjy.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix: http://www.serial99.com/?
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnoonm - pmnoonm.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6913 bytes







---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:17:54 PM 2/8/2008

+ Scan result:



C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\43.qit -> Adware.Mirar : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\81.qit -> Downloader.Agent.fjx : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\517.qit/Setup.exe -> Downloader.VB.bsa : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-16-55\4.qit -> Downloader.VB.cho : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\516.qit -> Downloader.Wimad.l : No action taken.
C:\Documents and Settings\Todd\Desktop\backups\backup-20071216-111611-195.dll -> Not-A-Virus.Adware.Agent : No action taken.
C:\WINDOWS\system32\nsu3B2.dll -> Not-A-Virus.Adware.Agent : No action taken.
C:\WINDOWS\system32\qdtgtjy.dll -> Not-A-Virus.Adware.Agent : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-16-55\2.qit/Mirar_VC_Setup_876932.exe -> Not-A-Virus.Adware.Mirar : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-16-55\3.qit/Mirar_VC_Setup_876932.exe -> Not-A-Virus.Adware.Mirar : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\523.qit/setup.exe -> Not-A-Virus.Adware.NewWeb : No action taken.
C:\Documents and Settings\Todd\Desktop\setup.exe -> Not-A-Virus.Adware.NewWeb : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\44.qit -> Not-A-Virus.Adware.TTC : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-16-55\1.qit -> Not-A-Virus.Adware.Virtumonde : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-16-55\5.qit -> Not-A-Virus.Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\gebxwus.dll -> Not-A-Virus.Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\pmnoonm.dll -> Not-A-Virus.Adware.Virtumonde : No action taken.
[256] C:\WINDOWS\system32\pmkjk.dll -> Not-A-Virus.Adware.Virtumonde : No action taken.
[872] C:\WINDOWS\system32\pmkjk.dll -> Not-A-Virus.Adware.Virtumonde : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\549.qit -> Not-A-Virus.Adware.WebHancer : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\3.qit -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\4.qit -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\11.qit -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\3.qit -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\4.qit -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\6.qit -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\16.qit -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\0.qit -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\13.qit -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\20.qit -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\7.qit -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\21.qit -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\1.qit -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\8.qit -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\3.qit -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\2.qit -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\6.qit -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\22.qit -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-50-05\0.qit -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\9.qit -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\27.qit -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\3.qit -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\4.qit -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\31.qit -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\32.qit -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\4.qit -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\10.qit -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\33.qit -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\11.qit -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\11.qit -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\35.qit -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\5.qit -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\36.qit -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\37.qit -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\38.qit -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\12.qit -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\5.qit -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\19.qit -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\39.qit -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\40.qit -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\6.qit -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\16.qit -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\44.qit -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\8.qit -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\17.qit -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\45.qit -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\18.qit -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\12.qit -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\46.qit -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\49.qit -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\5.qit -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\50.qit -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\52.qit -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\54.qit -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\0.qit -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\0.qit -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\1.qit -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\0.qit -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\19.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\20.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\07-01-2008-07-30-12\21.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\08-02-2008-09-38-28\14.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\25-12-2007-09-25-56\55.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Todd\Application Data\SpywareBot\Quarantine\30-12-2007-08-04-05\9.qit -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Administrator\Application Data\SpywareBot\Quarantine\24-12-2007-18-48-15\34.qit -> Trojan.Agent : No action taken.
C:\WINDOWS\system32\mm6\ncstdb33.exe -> Trojan.Pakes.bvs : No action taken.





SUPERAntiSpyware Scan Log
Generated 02/08/2008 at 03:53 PM

Application Version : 3.6.1000

Core Rules Database Version : 3398
Trace Rules Database Version: 1390

Scan type : Complete Scan
Total Scan Time : 01:19:38

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 5990
Registry threats detected : 27
File items scanned : 59884
File threats detected : 23

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}\InprocServer32
HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMNOONM.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}

Adware.Tracking Cookie
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-951131239-1798569983-2617620097-1006\Software\SpywareBot
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallDate
C:\Program Files\SpywareBot\DataBase.ref
C:\Program Files\SpywareBot\Launcher.exe
C:\Program Files\SpywareBot\license.rtf
C:\Program Files\SpywareBot\SpyCleaner.dll
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\SpywareBot\SpywareBot.url
C:\Program Files\SpywareBot\TCL.dll
C:\Program Files\SpywareBot\unins000.dat
C:\Program Files\SpywareBot\unins000.exe
C:\Program Files\SpywareBot\zlib.dll
C:\Program Files\SpywareBot
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\Uninstall SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot

Adware.Web Buying
HKU\S-1-5-21-951131239-1798569983-2617620097-1006\Software\WebBuying

Adware.WebBuying Assistant-Installer
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SPYWAREBOT\QUARANTINE\24-12-2007-18-48-15\33.QIT

Adware.webHancer
C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\SPYWAREBOT\QUARANTINE\07-01-2008-07-30-12\80.QIT

Trojan.Unclassified/FukuRuku
C:\DOCUMENTS AND SETTINGS\TODD\DESKTOP\BACKUPS\BACKUP-20071216-111611-178.DLL

Adware.WebBuying Assistant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP293\A0092259.DLL

Trojan.SearchTool
C:\WINDOWS\SYSTEM32\UPMEDIA\CONTENTTOOL.DLL
  • 0

Advertisements

#2
MoNsTeReNeRgY22
Posted 10 February 2008 - 10:24 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello and Welcome to Geeks to Go. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
For more information regarding this download, please visit this webpage: http://www.bleepingc...to-use-combofix
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
nugent1
Posted 13 February 2008 - 11:08 AM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I ran the combo fix and it did not produce a report. It rebooted my computer and that was it. here is the copy of hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:51 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\d2\D2Loader-1.11b.exe
C:\Program Files\Diablo II\D2Loader-1.11b.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp....p?showforum=169
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {470C6F7E-167B-4A5D-9B52-55A05F3B2C53} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {a4c4f4c1-3cc3-42b6-9834-de2121474adb} - C:\WINDOWS\system32\qdtgtjy.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix: http://www.serial99.com/?
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnoonm - pmnoonm.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6913 bytes
  • 0

#4
MoNsTeReNeRgY22
Posted 13 February 2008 - 08:27 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hi,

Can you look at the following location and see if its there?
C:\ComboFix.txt
  • 0

#5
nugent1
Posted 14 February 2008 - 10:15 AM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 08-02.05.3 - Todd 2008-02-12 13:51:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -6:00]
Running from: C:\Documents and Settings\Todd\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

This is the only file i could find.
  • 0

#6
MoNsTeReNeRgY22
Posted 14 February 2008 - 10:49 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

Well thats strange, but anyways lets continue.

Step 1
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp....p?showforum=169
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {470C6F7E-167B-4A5D-9B52-55A05F3B2C53} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: (no name) - {a4c4f4c1-3cc3-42b6-9834-de2121474adb} - C:\WINDOWS\system32\qdtgtjy.dll (file missing)
O13 - WWW Prefix: http://www.serial99.com/?
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O20 - Winlogon Notify: pmnoonm - pmnoonm.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 2
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 3
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Step 4
Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • 0

#7
nugent1
Posted 18 February 2008 - 08:11 AM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
All steps completed....
Awaiting further instructions


Deckard's System Scanner v20071014.68
Run by Todd on 2008-02-18 08:03:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-02-18 14:03:58 UTC - RP308 - Deckard's System Scanner Restore Point
15: 2008-02-18 13:59:10 UTC - RP307 - Installed Java™ 6 Update 4
14: 2008-02-18 13:47:24 UTC - RP306 - Removed J2SE Runtime Environment 5.0 Update 2
13: 2008-02-18 13:46:14 UTC - RP305 - Removed J2SE Runtime Environment 5.0 Update 6
12: 2008-02-18 13:45:16 UTC - RP304 - Removed J2SE Runtime Environment 5.0 Update 7


-- First Restore Point --
1: 2008-02-08 17:05:08 UTC - RP293 - Killing Serial99


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Todd.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:05, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Todd\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Todd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f538.mail....d=desrct02a54rr
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6176 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080218-073058-254 O2 - BHO: (no name) - {470C6F7E-167B-4A5D-9B52-55A05F3B2C53} - C:\WINDOWS\system32\pmkjk.dll (file missing)
backup-20080218-073058-317 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
backup-20080218-073058-346 O13 - WWW Prefix: http://www.serial99.com/?
backup-20080218-073058-431 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080218-073058-492 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080218-073058-499 O20 - Winlogon Notify: pmnoonm - pmnoonm.dll (file missing)
backup-20080218-073058-521 O2 - BHO: (no name) - {a4c4f4c1-3cc3-42b6-9834-de2121474adb} - C:\WINDOWS\system32\qdtgtjy.dll (file missing)
backup-20080218-073058-762 O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
backup-20080218-073058-771 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp....p?showforum=169

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 LXARScan (Lexmark X73 MFP Scanner) - c:\windows\system32\drivers\lxarscan.sys (file missing)
S3 DMSKSSRh - c:\docume~1\todd\locals~1\temp\dmskssrh.sys (file missing)
S3 TnIDriver - c:\docume~1\todd\locals~1\temp\tni3db.tmp (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

S4 NMIndexingService -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-18 07:50:56 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-02-14 16:33:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-08 09:37:36 486 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2008-02-08 09:29:41 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-01-11 03:00:00 486 --a------ C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job


-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2100-02-23 14:35:34 768 --a------ C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2008-02-14 18:20:59 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-14 12:06:32 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-14 12:03:17 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-14 12:03:17 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-14 10:25:55 0 d-------- C:\Documents and Settings\Todd\Application Data\BearShare
2008-02-14 10:25:50 0 d-------- C:\Program Files\BearShare Applications
2008-02-10 17:20:18 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-10 17:20:18 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-10 17:20:18 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-10 17:20:18 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-10 17:20:17 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-10 08:28:37 0 d-------- C:\Program Files\Trend Micro
2008-02-08 16:08:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-08 14:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-08 14:29:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-08 14:29:29 0 d-------- C:\Documents and Settings\Todd\Application Data\SUPERAntiSpyware.com
2008-02-08 14:28:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 11:33:12 0 d-------- C:\Documents and Settings\Todd\Application Data\Grisoft
2008-02-08 11:31:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-08 09:29:35 0 d-------- C:\Program Files\XoftSpySE
2008-02-08 08:10:44 2735 --a------ C:\WINDOWS\system32\upsnnsyh.dll
2008-02-08 08:07:55 2735 --a------ C:\WINDOWS\system32\qgerqheo.dll
2008-02-05 07:16:26 2733 --a------ C:\WINDOWS\system32\jmluoxse.dll
2008-02-05 07:13:32 2733 --a------ C:\WINDOWS\system32\vlhrkmuc.dll
2008-02-04 07:13:21 2735 --a------ C:\WINDOWS\system32\dqqbnvur.dll
2008-02-04 07:10:46 2735 --a------ C:\WINDOWS\system32\uoeufgwn.dll
2008-02-03 22:20:49 2735 --a------ C:\WINDOWS\system32\bgisrbat.dll
2008-02-03 22:17:59 2735 --a------ C:\WINDOWS\system32\wbmmdfcm.dll
2008-02-02 23:31:19 2735 --a------ C:\WINDOWS\system32\tlmlslos.dll
2008-02-02 23:25:42 2735 --a------ C:\WINDOWS\system32\wcbayuen.dll
2008-02-01 08:18:56 2735 --a------ C:\WINDOWS\system32\qpoopwpn.dll
2008-02-01 08:15:57 2735 --a------ C:\WINDOWS\system32\sjdaotym.dll
2008-01-31 07:17:29 2735 --a------ C:\WINDOWS\system32\acilvccp.dll
2008-01-31 07:12:28 2735 --a------ C:\WINDOWS\system32\kjixddlx.dll
2008-01-28 22:25:23 2735 --a------ C:\WINDOWS\system32\llxcodsp.dll
2008-01-27 18:26:37 2735 --a------ C:\WINDOWS\system32\oleqvdcj.dll
2008-01-27 18:20:37 2735 --a------ C:\WINDOWS\system32\phgqmfqh.dll
2008-01-26 11:41:46 0 d-------- C:\Program Files\Paint.NET
2008-01-26 11:20:04 0 d-------- C:\Program Files\MSBuild
2008-01-26 11:19:50 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-26 11:19:30 0 d-------- C:\Program Files\Reference Assemblies
2008-01-26 11:01:17 0 d-------- C:\Program Files\MSXML 6.0
2008-01-26 08:13:52 2735 --a------ C:\WINDOWS\system32\uniaeqjl.dll
2008-01-26 08:04:54 2735 --a------ C:\WINDOWS\system32\brfgphwp.dll
2008-01-25 08:20:00 0 d-------- C:\Program Files\Zeallsoft
2008-01-25 08:12:46 2735 --a------ C:\WINDOWS\system32\tbvrbqlf.dll
2008-01-25 08:03:46 2733 --a------ C:\WINDOWS\system32\tuxiohmm.dll
2008-01-24 11:34:30 2735 --a------ C:\WINDOWS\system32\qvdvfnlx.dll
2008-01-24 11:28:46 2735 --a------ C:\WINDOWS\system32\lhrxhmal.dll
2008-01-23 08:23:06 2735 --a------ C:\WINDOWS\system32\mdrhrakm.dll
2008-01-23 08:20:06 2735 --a------ C:\WINDOWS\system32\ehxmipie.dll
2008-01-22 08:17:18 2735 --a------ C:\WINDOWS\system32\jlitavtx.dll
2008-01-22 08:11:18 2735 --a------ C:\WINDOWS\system32\slliwbpl.dll
2008-01-21 08:13:34 2735 --a------ C:\WINDOWS\system32\bumoenje.dll
2008-01-21 08:10:42 2735 --a------ C:\WINDOWS\system32\rewwmcca.dll
2008-01-21 07:19:32 2733 --a------ C:\WINDOWS\system32\aifulyex.dll
2008-01-21 07:16:32 2735 --a------ C:\WINDOWS\system32\tuylmepi.dll
2008-01-21 07:10:31 2733 --a------ C:\WINDOWS\system32\jboqabre.dll
2008-01-21 07:09:57 2733 --a------ C:\WINDOWS\system32\hkdhbqbe.dll
2008-01-18 08:42:55 2733 --a------ C:\WINDOWS\system32\photcdci.dll
2008-01-18 08:39:55 2733 --a------ C:\WINDOWS\system32\fmfqhsax.dll
2008-01-18 08:37:32 2735 --a------ C:\WINDOWS\system32\tbhgptgy.dll


-- Find3M Report ---------------------------------------------------------------

2008-02-18 08:00:28 0 d-------- C:\Program Files\Java
2008-02-14 18:21:00 0 d-------- C:\Documents and Settings\Todd\Application Data\NCH Swift Sound
2008-02-14 18:20:57 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-14 17:24:52 0 d-------- C:\Program Files\d2
2008-02-14 14:51:49 0 d-------- C:\Program Files\Diablo II
2008-02-08 14:28:57 0 d-------- C:\Program Files\Common Files
2008-02-08 09:37:52 0 d-------- C:\Documents and Settings\Todd\Application Data\SpywareBot
2008-01-24 22:26:42 0 d-------- C:\Program Files\Pure Sudoku
2008-01-22 11:14:52 0 d-------- C:\Program Files\VCW VicMan's Photo Editor
2008-01-16 11:26:47 2733 --a------ C:\WINDOWS\system32\bribjwgk.dll
2008-01-16 11:26:46 2735 --a------ C:\WINDOWS\system32\kbpeovoa.dll
2008-01-16 11:24:05 2733 --a------ C:\WINDOWS\system32\jmmtrdna.dll
2008-01-15 08:11:43 2733 --a------ C:\WINDOWS\system32\yhoueftx.dll
2008-01-15 08:11:42 2733 --a------ C:\WINDOWS\system32\ddhnouaa.dll
2008-01-15 08:09:39 2735 --a------ C:\WINDOWS\system32\btmkglpp.dll
2008-01-13 08:09:44 2733 --a------ C:\WINDOWS\system32\cxpbqowc.dll
2008-01-13 08:03:44 2735 --a------ C:\WINDOWS\system32\bcbeeytv.dll
2008-01-13 08:01:22 2733 --a------ C:\WINDOWS\system32\ghnkjjvk.dll
2008-01-12 11:27:05 2735 --a------ C:\WINDOWS\system32\pdrhojor.dll
2008-01-12 11:24:05 2735 --a------ C:\WINDOWS\system32\twlnjicq.dll
2008-01-12 11:18:06 2735 --a------ C:\WINDOWS\system32\ueoqxxfo.dll
2008-01-12 11:13:22 0 d-------- C:\Program Files\Web Photo Album
2008-01-12 10:14:21 2735 --a------ C:\WINDOWS\system32\smkncnvj.dll
2008-01-11 11:22:17 2733 --a------ C:\WINDOWS\system32\hbcgdxfc.dll
2008-01-11 11:22:10 2735 --a------ C:\WINDOWS\system32\aqikjflt.dll
2008-01-11 11:15:43 2733 --a------ C:\WINDOWS\system32\rkriwhjb.dll
2008-01-11 08:07:01 2733 --a------ C:\WINDOWS\system32\uohctwoa.dll
2008-01-11 08:04:01 2735 --a------ C:\WINDOWS\system32\jwtejtue.dll
2008-01-10 08:00:41 2733 --a------ C:\WINDOWS\system32\qsahtplu.dll
2008-01-10 07:58:09 2735 --a------ C:\WINDOWS\system32\uggrgxim.dll
2008-01-09 23:46:18 2735 --a------ C:\WINDOWS\system32\yasboybv.dll
2008-01-08 23:10:23 2735 --a------ C:\WINDOWS\system32\fogntvla.dll
2008-01-08 11:54:33 0 d-------- C:\Program Files\Web Publish
2008-01-08 07:56:30 0 d-------- C:\Program Files\Publish It Lifestyle Edition
2008-01-08 07:37:52 0 d-------- C:\Program Files\Billiards
2008-01-08 07:12:53 2733 --a------ C:\WINDOWS\system32\pctsnhjm.dll
2008-01-08 07:10:22 2735 --a------ C:\WINDOWS\system32\cxcovbxw.dll
2008-01-07 14:37:44 35 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 12:37:09 102364 --a------ C:\WINDOWS\hpqins13.dat
2008-01-07 12:33:31 0 d-------- C:\Program Files\Hp
2008-01-07 12:28:56 0 d-------- C:\Program Files\Common Files\HP
2008-01-07 12:11:38 0 d-------- C:\Program Files\EasyPicture2Icon
2008-01-07 07:38:54 2735 --a------ C:\WINDOWS\system32\dohyyxud.dll
2008-01-07 07:33:11 2735 --a------ C:\WINDOWS\system32\hyrjselr.dll
2008-01-07 07:08:58 2733 --a------ C:\WINDOWS\system32\dsohnsuk.dll
2008-01-07 07:08:55 2735 --a------ C:\WINDOWS\system32\knjlpdbc.dll
2008-01-06 10:38:50 2735 --a------ C:\WINDOWS\system32\mnuedmgl.dll
2008-01-06 10:34:50 2735 --a------ C:\WINDOWS\system32\uawnslbr.dll
2008-01-03 17:33:18 2735 --a------ C:\WINDOWS\system32\bnxhucml.dll
2008-01-03 17:30:22 2735 --a------ C:\WINDOWS\system32\cmrhtaeh.dll
2008-01-03 14:27:17 2735 --a------ C:\WINDOWS\system32\kbedmssl.dll
2008-01-03 14:24:17 2733 --a------ C:\WINDOWS\system32\tnrggexh.dll
2008-01-02 11:55:45 2733 --a------ C:\WINDOWS\system32\hulrxpqe.dll
2008-01-02 11:53:22 2735 --a------ C:\WINDOWS\system32\ssvgyhif.dll
2007-12-31 21:31:54 2733 --a------ C:\WINDOWS\system32\ygngpdlx.dll
2007-12-31 21:31:53 2735 --a------ C:\WINDOWS\system32\syyyxlol.dll
2007-12-30 14:48:54 2735 --a------ C:\WINDOWS\system32\liuumjwy.dll
2007-12-30 14:45:54 2733 --a------ C:\WINDOWS\system32\dmqnooke.dll
2007-12-29 14:48:24 2735 --a------ C:\WINDOWS\system32\gicshifj.dll
2007-12-29 14:45:24 2735 --a------ C:\WINDOWS\system32\etkgiptm.dll
2007-12-28 14:46:07 2733 --a------ C:\WINDOWS\system32\ahuftxaq.dll
2007-12-28 14:43:08 2735 --a------ C:\WINDOWS\system32\hktnlayw.dll
2007-12-28 07:17:44 2733 --a------ C:\WINDOWS\system32\gdkcdqbd.dll
2007-12-28 07:14:44 2733 --a------ C:\WINDOWS\system32\qilxkmyn.dll
2007-12-25 18:26:03 2733 --a------ C:\WINDOWS\system32\sfkvwtxb.dll
2007-12-25 18:23:03 2733 --a------ C:\WINDOWS\system32\vsmoxeti.dll
2007-12-25 11:30:01 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-12-25 11:25:40 0 d-------- C:\Program Files\Firefly Studios
2007-12-25 11:23:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-24 18:07:23 2735 --a------ C:\WINDOWS\system32\hdbeagkp.dll
2007-12-24 18:04:14 2735 --a------ C:\WINDOWS\system32\kgokjdve.dll
2007-12-24 07:37:55 2735 --a------ C:\WINDOWS\system32\mvhkrysk.dll
2007-12-24 07:34:55 2733 --a------ C:\WINDOWS\system32\uwpjulds.dll
2007-12-24 07:28:56 2735 --a------ C:\WINDOWS\system32\dyjipkrp.dll
2007-12-24 07:26:16 2735 --a------ C:\WINDOWS\system32\klfauums.dll
2007-12-23 12:03:23 0 d-------- C:\Program Files\MacroVirus
2007-12-22 23:15:12 2735 --a------ C:\WINDOWS\system32\mubjhhof.dll
2007-12-22 23:12:13 2733 --a------ C:\WINDOWS\system32\ponfhtek.dll
2007-12-22 23:12:12 2735 --a------ C:\WINDOWS\system32\wqlewpcp.dll
2007-12-22 23:09:53 2735 --a------ C:\WINDOWS\system32\mlckeypr.dll
2007-12-20 17:10:20 2735 --a------ C:\WINDOWS\system32\dmdndwuu.dll
2007-12-20 17:07:18 2733 --a------ C:\WINDOWS\system32\eystrxdr.dll
2007-12-20 17:05:39 2735 --a------ C:\WINDOWS\system32\jslonkxl.dll
2007-12-20 17:05:35 2735 --a------ C:\WINDOWS\system32\vimtafap.dll
2007-12-16 12:09:41 18432 --a------ C:\Documents and Settings\Todd\Application Data\internaldb41.dat
2007-12-16 09:35:05 374 --a------ C:\Documents and Settings\Todd\Application Data\internaldb6334.dat
2007-12-16 09:25:44 555 --a------ C:\Documents and Settings\Todd\Application Data\internaldb8467.dat
2007-12-15 17:53:56 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-15 17:50:48 134 --a------ C:\n.bat
2007-12-15 17:44:25 194372 --a------ C:\WINDOWS\system32\adssitesuggest_uninstall.exe
2007-11-27 10:40:28 327680 --a------ C:\WINDOWS\system32\adssitesuggest.dll
2007-11-23 18:02:09 688128 --a------ C:\WINDOWS\system32\three.scr


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 02:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"=1
"NoRecentDocsMenu"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-02-18 08:06:12 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 382.48 MiB / 136.75 MiB
Pagefile Memory (total/avail): 919.64 MiB / 590.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.23 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 12.13 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - HTS424040M9AT00 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Todd\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JACSNIGHTMARE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Todd
LOGONSERVER=\\JACSNIGHTMARE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Todd\LOCALS~1\Temp
TMP=C:\DOCUME~1\Todd\LOCALS~1\Temp
USERDOMAIN=JACSNIGHTMARE
USERNAME=Todd
USERPROFILE=C:\Documents and Settings\Todd
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Todd (admin)
Jacqueline (admin)
Jullian (admin)
Gracie (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon mini260 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_mini260\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_mini260 /L0x0009
Canon mini260 User Registration --> C:\Program Files\Canon\IJEREG\mini260\UNINST.EXE
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CIF Dual-Mode Camera --> MsiExec.exe /X{857343AD-9A00-4287-BF8B-F65C9633CA0C}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVD Photo Slideshow Pro 7.80 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
Easy Picture2Icon 2.1 --> C:\Program Files\EasyPicture2Icon\uninst.exe
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Extreme Chess --> D:\EXTRE~16\Extreme\uninst.exe
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential 2.5 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll"
Insaniquarium Deluxe 1.0 --> C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Miss Spider --> C:\MISSSP~1\UNINST~1.EXE C:\MISSSP~1\INSTALL.LOG
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Muppet Babies Toyland Train --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compedia\muppets\Uninst.isu"
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove
Photo DVD Maker Professional 7.80 --> C:\Program Files\Photo DVD Maker Professional\uninst.exe
Pocket RAR documentation --> C:\Program Files\PocketRAR\uninstall.exe
Publish It Lifestyle Edition --> C:\PROGRA~1\PUBLIS~1\UNWISE.EXE C:\PROGRA~1\PUBLIS~1\INSTALL.LOG
Pure Sudoku 1.12 --> "C:\Program Files\Pure Sudoku\unins000.exe"
Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Search Suggestion Tool Adssite --> C:\WINDOWS\system32\adssitesuggest_uninstall.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
The Print Shop 22 --> MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Web Photo Album 1.1 --> "C:\Program Files\Web Photo Album\unins000.exe"
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0 --> C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2218 / Success
Event Submitted/Written: 02/18/2008 07:54:23 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2209 / Error
Event Submitted/Written: 02/18/2008 07:35:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner[1].exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2197 / Success
Event Submitted/Written: 02/14/2008 00:21:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2189 / Success
Event Submitted/Written: 02/14/2008 09:01:15 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2185 / Error
Event Submitted/Written: 02/12/2008 02:05:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application PaintDotNet.exe, version 3.22.2933.24445, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25132 / Error
Event Submitted/Written: 02/18/2008 07:50:38 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Lexmark X73 MFP Scanner service failed to start due to the following error:
%%2

Event Record #/Type25127 / Error
Event Submitted/Written: 02/18/2008 07:48:19 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type25124 / Error
Event Submitted/Written: 02/18/2008 07:48:19 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type25121 / Error
Event Submitted/Written: 02/18/2008 07:48:19 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type25118 / Error
Event Submitted/Written: 02/18/2008 07:48:19 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-02-18 08:06:12 ------------
  • 0

#8
MoNsTeReNeRgY22
Posted 18 February 2008 - 11:58 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#9
nugent1
Posted 18 February 2008 - 03:06 PM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok here ya go




VundoFix V6.7.8

Checking Java version...

Scan started at 14:16:31 2008-02-18

Listing files found while scanning....

No infected files were found.


Beginning removal...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafind...sp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6296 bytes
  • 0

#10
MoNsTeReNeRgY22
Posted 18 February 2008 - 06:39 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hi,

Before we continue, please do the following.

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\knjlpdbc.dll

Click on the submit button.

Please also do the same to the following two files.
C:\WINDOWS\system32\mnuedmgl.dll
C:\WINDOWS\system32\bnxhucml.dll

Please post the results of the scan in your next reply.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
  • 0

#11
nugent1
Posted 19 February 2008 - 09:27 AM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Jottie's was busy......

The first file was 0/30


File mnuedmgl.dll received on 02.19.2008 16:04:03 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/30 (3.34%)
Loading server information...
Your file is queued in position: 20.
Estimated start time is between 98 and 140 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 -
AntiVir 7.6.0.67 2008.02.19 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.19 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.19 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5548 2008.02.19 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2886 2008.02.19 -
Norman 5.80.02 2008.02.19 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 Generic.Malware
Rising 20.32.12.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.19 -
Additional information
File size: 2735 bytes
MD5: b4d51a819be654f3247840e2fe8bd773
SHA1: a2634ce53e828550055a541816c5c95c6d1ac983
PEiD: -
Prevx info: http://info.prevx.co...840E200FE8BD773


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas.









File bnxhucml.dll received on 02.19.2008 16:20:07 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: 32.
Estimated start time is between 101 and 145 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 -
AntiVir 7.6.0.67 2008.02.19 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.19 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.19 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5548 2008.02.19 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2886 2008.02.19 -
Norman 5.80.02 2008.02.19 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 Generic.Malware
Rising 20.32.12.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.19 -
Additional information
File size: 2735 bytes
MD5: b4d51a819be654f3247840e2fe8bd773
SHA1: a2634ce53e828550055a541816c5c95c6d1ac983
PEiD: -
Prevx info: http://info.prevx.co...840E200FE8BD773


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are
  • 0

#12
nugent1
Posted 19 February 2008 - 03:21 PM

nugent1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
SOrry....and here's my hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19, on 2008-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Todd\Desktop\Games\Newmh\d2hackmap_v2.10_lite\d2hackmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafind...sp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6334 bytes
  • 0

#13
MoNsTeReNeRgY22
Posted 19 February 2008 - 10:58 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

Step 1
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program that has an autoprotect feature on, uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should have an autoprotect feature on at a time.

Step 2
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#14
MoNsTeReNeRgY22
Posted 22 February 2008 - 12:42 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
In addition to the above, please also do the following.

I would like for you to download & run this file :> http://download.blee...m/sUBs/grab.exe

Grab.exe is an exploratory tool for troubleshooting ComboFix issues. What it'll do is search your machine for the C:\ComboFix folder & when found, will create a zip file comprising of files from the C:\ComboFix folder. This zipped file shall be named _sUBs-.zip & should be located on your Desktop.

I shall need for you to upload this file to > http://www.bleepingc...e.php?channel=4

Please let me know when you have uploaded the above file. Thanks.

Hopefully, from those files I can find out what went wrong with ComboFix.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP