Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm not sure what this is [CLOSED]

Started by Russell CCM , Apr 08 2008 01:35 PM

  • This topic is locked This topic is locked

#1
Russell CCM
Posted 08 April 2008 - 01:35 PM

Russell CCM

    Member

  • Member
  • PipPip
  • 13 posts
Hi there,
My apologises, I'm not sure if this is even the right topic to post this but i really hope someone can help me? I'm not really a computer wiz but I think I have a nasty virus on my computer and everything I try to do does not do anything. I've run Norton Anti virus and still - the problem is still there. I have a Dell and run on Windows XP. The problems are that the screen resolution has set itself on the lowest setting and I am unable to bring it back to normal in desktop properties (this affects the quality of pics and videos etc - the drop down menu only now has this setting. When I connect to the internet, after 1 minute it comes up with an error - "Internet Explorer has encountered a problem and needs to close" Internet Ad's are popping up allot too. The performance is very slow and when turning the computer off, certain files cannot utilise such as ccsvc Hst and ccPaa.
I've only been a member for 2 days but I've seen all the help you guys give and its fantastic! I'm completely lost and really need someone's help!!!!!!!!!
I'm typing this from another computer because I my computer would not allow me the time to write this! After reading on some topic's, I managed to do a DSS scan and this is what I got: (if this was I should have done??)
Please can someone guide me though this!!

Here are the results from the DSS scan!!!



Main.txt - Notepad


Deckard's System Scanner v20071014.68
Run by RUSSELL CLEWS on 2008-04-07 18:38:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
119: 2008-04-07 17:03:26 UTC - RP323 - Deckard's System Scanner Restore Point
118: 2008-04-05 21:31:21 UTC - RP322 - Removed Adobe Reader 8.1.2
117: 2008-04-05 20:18:42 UTC - RP321 - Removed BlackBerry Desktop Software 4.2.2.
116: 2008-04-05 11:09:11 UTC - RP320 - System Checkpoint
115: 2008-04-02 13:09:25 UTC - RP319 - System Checkpoint


-- First Restore Point --
1: 2008-03-21 19:42:19 UTC - RP205 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-07 18:40:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SYSTEM32\ElkCtrl.exe
C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rlvknlg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Documents and Settings\RUSSELL CLEWS\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: MetaProducts Inquiry Helper - {001165C1-A640-11D7-9FD9-0080481ADA61} - (no file)
O2 - BHO: (no name) - {07A8655B-E4A2-4DC9-A2AE-36CEBF7D9397} - C:\WINDOWS\SYSTEM32\efcBsSkl.dll
O2 - BHO: (no name) - {2B8B6ADF-735C-48BD-82AC-205BA67C05C5} - C:\WINDOWS\SYSTEM32\ljJyWOGW.dll
O2 - BHO: (no name) - {40EB561C-D156-491B-BCEF-A3822F4D8B7D} - C:\WINDOWS\SYSTEM32\qoMdEwxw.dll
O2 - BHO: superiorads browser optimizer - {43FC67B6-4C25-4afd-AE7A-9EF3E4587026} - C:\WINDOWS\SYSTEM32\sprt_ads.dll
O2 - BHO: (no name) - {4CDEF5CF-8D07-43C6-BFE6-DBB305693E44} - C:\WINDOWS\SYSTEM32\awtuuTjj.dll
O2 - BHO: (no name) - {4E2C556D-A9FB-4068-A98C-9449B1585B5A} - C:\WINDOWS\SYSTEM32\efcYRHwV.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\khfEUnLb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {D247FC72-5B57-4813-840E-D33F1FFE99FD} - C:\WINDOWS\SYSTEM32\rqRIASmM.dll
O2 - BHO: (no name) - {DEC6F488-E943-4165-B4F6-34F65DF24F46} - C:\WINDOWS\SYSTEM32\hgGxxxYo.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe" /devicetype:philips
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllInit
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://memberservices.tesco.net (HKCU)
O15 - Trusted Zone: https://register.tesco.net (HKCU)
O16 - DPF: NTLSignup () - https://register.tes...o/NTLSignup.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: bw+0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94328adf-bc87-44df-9037-5b02f866e8d3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O20 - Winlogon Notify: khfEUnLb - C:\WINDOWS\system32\khfEUnLb.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\SYSTEM32\rlls.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 24737 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 akshasp (Aladdin HASP Key) - c:\windows\system32\drivers\akshasp.sys <Not Verified; Aladdin Knowledge Systems; Aladdin HASP Function Device Driver>
S3 aksusb (Aladdin USB Key) - c:\windows\system32\drivers\aksusb.sys <Not Verified; Aladdin Knowledge Systems; Aladdin WDM Device Driver for USB Protection Devices>
S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\wn121txp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
S3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - c:\windows\system32\drivers\wpn111.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S2 RCSERVER (Remote Control Server) - "c:\program files\remote control\rcserver.exe" -service (file missing)
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8081918ED100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8081918ED100
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 22:30:56 572 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - RUSSELL CLEWS.job
2008-04-02 22:44:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-02 10:15:02 406 --ah----- C:\WINDOWS\Tasks\{B0691A6B-340D-4E0B-8C04-9B85F896C7EA}_RCLEWS_RUSSELL CLEWS.job


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 17:51:21 364544 --a------ C:\WINDOWS\system32\rlls.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2008-04-07 17:42:13 491 --ahs---- C:\WINDOWS\system32\oYxxxGgh.ini2
2008-04-07 17:41:52 315632 --a------ C:\WINDOWS\system32\hgGxxxYo.dll
2008-04-07 07:00:37 320 --ahs---- C:\WINDOWS\system32\edNTDcfe.ini2
2008-04-07 07:00:31 315616 --a------ C:\WINDOWS\system32\efcDTNde.dll
2008-04-07 00:19:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-06 22:20:51 0 d-------- C:\Program Files\Windows Sidebar
2008-04-06 22:20:50 0 d-------- C:\Program Files\Norton AntiVirus
2008-04-06 22:19:04 6379 --ahs---- C:\WINDOWS\system32\MmSAIRqr.ini2
2008-04-06 22:18:43 315616 --a------ C:\WINDOWS\system32\rqRIASmM.dll
2008-04-06 22:16:37 0 d-------- C:\Program Files\Symantec
2008-04-06 22:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 21:09:30 6531 --ahs---- C:\WINDOWS\system32\jjTuutwa.ini2
2008-04-06 21:09:23 315616 --a------ C:\WINDOWS\system32\awtuuTjj.dll
2008-04-06 14:35:18 6521 --ahs---- C:\WINDOWS\system32\wxwEdMoq.ini2
2008-04-06 14:35:09 315616 --a------ C:\WINDOWS\system32\qoMdEwxw.dll
2008-04-06 09:35:20 6403 --ahs---- C:\WINDOWS\system32\VwHRYcfe.ini2
2008-04-06 09:35:10 315616 --a------ C:\WINDOWS\system32\efcYRHwV.dll
2008-04-05 22:40:18 6430 --ahs---- C:\WINDOWS\system32\lkSsBcfe.ini2
2008-04-05 22:39:57 315616 --a------ C:\WINDOWS\system32\efcBsSkl.dll
2008-04-05 11:39:59 6605 --ahs---- C:\WINDOWS\system32\YJPpWvut.ini2
2008-04-05 11:39:49 315616 --a------ C:\WINDOWS\system32\tuvWpPJY.dll
2008-04-03 18:11:28 118784 --a------ C:\WINDOWS\system32\rlai.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2008-03-31 20:20:49 0 d-------- C:\OEMSettings
2008-03-31 20:02:53 6398 --ahs---- C:\WINDOWS\system32\WGOWyJjl.ini2
2008-03-31 20:02:45 315696 --a------ C:\WINDOWS\system32\ljJyWOGW.dll
2008-03-31 19:17:03 0 d-------- C:\Program Files\NETGEAR
2008-03-29 13:39:14 26800 --a------ C:\WINDOWS\system32\ljJCTNfC.dll
2008-03-29 13:35:32 26800 --a------ C:\WINDOWS\system32\tuvVLbBS.dll
2008-03-28 13:28:36 62976 --a------ C:\WINDOWS\system32\sprt_ads.dll
2008-03-22 22:37:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-22 22:37:16 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\Roxio
2008-03-22 22:21:05 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-22 22:14:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-22 21:51:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-22 21:47:55 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-22 21:27:07 6449 --ahs---- C:\WINDOWS\system32\RCIllUvw.ini2
2008-03-22 21:26:54 315616 --a------ C:\WINDOWS\system32\wvUllICR.dll
2008-03-22 20:45:35 0 d--hs---- C:\WINDOWS\ftpcache
2008-03-21 20:41:40 6880 --ahs---- C:\WINDOWS\system32\BcJkmnnn.ini2
2008-03-21 20:41:27 315552 --a------ C:\WINDOWS\system32\nnnmkJcB.dll
2008-03-21 20:32:14 26688 --a------ C:\WINDOWS\system32\khfEUnLb.dll
2008-03-18 23:20:33 1609728 --a------ C:\WINDOWS\system32\rlvknlg.exe <Not Verified; RelevantKnowledge; RelevantKnowledge>
2008-03-15 09:02:09 42428 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2008-03-14 20:39:28 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\BitTorrent
2008-03-14 20:39:10 0 d-------- C:\Program Files\DNA
2008-03-14 20:39:10 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\DNA
2008-03-10 21:30:03 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE


-- Find3M Report ---------------------------------------------------------------

2008-04-07 17:49:28 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\Skype
2008-04-07 07:00:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-06 22:26:10 0 d-------- C:\Program Files\Common Files
2008-04-05 21:33:47 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-31 20:21:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 10:08:44 40730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-29 09:02:30 0 d-------- C:\Program Files\Logitech
2008-03-29 08:59:53 0 d-------- C:\Program Files\dizzler
2008-03-27 20:15:02 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\Adobe
2008-03-26 22:33:15 0 d-------- C:\Program Files\btbb_wcm
2008-03-26 22:31:36 0 d-------- C:\Program Files\Yahoo!
2008-03-26 22:11:43 0 d-------- C:\Program Files\BT Home Hub
2008-03-24 17:54:38 0 d-------- C:\Program Files\LimeWire
2008-03-24 17:07:39 0 d-------- C:\Documents and Settings\RUSSELL CLEWS\Application Data\LimeWire
2008-03-22 21:51:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-15 10:51:55 0 d-------- C:\Program Files\The Mutual Rewards
2008-03-11 21:06:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-10 21:16:19 0 d-------- C:\Program Files\Sony Ericsson
2008-03-10 21:16:02 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-10 21:15:52 146 --a------ C:\WINDOWS\DelMR.bat
2008-03-10 20:31:36 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-10 20:22:26 0 d-------- C:\Program Files\Ahead
2008-03-10 20:17:33 0 d-------- C:\Program Files\Lavasoft
2008-03-03 20:41:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-24 13:05:30 0 d-------- C:\Program Files\Audacity
2008-02-24 12:45:32 0 d-------- C:\Program Files\Java
2008-02-09 16:27:01 0 d-------- C:\Program Files\Business Cards
2008-01-18 21:32:28 94215 --a------ C:\WINDOWS\hpqins09.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A8655B-E4A2-4DC9-A2AE-36CEBF7D9397}]
05/04/2008 22:40 315616 --a------ C:\WINDOWS\system32\efcBsSkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B8B6ADF-735C-48BD-82AC-205BA67C05C5}]
31/03/2008 20:02 315696 --a------ C:\WINDOWS\system32\ljJyWOGW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40EB561C-D156-491B-BCEF-A3822F4D8B7D}]
06/04/2008 14:35 315616 --a------ C:\WINDOWS\system32\qoMdEwxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FC67B6-4C25-4afd-AE7A-9EF3E4587026}]
28/03/2008 13:28 62976 --a------ C:\WINDOWS\system32\sprt_ads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CDEF5CF-8D07-43C6-BFE6-DBB305693E44}]
06/04/2008 21:09 315616 --a------ C:\WINDOWS\system32\awtuuTjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E2C556D-A9FB-4068-A98C-9449B1585B5A}]
06/04/2008 09:35 315616 --a------ C:\WINDOWS\system32\efcYRHwV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/04/2008 22:26 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
21/03/2008 20:32 26688 --a------ C:\WINDOWS\system32\khfEUnLb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D247FC72-5B57-4813-840E-D33F1FFE99FD}]
06/04/2008 22:18 315616 --a------ C:\WINDOWS\system32\rqRIASmM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEC6F488-E943-4165-B4F6-34F65DF24F46}]
07/04/2008 17:41 315632 --a------ C:\WINDOWS\system32\hgGxxxYo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [30/10/2003 09:06]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 04:59 C:\WINDOWS\BCMSMMSG.exe]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [26/08/2003 20:47]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [13/08/2003 11:27]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 02:01]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 08:56 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [28/07/2005 14:30]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [28/07/2005 14:02]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [28/07/2005 14:09]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 19:22]
"NBKeyScan"="C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe" [16/09/2005 17:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [20/09/2007 18:10]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [31/10/2007 11:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [15/11/2007 00:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 14:11]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [13/06/2006 06:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 04:42]
"spa_start"="C:\WINDOWS\system32\sprt_ads.dll" [28/03/2008 13:28]
"RelevantKnowledge"="C:\windows\system32\rlvknlg.exe" [18/03/2008 23:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [26/01/2008 02:47]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [07/02/2008 07:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [29/01/2006 14:11]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [18/01/2005 18:07]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/02/2007 18:35]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [16/09/2005 17:41]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [31/03/2008 19:58]

C:\Documents and Settings\RUSSELL CLEWS\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 10:00:00]
PowerReg Scheduler V3.exe [02/03/2004 18:02:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [01/12/2003 15:28:00]
DESKTOP.INI [03/09/2002 10:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [10/02/2006 08:56:20]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [21/04/2004 08:14:25]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [29/01/2006 14:11:43]
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe [23/10/2006 11:30:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\khfEUnLb.dll [21/03/2008 20:32 26688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfEUnLb]
khfEUnLb.dll 21/03/2008 20:32 26688 C:\WINDOWS\SYSTEM32\khfEUnLb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge]
C:\WINDOWS\system32\rlls.dll 07/04/2008 17:51 364544 C:\WINDOWS\SYSTEM32\rlls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\rlai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGxxxYo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-07 18:42:25 ------------


Extra.txt - Notepad



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511 MiB / 159.52 MiB
Pagefile Memory (total/avail): 1246.49 MiB / 835.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.71 GiB total, 87.61 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120M0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 111.71 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: Norton AntiVirus v15.5.0.23 (Symantec Corporation)
AV: Norton AntiVirus v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
"C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eSignal\\winsig.exe"="C:\\Program Files\\eSignal\\winsig.exe:*:Enabled:eSignal"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
"C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
"C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe"="C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe:*:Enabled:SatelliteTVforPC"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Real\\RealPlayer\\realplayer.exe"="C:\\Program Files\\Real\\RealPlayer\\realplayer.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Disabled:DXP SyncML Module"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\
  • 0

Advertisements

#2
Essexboy
Posted 08 April 2008 - 02:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like a bit of work here - so lets get at it :) This will be a big fix as I try to kill as much as possible. Therefore I recommend that you copy this post to a text file for reference


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {07A8655B-E4A2-4DC9-A2AE-36CEBF7D9397} - C:\WINDOWS\SYSTEM32\efcBsSkl.dll
O2 - BHO: (no name) - {2B8B6ADF-735C-48BD-82AC-205BA67C05C5} - C:\WINDOWS\SYSTEM32\ljJyWOGW.dll
O2 - BHO: (no name) - {40EB561C-D156-491B-BCEF-A3822F4D8B7D} - C:\WINDOWS\SYSTEM32\qoMdEwxw.dll
O2 - BHO: superiorads browser optimizer - {43FC67B6-4C25-4afd-AE7A-9EF3E4587026} - C:\WINDOWS\SYSTEM32\sprt_ads.dll
O2 - BHO: (no name) - {4CDEF5CF-8D07-43C6-BFE6-DBB305693E44} - C:\WINDOWS\SYSTEM32\awtuuTjj.dll
O2 - BHO: (no name) - {4E2C556D-A9FB-4068-A98C-9449B1585B5A} - C:\WINDOWS\SYSTEM32\efcYRHwV.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\khfEUnLb.dll
O2 - BHO: (no name) - {D247FC72-5B57-4813-840E-D33F1FFE99FD} - C:\WINDOWS\SYSTEM32\rqRIASmM.dll
O2 - BHO: (no name) - {DEC6F488-E943-4165-B4F6-34F65DF24F46} - C:\WINDOWS\SYSTEM32\hgGxxxYo.dll
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllInit
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O20 - Winlogon Notify: khfEUnLb - C:\WINDOWS\system32\khfEUnLb.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\SYSTEM32\rlls.dll
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

NEXT

@echo off
sc stop RCSERVER
sc delete RCSERVER
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\SYSTEM32\rlvknlg.exe
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\oYxxxGgh.ini2
C:\WINDOWS\system32\hgGxxxYo.dll
C:\WINDOWS\system32\edNTDcfe.ini2
C:\WINDOWS\system32\efcDTNde.dll
C:\WINDOWS\system32\MmSAIRqr.ini2
C:\WINDOWS\system32\rqRIASmM.dll
C:\WINDOWS\system32\jjTuutwa.ini2
C:\WINDOWS\system32\awtuuTjj.dll
C:\WINDOWS\system32\wxwEdMoq.ini2
C:\WINDOWS\system32\qoMdEwxw.dll
C:\WINDOWS\system32\VwHRYcfe.ini2
C:\WINDOWS\system32\efcYRHwV.dll
C:\WINDOWS\system32\lkSsBcfe.ini2
C:\WINDOWS\system32\efcBsSkl.dll
C:\WINDOWS\system32\YJPpWvut.ini2
C:\WINDOWS\system32\tuvWpPJY.dll
C:\WINDOWS\system32\rlai.dll
C:\WINDOWS\system32\WGOWyJjl.ini2
C:\WINDOWS\system32\ljJyWOGW.dll
C:\WINDOWS\system32\ljJCTNfC.dll
C:\WINDOWS\system32\tuvVLbBS.dll
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\pool.bin
C:\WINDOWS\system32\RCIllUvw.ini2
C:\WINDOWS\system32\wvUllICR.dll
C:\WINDOWS\system32\BcJkmnnn.ini2
C:\WINDOWS\system32\nnnmkJcB.dll
C:\WINDOWS\system32\khfEUnLb.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rightonadz
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

GETTING THERE

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix
  • 0

#3
Russell CCM
Posted 09 April 2008 - 02:20 AM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Essesboy,

I'm so grateful for your fast reply - you’re a top guy! I'm sorry to say - want you replied scares the crap out of me, it looks very complicated!! I have a question and pardon my ignorance! I’ve never fixed a problem like this before!

What do you mean:-

"Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {07A8655B-E4A2-4DC9-A2AE-36CEBF7D9397} - C:\WINDOWS\SYSTEM32\efcBsSkl.dll
O2 - BHO: (no name) - {2B8B6ADF-735C-48BD-82AC-205BA67C05C5} - C:\WINDOWS\SYSTEM32\ljJyWOGW.dll
O2 - BHO: (no name) - {40EB561C-D156-491B-BCEF-A3822F4D8B7D} - C:\WINDOWS\SYSTEM32\qoMdEwxw.dll
O2 - BHO: superiorads browser optimizer - {43FC67B6-4C25-4afd-AE7A-9EF3E4587026} - C:\WINDOWS\SYSTEM32\sprt_ads.dll
O2 - BHO: (no name) - {4CDEF5CF-8D07-43C6-BFE6-DBB305693E44} - C:\WINDOWS\SYSTEM32\awtuuTjj.dll
O2 - BHO: (no name) - {4E2C556D-A9FB-4068-A98C-9449B1585B5A} - C:\WINDOWS\SYSTEM32\efcYRHwV.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\khfEUnLb.dll
O2 - BHO: (no name) - {D247FC72-5B57-4813-840E-D33F1FFE99FD} - C:\WINDOWS\SYSTEM32\rqRIASmM.dll
O2 - BHO: (no name) - {DEC6F488-E943-4165-B4F6-34F65DF24F46} - C:\WINDOWS\SYSTEM32\hgGxxxYo.dll
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllInit
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O20 - Winlogon Notify: khfEUnLb - C:\WINDOWS\system32\khfEUnLb.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\SYSTEM32\rlls.dll
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

"What is Hijack this???

Thanks again for your help!
Russ.
  • 0

#4
Essexboy
Posted 09 April 2008 - 01:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah right no need to worry I will take this as slowly as you like

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan button. It will scan and a screen will open with checkboxes to the left of the file number.

Do the above download and install

Then check the boxes next to the lines I have indicated

The registry warning is normal as this fix will be applicable to your system and problem alone, as it was designed for you - anyone else using it may corrupt their system

At any stage when you are unsure then stop and post back. I will get to you as soon as I am online :)
  • 0

#5
Russell CCM
Posted 10 April 2008 - 12:05 PM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Essexboy,

Thanks for the reply. I downloaded Hijackthis and did the scan. Only 2 of the lines out of the all the lines you asked me to check where there! They were:

04 - HKLM\..\RUN: [spa_start] c:\WINDOWS\System32\Rundll32.exe
and
023 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe

Here is the log. It have selected the two above check boxes and clicked in "Fix Checked"

What should I do next?

Regards

Russ.

Here was the result from the HiJackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:25, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe" /devicetype:philips
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll" DllInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: bw+0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 22724 bytes
  • 0

#6
Essexboy
Posted 10 April 2008 - 01:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Good Russ :) . Now do the next steps one at a time and if you are unsure, or hit a problem post back OK :)

@echo off
sc stop RCSERVER
sc delete RCSERVER
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\SYSTEM32\rlvknlg.exe
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\oYxxxGgh.ini2
C:\WINDOWS\system32\hgGxxxYo.dll
C:\WINDOWS\system32\edNTDcfe.ini2
C:\WINDOWS\system32\efcDTNde.dll
C:\WINDOWS\system32\MmSAIRqr.ini2
C:\WINDOWS\system32\rqRIASmM.dll
C:\WINDOWS\system32\jjTuutwa.ini2
C:\WINDOWS\system32\awtuuTjj.dll
C:\WINDOWS\system32\wxwEdMoq.ini2
C:\WINDOWS\system32\qoMdEwxw.dll
C:\WINDOWS\system32\VwHRYcfe.ini2
C:\WINDOWS\system32\efcYRHwV.dll
C:\WINDOWS\system32\lkSsBcfe.ini2
C:\WINDOWS\system32\efcBsSkl.dll
C:\WINDOWS\system32\YJPpWvut.ini2
C:\WINDOWS\system32\tuvWpPJY.dll
C:\WINDOWS\system32\rlai.dll
C:\WINDOWS\system32\WGOWyJjl.ini2
C:\WINDOWS\system32\ljJyWOGW.dll
C:\WINDOWS\system32\ljJCTNfC.dll
C:\WINDOWS\system32\tuvVLbBS.dll
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\pool.bin
C:\WINDOWS\system32\RCIllUvw.ini2
C:\WINDOWS\system32\wvUllICR.dll
C:\WINDOWS\system32\BcJkmnnn.ini2
C:\WINDOWS\system32\nnnmkJcB.dll
C:\WINDOWS\system32\khfEUnLb.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rightonadz
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

GETTING THERE

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix
  • 0

#7
Russell CCM
Posted 10 April 2008 - 03:08 PM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok mate,

Ive run the OTmoveit, did what you suggested and the results are as follows:







File/Folder C:\WINDOWS\SYSTEM32\rlvknlg.exe not found.
File/Folder C:\WINDOWS\system32\rlls.dll not found.
C:\WINDOWS\system32\oYxxxGgh.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGxxxYo.dll
C:\WINDOWS\system32\hgGxxxYo.dll NOT unregistered.
C:\WINDOWS\system32\hgGxxxYo.dll moved successfully.
C:\WINDOWS\system32\edNTDcfe.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDTNde.dll
C:\WINDOWS\system32\efcDTNde.dll NOT unregistered.
C:\WINDOWS\system32\efcDTNde.dll moved successfully.
C:\WINDOWS\system32\MmSAIRqr.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRIASmM.dll
C:\WINDOWS\system32\rqRIASmM.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqRIASmM.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\jjTuutwa.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtuuTjj.dll
C:\WINDOWS\system32\awtuuTjj.dll NOT unregistered.
C:\WINDOWS\system32\awtuuTjj.dll moved successfully.
C:\WINDOWS\system32\wxwEdMoq.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMdEwxw.dll
C:\WINDOWS\system32\qoMdEwxw.dll NOT unregistered.
C:\WINDOWS\system32\qoMdEwxw.dll moved successfully.
C:\WINDOWS\system32\VwHRYcfe.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcYRHwV.dll
C:\WINDOWS\system32\efcYRHwV.dll NOT unregistered.
C:\WINDOWS\system32\efcYRHwV.dll moved successfully.
File/Folder C:\WINDOWS\system32\lkSsBcfe.ini2 not found.
File/Folder C:\WINDOWS\system32\efcBsSkl.dll not found.
C:\WINDOWS\system32\YJPpWvut.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvWpPJY.dll
C:\WINDOWS\system32\tuvWpPJY.dll NOT unregistered.
C:\WINDOWS\system32\tuvWpPJY.dll moved successfully.
File/Folder C:\WINDOWS\system32\rlai.dll not found.
C:\WINDOWS\system32\WGOWyJjl.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJyWOGW.dll
C:\WINDOWS\system32\ljJyWOGW.dll NOT unregistered.
C:\WINDOWS\system32\ljJyWOGW.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJCTNfC.dll
C:\WINDOWS\system32\ljJCTNfC.dll NOT unregistered.
C:\WINDOWS\system32\ljJCTNfC.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvVLbBS.dll
C:\WINDOWS\system32\tuvVLbBS.dll NOT unregistered.
C:\WINDOWS\system32\tuvVLbBS.dll moved successfully.
File/Folder C:\WINDOWS\system32\sprt_ads.dll not found.
C:\WINDOWS\system32\pool.bin moved successfully.
C:\WINDOWS\system32\RCIllUvw.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvUllICR.dll
C:\WINDOWS\system32\wvUllICR.dll NOT unregistered.
C:\WINDOWS\system32\wvUllICR.dll moved successfully.
C:\WINDOWS\system32\BcJkmnnn.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnmkJcB.dll
C:\WINDOWS\system32\nnnmkJcB.dll NOT unregistered.
C:\WINDOWS\system32\nnnmkJcB.dll moved successfully.
File/Folder C:\WINDOWS\system32\khfEUnLb.dll not found.
File/Folder C:\WINDOWS\system32\rlvknlg.exe not found.
File/Folder C:\WINDOWS\system32\rightonadz not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_220517
  • 0

#8
Essexboy
Posted 10 April 2008 - 03:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK are you happy with the registry fix - if not continue on with combofix and I will approach the registry from a different direction
  • 0

#9
Russell CCM
Posted 11 April 2008 - 01:48 AM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi friend!

I have now done all you suggested but the combofix log window (in blue) has come up but nothing is in it. I've left it all night thinking it was scanning but this morning, still nothing. I was hoping to post it for your review! Any ideas? The screen resolution is still set to low and I'm still unable to increase it.

Regards
Russ
P.S: I want say thanks in advance for all your help - Your cool!!

"Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review"
  • 0

#10
Essexboy
Posted 11 April 2008 - 09:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a different analysis tool and go from there. This one will be quite large so you will need to attach it to your post - instructions at the end

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

Advertisements

#11
Russell CCM
Posted 11 April 2008 - 12:34 PM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi mate,

There you go. Will this tell you the problem?
Regards
Russ.

Attached Files


  • 0

#12
Russell CCM
Posted 11 April 2008 - 12:36 PM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It will not let me upload the Hijackthis file so I have copied and pasted the contents below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:25, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe" /devicetype:philips
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll" DllInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: bw+0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {94328ADF-BC87-44DF-9037-5B02F866E8D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 22724 bytes
  • 0

#13
Essexboy
Posted 11 April 2008 - 02:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep that helps :) During this fix I will be killing explorer so you may loose your desktop, icons and taskbar. I will then reboot your system :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfEUnLb.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> khfEUnLb -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {001165C1-A640-11D7-9FD9-0080481ADA61} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [MetaProducts Inquiry Helper]
YY -> {2536463C-A7C3-4EAB-AF46-F4AA8B9114CF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\pmnkICUm.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfEUnLb.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {6FC407C9-D009-4360-A39F-04E511AD001C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRIASmM.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {8d24faca-8ec6-3230-18f3-4cb2e937b6e5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll [superiorads browser optimizer]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmnkICUm.dll -> %SystemRoot%\SYSTEM32\pmnkICUm.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe [C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe:*:Enabled:ossproxy.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe [C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe]
[Files/Folders - Created Within 90 days]
NY -> BcJkmnnn.ini -> %SystemRoot%\System32\BcJkmnnn.ini
NY -> edNTDcfe.ini -> %SystemRoot%\System32\edNTDcfe.ini
NY -> jjTuutwa.ini -> %SystemRoot%\System32\jjTuutwa.ini
NY -> MmSAIRqr.ini -> %SystemRoot%\System32\MmSAIRqr.ini
NY -> MmSAIRqr.ini2 -> %SystemRoot%\System32\MmSAIRqr.ini2
NY -> MRT.INI -> %SystemRoot%\System32\MRT.INI
NY -> mUCIknmp.ini -> %SystemRoot%\System32\mUCIknmp.ini
NY -> mUCIknmp.ini2 -> %SystemRoot%\System32\mUCIknmp.ini2
NY -> onpooUtv.ini -> %SystemRoot%\System32\onpooUtv.ini
NY -> onpooUtv.ini2 -> %SystemRoot%\System32\onpooUtv.ini2
NY -> oYxxxGgh.ini -> %SystemRoot%\System32\oYxxxGgh.ini
NY -> pmnkICUm.dll -> %SystemRoot%\System32\pmnkICUm.dll
NY -> RCIllUvw.ini -> %SystemRoot%\System32\RCIllUvw.ini
NY -> rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe
NY -> superiorads-uninst.exe -> %SystemRoot%\System32\superiorads-uninst.exe
NY -> vtUoopno.dll -> %SystemRoot%\System32\vtUoopno.dll
NY -> VwHRYcfe.ini -> %SystemRoot%\System32\VwHRYcfe.ini
NY -> WGOWyJjl.ini -> %SystemRoot%\System32\WGOWyJjl.ini
NY -> wxwEdMoq.ini -> %SystemRoot%\System32\wxwEdMoq.ini
NY -> YJPpWvut.ini -> %SystemRoot%\System32\YJPpWvut.ini
NY -> {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll
NY -> {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe
[Files/Folders - Modified Within 90 days]
NY -> BcJkmnnn.ini -> %SystemRoot%\System32\BcJkmnnn.ini
NY -> edNTDcfe.ini -> %SystemRoot%\System32\edNTDcfe.ini
NY -> FxsTmp -> %SystemRoot%\System32\FxsTmp
NY -> jjTuutwa.ini -> %SystemRoot%\System32\jjTuutwa.ini
NY -> MmSAIRqr.ini -> %SystemRoot%\System32\MmSAIRqr.ini
NY -> MmSAIRqr.ini2 -> %SystemRoot%\System32\MmSAIRqr.ini2
NY -> MRT.INI -> %SystemRoot%\System32\MRT.INI
NY -> mUCIknmp.ini -> %SystemRoot%\System32\mUCIknmp.ini
NY -> mUCIknmp.ini2 -> %SystemRoot%\System32\mUCIknmp.ini2
NY -> onpooUtv.ini -> %SystemRoot%\System32\onpooUtv.ini
NY -> onpooUtv.ini2 -> %SystemRoot%\System32\onpooUtv.ini2
NY -> oYxxxGgh.ini -> %SystemRoot%\System32\oYxxxGgh.ini
NY -> pmnkICUm.dll -> %SystemRoot%\System32\pmnkICUm.dll
NY -> RCIllUvw.ini -> %SystemRoot%\System32\RCIllUvw.ini
NY -> rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe
NY -> vtUoopno.dll -> %SystemRoot%\System32\vtUoopno.dll
NY -> VwHRYcfe.ini -> %SystemRoot%\System32\VwHRYcfe.ini
NY -> WGOWyJjl.ini -> %SystemRoot%\System32\WGOWyJjl.ini
NY -> wxwEdMoq.ini -> %SystemRoot%\System32\wxwEdMoq.ini
NY -> YJPpWvut.ini -> %SystemRoot%\System32\YJPpWvut.ini
NY -> {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll
NY -> {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe
NY -> DelMR.bat -> %SystemRoot%\DelMR.bat
NY -> IadHide5.dll -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\IadHide5.dll
NY -> 56 C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\*.tmp
NY -> asmcache.dat -> C:\WINDOWS\Temp\asmcache.dat
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#14
Russell CCM
Posted 12 April 2008 - 04:29 AM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi mate,

I did as you asked everything went well except there was not notepad file generated this time?? What should I do? Anyway, here is the new hijack log. Also, upon reboot (restart) an Error message came up: Error loading RunDLL. ????

There where also 2 messages that came up when the system was closing down but it happened so quick, im sorry i was unable to read them:- something about hpqm and run: DLL!!

My apologises for not replying quicky this week - Its been touch to get the time but Im here all day today so look forward to speaking with you again mate.
Regards
Russ.

Attached Files


  • 0

#15
Russell CCM
Posted 12 April 2008 - 04:36 AM

Russell CCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry mate, one other thing, I was under the impression that I had Norton anivirus on my system but the Norton window keeps popping up saying: (please see attached:

I did buy the product over the phone but Norton tried to install this about 2 days before I became a Geekstogo member via remote access and could'nt!! Shall I call them and get my product key and run norton or will this upset our process? I want do anything until I here from you!
Regards
Russ.

Attached Thumbnails

  • Norton_window.JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP