Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

gomyhit.com and other spyware issues


  • Please log in to reply

#1
remodelyou

remodelyou

    New Member

  • Member
  • Pip
  • 9 posts
Hope you can help. I started having major issues on March 7,2008 and have ran many different spyware and antivirus programs since, including spybot, adaware, avg, avast, Kapersky, panda, malwarebytes and others. Nothing has picked up much, if anything, and the problem still exists. Issues are spyware warning pop-ups including privacypctoll.com, gomyhit.com., stopzilla etc. When opening an internet browser 3 or 4 windows pop up with these sites. Eventually, my home page will load but only after several minutes. When searching google, i click a link and it takes me to a site irrelevant to what i clicked on. Basic computer function is miserably slow or crashes and reboots without warning. The first time I ran malwarebytes antivirus it found 4 infections but said it failed to remove them. The second time i ran it they were not found. I am attaching 4 logs for you to review (Hijackthis, Hijackthis uninstall log, Combofix, and malwarebytes) for your review. Thanks in advance for any help that you can provide.


ComboFix 08-04-20.2 - KC1 2008-04-20 17:21:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.179 [GMT -4:00]
Running from: C:\Documents and Settings\KC1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KC1\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3dxofo.dll . . . . failed to delete
.
---- Previous Run -------
.
C:\WINDOWS\system32\d3dxofo.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xjsjcevf
-------\Legacy_xjsjcevf
-------\xjsjcevf
-------\Legacy_XJSJCEVF
-------\Service_xjsjcevf


((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--- C:\Program Files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a--c--- C:\Program Files\ACMonitor_X73.exe
2008-04-20 16:36 . 2008-04-20 16:27 401,720 --a------ C:\Program Files\HiJackThis[1].exe
2008-04-20 09:24 . 2008-04-20 09:24 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Malwarebytes
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:52 . 2008-04-19 15:52 <DIR> d-------- C:\csscod
2008-04-13 08:42 . 2008-04-13 08:42 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-13 08:41 . 2008-04-13 08:41 <DIR> d-------- C:\Program Files\MSECACHE
2008-04-06 17:55 . 2008-04-06 17:55 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-06 17:55 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-04-06 17:55 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-04-06 17:55 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-06 17:08 . 2008-04-20 17:38 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-04-05 20:53 . 2008-04-20 16:19 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Desktopicon
2008-04-05 20:52 . 2008-04-05 21:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-05 19:48 . 2008-04-13 08:53 <DIR> d-------- C:\Program Files\Panda Security
2008-04-03 00:18 . 2008-04-03 00:18 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-03 00:17 . 2008-04-11 21:05 6,490,880 --a------ C:\WINDOWS\system32\wtzpelos.dat
2008-03-31 21:35 . 2008-03-31 21:35 <DIR> d-------- C:\Program Files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 21:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 13:22 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 12:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-17 11:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-13 13:01 --------- d-----w C:\Program Files\Windows Defender
2008-04-13 12:58 --------- d-----w C:\Program Files\AceMoney
2008-04-13 12:55 --------- d-----w C:\Program Files\No Trace
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\KC1\Application Data\PC Tools
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-06 21:06 --------- d-----w C:\Program Files\METAFILE
2008-04-06 21:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 21:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 23:28 --------- d-----w C:\Program Files\Picasa2
2008-04-03 04:17 20,224 ----a-w C:\WINDOWS\system32\drivers\noaqtndc.dat
2008-04-03 03:18 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 23:50 --------- d-----w C:\Program Files\RegistryFix
2008-03-29 23:50 --------- d-----w C:\Program Files\SpiralFrog
2008-03-25 02:37 --------- d-----w C:\Documents and Settings\KC1\Application Data\IObit
2008-03-25 02:36 --------- d-----w C:\Program Files\IObit
2008-03-13 05:17 --------- d-----w C:\Program Files\PC Check-up
2008-03-12 01:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-05 16:02 --------- d-----w C:\Program Files\Google
2008-02-23 02:47 --------- d-----w C:\Program Files\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\KC1\Application Data\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\KC1\Application Data\GTek
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-23 02:38 43,872 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-17 16:46 5,632 -csha-w C:\Program Files\Thumbs.db
2007-11-30 00:05 78,896 -c--a-w C:\Documents and Settings\KC3\Application Data\GDIPFONTCACHEV1.DAT
2007-09-11 03:09 78,896 -c--a-w C:\Documents and Settings\KC2\Application Data\GDIPFONTCACHEV1.DAT
2007-08-30 18:06 842,726 -c--a-w C:\Documents and Settings\KC1\JNativeCpp.dll
2007-08-30 18:06 417,792 -c--a-w C:\Documents and Settings\KC1\UDLL.dll
2007-08-07 02:51 178,122 -c--a-w C:\Program Files\esshopdg.exe
2007-08-07 02:51 150,198 -c--a-w C:\Program Files\shopdesg.hlp
2007-07-06 00:47 27,353 -c--a-w C:\Program Files\DeIsL2.isu
2007-06-15 11:31 78,896 -c--a-w C:\Documents and Settings\KC1\Application Data\GDIPFONTCACHEV1.DAT
2006-01-14 00:24 563,712 -c--a-w C:\Documents and Settings\KC1\370_gotomypc.exe
2004-12-16 01:07 27,624 -c--a-w C:\Program Files\DeIsL1.isu
2003-06-07 01:25 2,448,567 -c--a-w C:\Program Files\4th.zip
2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB
2001-05-08 20:36 114,688 -c--a-w C:\Program Files\lxarscan.dll
2001-04-23 18:22 1,437 -c--a-w C:\Program Files\gtx73.ini
1997-03-14 20:03 3,539,968 -c--a-w C:\Program Files\3dhadl32.exe
1997-03-11 16:52 138,016 -c--a-w C:\Program Files\furnlib.lbf
1997-02-06 13:55 20,224 -c--a-w C:\Program Files\README.WRI
1997-01-29 18:25 9,545 -c--a-w C:\Program Files\SYMBLIB.LBS
1997-01-22 15:49 5,590 -c--a-w C:\Program Files\Profilem.pl1
1997-01-22 15:36 31,937 -c--a-w C:\Program Files\FIXTLIB.LBA
1997-01-20 20:49 59,264 -c--a-w C:\Program Files\ERROR.INT
1997-01-20 20:39 8,131 -c--a-w C:\Program Files\MATERIAL.DAT
1997-01-10 21:05 224,037 -c--a-w C:\Program Files\3DHOME.HLP
1996-11-08 20:14 42,496 -c--a-w C:\Program Files\SPAWNIT.EXE
1996-07-22 05:58 5,775,692 -c--a-w C:\Program Files\VOLUME1.L3F
1996-07-22 03:53 73,935 -c--a-w C:\Program Files\VOLUME1.LBF
1996-05-20 15:01 59,976 -c--a-w C:\Program Files\SAMPLE.PL1
1996-05-20 15:01 50,396 -c--a-w C:\Program Files\SAMPLE.PL2
1996-05-20 15:01 2,224 -c--a-w C:\Program Files\SAMPLE.PL3
1996-05-20 15:01 12,518 -c--a-w C:\Program Files\SAMPLE.PL0
1996-05-14 22:34 30 -c--a-w C:\Program Files\SPAWNIT.INI
1996-05-10 22:11 563,200 -c--a-w C:\Program Files\SS32D25.DLL
1996-05-09 20:47 328 -c--a-w C:\Program Files\3DHOME.CNT
1996-04-12 20:20 39,133 -c--a-w C:\Program Files\TUTORIAL.PL1
1996-04-12 20:20 3,108 -c--a-w C:\Program Files\TUTORIAL.PL3
1996-04-12 20:20 13,774 -c--a-w C:\Program Files\TUTORIAL.PL2
1996-04-12 20:19 5,132 -c--a-w C:\Program Files\PROFILE.PL1
1996-04-10 16:04 5,668 -c--a-w C:\Program Files\TUTORIAL.PL0
1995-11-10 09:10 7,616 -c--a-w C:\Program Files\SUPERPRO.DLL
1994-10-13 16:04 3,575,476 -c--a-w C:\Program Files\FURNLIB.L3F
1994-10-12 06:21 766 -c--a-w C:\Program Files\TIPS.ICO
1994-10-12 00:38 1,002,840 -c--a-w C:\Program Files\FIXTLIB.L3A
1993-08-28 18:19 23,080 -c--a-w C:\Program Files\FIXTOLD.PLB
1993-08-28 18:18 26,742 -c--a-w C:\Program Files\FURNOLD.PLB
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 49,152 2004-05-25 13:16:56 C:\Program Files\Brother\Brmfl04a\bak\BrStDvPt.exe
------w 49,152 2004-05-25 14:16:56 C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

-c--a-w 185,632 2007-08-17 23:41:00 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-r 155,648 2003-10-14 14:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

-c--a-w 68,856 2007-05-16 02:03:58 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

-c--a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

-c--a-w 63,048 2007-04-17 18:03:50 C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe

-c--a-w 40,960 2004-04-14 19:04:12 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe

-c--a-w 57,393 2004-04-14 18:46:50 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe

-c--a-w 163,128 2007-10-15 18:38:38 C:\Program Files\SpiralFrog\bak\Spiralfrog.exe

-c--a-w 1,460,560 2007-08-31 21:46:28 C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe
--sha-r 2,097,488 2008-01-28 16:43:40 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

-c--a-w 1,458,176 2008-01-16 14:43:16 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe

-c--a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe
----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\MSASCui.exe

-c--a-w 204,288 2006-10-19 01:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe

-c--a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 143,360 2002-07-17 11:59:48 C:\WINDOWS\system32\bak\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A67FF0-C935-411F-AF76-2D17DE41F24A}]
2008-04-20 09:30 88064 --a------ C:\WINDOWS\system32\cnxtsdki.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8D8879-2A87-4236-9B8B-81AEE76C4DAF}]
2008-04-20 17:28 82944 --a------ c:\windows\system32\d3dxofo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"AccountLogon"="C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe" [2003-06-24 22:32 470016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 18:23 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccountLogon]
--a--c--- 2003-06-24 22:32 470016 C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"awhost32"=2 (0x2)
"iPod Service"=3 (0x3)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gusvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys [2005-07-04 08:52]
R0 ytlquzfk;ytlquzfk;C:\WINDOWS\system32\drivers\noaqtndc.dat []
R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 22:01]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe [2004-10-07 10:42]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 22:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S1 $sys$crater;$sys$crater;C:\WINDOWS\system32\$sys$filesystem\crater.sys [2005-07-04 06:51]
S3 $sys$lim;$sys$lim;C:\WINDOWS\system32\$sys$filesystem\lim.sys [2005-07-14 05:51]
S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 21:07:28 C:\WINDOWS\Tasks\AWC AutoCare.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-20 21:36:11 C:\WINDOWS\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-04-20 00:29:26 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-14 03:41:00 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-20 21:37:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-18 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 17:37:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytlquzfk]
"ImagePath"="system32\drivers\noaqtndc.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2008-04-20 17:48:41 - machine was rebooted [KC1]
ComboFix-quarantined-files.txt 2008-04-20 21:48:15
ComboFix2.txt 2008-04-06 15:55:33

Pre-Run: 22,493,925,376 bytes free
Post-Run: 22,492,196,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

287 --- E O F --- 2008-04-20 14:39:25





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:41 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\KC1\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00A67FF0-C935-411F-AF76-2D17DE41F24A} - C:\WINDOWS\system32\cnxtsdki.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9B8D8879-2A87-4236-9B8B-81AEE76C4DAF} - c:\windows\system32\d3dxofo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O20 - Winlogon Notify: vckxxvij - C:\WINDOWS\SYSTEM32\d3dxofo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9276 bytes





3D Home Architect Deluxe
3D Pool Shark
A Sunday Snow Demo
AccountLogon
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advanced WindowsCare 3 Beta
Apple Software Update
ArcSoft Funhouse
AVG Anti-Spyware 7.5
Bookworm Deluxe 1.03
Broderbund Home Design 5.1
Brother MFL-Pro Suite
CardRd81
Carleton Sheets Property Analyzer
Carleton Sheets Property Manager
CCleaner (remove only)
CCScore
CheckIt Diagnostics
Clear Estimates v2
Command On Demand for Command Software
Conexant SoftK56 Modem(M)
CR2
DebtFree™ for Windows Personal 5.0h
EasyCleaner
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
E-Z Contact Book version 1.0.7.0
FinePixViewer Ver.3.2
Fireworks Desktop Theme
FUJIFILM USB Driver
Fujifilm USB MemoryCard ReaderWriter
GalleryPlayer Images
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HLPIndex
HLPPDOCK
HLPRFO
Home Plan Pro for Windows 95/98/00/ME/NT/XP
HomeGauge
HomeGauge3
HomeTech ADVANTAGE Cost Estimator 4.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
iDEN Packet Data Applet
ImageMixer VCD for FinePix
Intel Application Accelerator
Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
Logitech SetPoint
LogMeIn
Malwarebytes' Anti-Malware
Media Downloader
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Motorola Driver Installation
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
My Budget Planner - Version 1.7
MyBudgetPlanner
NASA World Wind 1.4
Norton Security Scan
Notifier
Office Manager Plus
OTtBP
OTtBPSDK
PaperPort
PC Tools AntiVirus4.0
PC-Checkup
Picasa 2
QuickBooks Customer Manager Version 2
QuickBooks Premier: Contractor Edition 2008
QuickTime
RealPlayer
Road Runner Medic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
SFR
SHASTA
SKIN0001
SKINXSDK
SoundMAX
Spanish Year 1 v1.50
Spelling Dictionaries Support For Adobe Reader 8
SpiralFrog Download Manager 0.8.23
Spybot - Search & Destroy
Spyware Doctor 5.5
Unlocker 1.8.6
Update for Windows XP (KB904942)
update to ONE
ViewSonic Monitor Drivers
Visual FoxPro ODBC Driver
Visual MP3 CD Burner 1.3
VPRINTOL
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Support Tools
Windows Workflow Foundation
WIRELESS





Malwarebytes' Anti-Malware 1.11
Database version: 661

Scan type: Quick Scan
Objects scanned: 36636
Time elapsed: 47 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello remodelyou

Welcome to G2Go. :)
=====================
First:

Download the sony drm uninstaller from Here
  • double click the XCP2 uninstall.exe
  • Let it run
  • reboot the computer when done (important)
================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

Driver::
ytlquzfk
File::
c:\windows\system32\d3dxofo.dll 
C:\WINDOWS\system32\wtzpelos.dat
C:\WINDOWS\system32\cnxtsdki.dll
C:\WINDOWS\system32\drivers\noaqtndc.dat 
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A67FF0-C935-411F-AF76-2D17DE41F24A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8D8879-2A87-4236-9B8B-81AEE76C4DAF}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytlquzfk]
Rootkit:
C:\WINDOWS\system32\drivers\noaqtndc.dat
AWF::
C:\Program Files\Brother\Brmfl04a\bak\BrStDvPt.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe
C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe
C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe
C:\Program Files\SpiralFrog\bak\Spiralfrog.exe
C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
C:\Program Files\Windows Defender\bak\MSASCui.exe
C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\igfxtray.exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#3
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran combofix and hijackthis once again. When starting hijack this, it cam up with an error screen with Error #5-Invalid Procedure Call or Argument. Below are the updated logs. Thanks for the quick respnse and for the help, of course.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:09 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8595 bytes




ComboFix 08-04-20.2 - KC1 2008-04-20 21:03:04.2 - NTFSx86
Running from: C:\Documents and Settings\KC1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KC1\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\cnxtsdki.dll
c:\windows\system32\d3dxofo.dll
C:\WINDOWS\system32\drivers\noaqtndc.dat
C:\WINDOWS\system32\wtzpelos.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cnxtsdki.dll
C:\WINDOWS\system32\d3dxofo.dll
C:\WINDOWS\system32\drivers\noaqtndc.dat
C:\WINDOWS\system32\wtzpelos.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XJSJCEVF
-------\Service_xjsjcevf
-------\Legacy_ytlquzfk
-------\Service_ytlquzfk


((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--- C:\Program Files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a--c--- C:\Program Files\ACMonitor_X73.exe
2008-04-20 18:31 . 2008-04-20 18:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 16:36 . 2008-04-20 16:27 401,720 --a------ C:\Program Files\HiJackThis[1].exe
2008-04-20 09:24 . 2008-04-20 09:24 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Malwarebytes
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:52 . 2008-04-19 15:52 <DIR> d-------- C:\csscod
2008-04-13 08:42 . 2008-04-13 08:42 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-13 08:41 . 2008-04-13 08:41 <DIR> d-------- C:\Program Files\MSECACHE
2008-04-06 17:55 . 2008-04-06 17:55 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-06 17:55 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-04-06 17:55 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-04-06 17:55 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-06 17:08 . 2008-04-20 20:53 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-04-05 20:53 . 2008-04-20 16:19 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Desktopicon
2008-04-05 20:52 . 2008-04-05 21:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-05 19:48 . 2008-04-13 08:53 <DIR> d-------- C:\Program Files\Panda Security
2008-04-03 00:18 . 2008-04-03 00:18 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-03-31 21:35 . 2008-03-31 21:35 <DIR> d-------- C:\Program Files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 01:15 --------- d-----w C:\Program Files\Windows Defender
2008-04-21 01:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-21 01:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 01:02 --------- d-----w C:\Program Files\SpiralFrog
2008-04-21 00:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 13:22 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 12:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-13 12:58 --------- d-----w C:\Program Files\AceMoney
2008-04-13 12:55 --------- d-----w C:\Program Files\No Trace
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\KC1\Application Data\PC Tools
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-06 21:06 --------- d-----w C:\Program Files\METAFILE
2008-04-06 21:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 23:28 --------- d-----w C:\Program Files\Picasa2
2008-04-03 03:18 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 23:50 --------- d-----w C:\Program Files\RegistryFix
2008-03-25 02:37 --------- d-----w C:\Documents and Settings\KC1\Application Data\IObit
2008-03-25 02:36 --------- d-----w C:\Program Files\IObit
2008-03-13 05:17 --------- d-----w C:\Program Files\PC Check-up
2008-03-12 01:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-05 16:02 --------- d-----w C:\Program Files\Google
2008-02-23 02:47 --------- d-----w C:\Program Files\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\KC1\Application Data\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\KC1\Application Data\GTek
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-23 02:38 43,872 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-17 16:46 5,632 -csha-w C:\Program Files\Thumbs.db
2007-11-30 00:05 78,896 -c--a-w C:\Documents and Settings\KC3\Application Data\GDIPFONTCACHEV1.DAT
2007-09-11 03:09 78,896 -c--a-w C:\Documents and Settings\KC2\Application Data\GDIPFONTCACHEV1.DAT
2007-08-30 18:06 842,726 -c--a-w C:\Documents and Settings\KC1\JNativeCpp.dll
2007-08-30 18:06 417,792 -c--a-w C:\Documents and Settings\KC1\UDLL.dll
2007-08-07 02:51 178,122 -c--a-w C:\Program Files\esshopdg.exe
2007-08-07 02:51 150,198 -c--a-w C:\Program Files\shopdesg.hlp
2007-07-06 00:47 27,353 -c--a-w C:\Program Files\DeIsL2.isu
2007-06-15 11:31 78,896 -c--a-w C:\Documents and Settings\KC1\Application Data\GDIPFONTCACHEV1.DAT
2006-01-14 00:24 563,712 -c--a-w C:\Documents and Settings\KC1\370_gotomypc.exe
2004-12-16 01:07 27,624 -c--a-w C:\Program Files\DeIsL1.isu
2003-06-07 01:25 2,448,567 -c--a-w C:\Program Files\4th.zip
2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB
2001-05-08 20:36 114,688 -c--a-w C:\Program Files\lxarscan.dll
2001-04-23 18:22 1,437 -c--a-w C:\Program Files\gtx73.ini
1997-03-14 20:03 3,539,968 -c--a-w C:\Program Files\3dhadl32.exe
1997-03-11 16:52 138,016 -c--a-w C:\Program Files\furnlib.lbf
1997-02-06 13:55 20,224 -c--a-w C:\Program Files\README.WRI
1997-01-29 18:25 9,545 -c--a-w C:\Program Files\SYMBLIB.LBS
1997-01-22 15:49 5,590 -c--a-w C:\Program Files\Profilem.pl1
1997-01-22 15:36 31,937 -c--a-w C:\Program Files\FIXTLIB.LBA
1997-01-20 20:49 59,264 -c--a-w C:\Program Files\ERROR.INT
1997-01-20 20:39 8,131 -c--a-w C:\Program Files\MATERIAL.DAT
1997-01-10 21:05 224,037 -c--a-w C:\Program Files\3DHOME.HLP
1996-11-08 20:14 42,496 -c--a-w C:\Program Files\SPAWNIT.EXE
1996-07-22 05:58 5,775,692 -c--a-w C:\Program Files\VOLUME1.L3F
1996-07-22 03:53 73,935 -c--a-w C:\Program Files\VOLUME1.LBF
1996-05-20 15:01 59,976 -c--a-w C:\Program Files\SAMPLE.PL1
1996-05-20 15:01 50,396 -c--a-w C:\Program Files\SAMPLE.PL2
1996-05-20 15:01 2,224 -c--a-w C:\Program Files\SAMPLE.PL3
1996-05-20 15:01 12,518 -c--a-w C:\Program Files\SAMPLE.PL0
1996-05-14 22:34 30 -c--a-w C:\Program Files\SPAWNIT.INI
1996-05-10 22:11 563,200 -c--a-w C:\Program Files\SS32D25.DLL
1996-05-09 20:47 328 -c--a-w C:\Program Files\3DHOME.CNT
1996-04-12 20:20 39,133 -c--a-w C:\Program Files\TUTORIAL.PL1
1996-04-12 20:20 3,108 -c--a-w C:\Program Files\TUTORIAL.PL3
1996-04-12 20:20 13,774 -c--a-w C:\Program Files\TUTORIAL.PL2
1996-04-12 20:19 5,132 -c--a-w C:\Program Files\PROFILE.PL1
1996-04-10 16:04 5,668 -c--a-w C:\Program Files\TUTORIAL.PL0
1995-11-10 09:10 7,616 -c--a-w C:\Program Files\SUPERPRO.DLL
1994-10-13 16:04 3,575,476 -c--a-w C:\Program Files\FURNLIB.L3F
1994-10-12 06:21 766 -c--a-w C:\Program Files\TIPS.ICO
1994-10-12 00:38 1,002,840 -c--a-w C:\Program Files\FIXTLIB.L3A
1993-08-28 18:19 23,080 -c--a-w C:\Program Files\FIXTOLD.PLB
1993-08-28 18:18 26,742 -c--a-w C:\Program Files\FURNOLD.PLB
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_17.46.36.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 21:33:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 01:13:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-07-17 11:59:48 143,360 -c--a-w C:\WINDOWS\system32\igfxtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"AccountLogon"="C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe" [2003-06-24 22:32 470016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 18:23 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccountLogon]
--a--c--- 2003-06-24 22:32 470016 C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a--c--- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"awhost32"=2 (0x2)
"iPod Service"=3 (0x3)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gusvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 22:01]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 22:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 21:07:28 C:\WINDOWS\Tasks\AWC AutoCare.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-21 01:14:12 C:\WINDOWS\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-04-21 00:00:13 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-14 03:41:00 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-21 01:18:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-18 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 21:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2008-04-20 21:28:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 01:27:48
ComboFix2.txt 2008-04-20 21:48:43
ComboFix3.txt 2008-04-06 15:55:33

Pre-Run: 22,480,871,424 bytes free
Post-Run: 22,493,274,112 bytes free

254 --- E O F --- 2008-04-20 14:39:25
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
============================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as an html document button:
  • Save the file to your desktop.
  • Attach that information in your next post.

  • 0

#5
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran the Kaspersky scan and attached the .html results. The computer seems to be improving but still slow to respond and having windows update issues when trying to install updates. Thanks.

Attached Files


  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok a little left to go and we will see about the othre issues.
=========================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\tr3ezy.exe 
    C:\Program Files\Hijackthis\backups
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
====================================
Also post a new Hijackthis log along with the rest of the logs.
  • 0

#7
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ran the 3 programs and below are the logs. I use PCTools antivirus and antispyware. Both keep getting disabled and windows security continues to pop up warning me. Thanks.


C:\WINDOWS\system32\tr3ezy.exe moved successfully.
C:\Program Files\Hijackthis\backups moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04222008_070348



Malwarebytes' Anti-Malware 1.11
Database version: 669

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 105408
Time elapsed: 2 hour(s), 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:11 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8968 bytes

Edited by remodelyou, 22 April 2008 - 05:45 PM.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

windows security continues to pop up warning me

Does this say updates are ready for your computer?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I have been getting the updates are ready window but it will not install them. The pop-up that i was referring to was that my computer bay be at risk due to my antivirus program being disabled. Below are logs. Thanks for your continued help.



Deckard's System Scanner v20071014.68
Run by KC1 on 2008-04-22 21:48:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-23 01:49:18 UTC - RP33 - Deckard's System Scanner Restore Point
2: 2008-04-22 22:06:44 UTC - RP32 - Software Distribution Service 3.0
1: 2008-04-22 21:45:22 UTC - RP31 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as KC1.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:03 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KC1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KC1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8893 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 P2k (Motorola iDEN P2k Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AwcService (Advanced WindowsCare Boost Service) - c:\program files\iobit\advanced windowscare 3 beta\awcservice.exe <Not Verified; IObit; >
R2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>

S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S4 UTSCSI (CLCV0) - c:\windows\system32\utscsi.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: USBSTOR\OTHER&VEN_\9&35A5B32&1&BROF6F219820&0
Manufacturer:
Name:
PNP Device ID: USBSTOR\OTHER&VEN_\9&35A5B32&1&BROF6F219820&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 20:00:11 408 --a------ C:\WINDOWS\Tasks\AWC Update.job
2008-04-22 17:02:13 402 --a------ C:\WINDOWS\Tasks\AWC AutoCare.job
2008-04-22 02:29:33 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-20 23:41:02 248 --a----c- C:\WINDOWS\Tasks\dfrg.job
2008-04-20 21:14:12 396 --a------ C:\WINDOWS\Tasks\AWC AutoSweep.job
2008-04-18 15:00:00 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2100-02-23 14:35:34 768 --a----c- C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a----c- C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2008-04-20 22:24:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 22:24:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 22:07:54 0 d-------- C:\WINDOWS\LastGood
2008-04-20 18:31:49 0 d-------- C:\Program Files\Trend Micro
2008-04-20 18:23:36 0 dr-h----- C:\Documents and Settings\KC1\Recent
2008-04-20 17:17:37 0 d-------- C:\cmdcons
2008-04-20 17:14:43 68096 --a------ C:\WINDOWS\zip.exe
2008-04-20 17:14:43 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-20 17:14:43 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-20 17:14:43 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-20 17:14:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-20 17:14:43 98816 --a------ C:\WINDOWS\sed.exe
2008-04-20 17:14:43 80412 --a------ C:\WINDOWS\grep.exe
2008-04-20 17:14:43 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-20 08:18:47 0 d-------- C:\Documents and Settings\KC1\Application Data\Malwarebytes
2008-04-20 08:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 08:18:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 15:52:12 0 d-------- C:\csscod
2008-04-13 08:42:16 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-13 08:41:12 0 d-------- C:\Program Files\MSECACHE
2008-04-07 08:03:37 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-06 17:55:52 0 d-------- C:\Program Files\Common Files\PC Tools
2008-04-06 17:08:27 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-04-05 20:53:05 0 d-------- C:\Documents and Settings\KC1\Application Data\Desktopicon
2008-04-05 19:48:01 0 d-------- C:\Program Files\Panda Security
2008-04-03 00:18:17 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-03-31 21:35:20 0 d-------- C:\Program Files\Enigma Software Group


-- Find3M Report ---------------------------------------------------------------

2008-04-22 06:36:25 0 d-------- C:\Program Files\LogMeIn
2008-04-20 21:15:47 0 d-------- C:\Program Files\Windows Defender
2008-04-20 21:15:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 21:15:46 0 d-------- C:\Program Files\SpiralFrog
2008-04-18 22:23:25 190208 --a------ C:\WINDOWS\system32\eysadxmt.dat
2008-04-18 08:07:47 0 d-------- C:\Program Files\Spyware Doctor
2008-04-13 08:58:29 0 d-------- C:\Program Files\AceMoney
2008-04-13 08:55:11 0 d-------- C:\Program Files\No Trace
2008-04-11 21:05:41 35584 --a------ C:\WINDOWS\system32\klehktju.dat
2008-04-11 21:05:41 36608 --a------ C:\WINDOWS\system32\gjmtikaz.dat
2008-04-06 17:58:27 0 d-------- C:\Documents and Settings\KC1\Application Data\PC Tools
2008-04-06 17:55:52 0 d-------- C:\Program Files\Common Files
2008-04-06 17:06:33 0 d-------- C:\Program Files\METAFILE
2008-04-06 17:04:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 19:28:29 0 d-------- C:\Program Files\Picasa2
2008-04-03 00:17:39 42752 --a------ C:\WINDOWS\system32\pbrcyplq.dat
2008-04-02 23:18:35 0 d-------- C:\Program Files\Norton Security Scan
2008-04-02 00:08:48 638208 --a------ C:\WINDOWS\system32\dyihwyud.dat
2008-03-30 19:50:23 0 d-------- C:\Program Files\RegistryFix
2008-03-24 22:37:10 0 d-------- C:\Documents and Settings\KC1\Application Data\IObit
2008-03-24 22:36:58 0 d-------- C:\Program Files\IObit
2008-03-13 01:17:06 0 d-------- C:\Program Files\PC Check-up
2008-03-11 21:38:12 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-11 21:38:11 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-03-11 21:38:08 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-03-08 13:10:15 50 --a----c- C:\WINDOWS\system32\BRIDF04A.dat
2008-03-05 12:02:46 0 d-------- C:\Program Files\Google
2008-03-02 19:42:02 23392 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-03-02 19:41:28 0 d-------- C:\Program Files\Messenger
2008-02-22 22:47:08 0 d-------- C:\Program Files\iolo
2008-02-22 22:47:00 0 d-------- C:\Documents and Settings\KC1\Application Data\iolo
2008-02-22 22:45:50 0 d--h----- C:\Documents and Settings\KC1\Application Data\GTek
2008-02-17 12:46:39 5632 --ahs--c- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [03/05/2008 09:37 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"AccountLogon"="C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe" [06/24/2003 10:32 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/21/2007 06:23 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccountLogon]
C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"awhost32"=2 (0x2)
"iPod Service"=3 (0x3)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gusvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-04-22 21:53:21 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron™ CPU 1400MHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 509.98 MiB / 207.59 MiB
Pagefile Memory (total/avail): 1246.21 MiB / 911.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.65 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.22 GiB total, 20.84 GiB free.
D: is Removable (No Media)
E: is Fixed (FAT) - 0.05 GiB total, 0.04 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.22 GiB - C:
\PARTITION1 - MS-DOS V4 Huge - 47.06 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\wjview.exe"="C:\\WINDOWS\\system32\\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe"="C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe:*:Enabled:MP2P servent main executable"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\KC1\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEOFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\KC1
LOGONSERVER=\\HOMEOFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Support Tools;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KC1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KC1\LOCALS~1\Temp
USERDOMAIN=HOMEOFFICE
USERNAME=KC1
USERPROFILE=C:\Documents and Settings\KC1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

KC1 (admin)
KC2 (admin)
KC3
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Home Architect Deluxe --> C:\WINDOWS\uninst.exe -f"c:\program files\DeIsL2.isu"
3D Pool Shark --> C:\WINDOWS\unvise32.exe C:\Program Files\Cosmi\3D Pool Shark\uninstal.log
A Sunday Snow Demo --> C:\Program Files\A Sunday Snow Demo\Uninstall.exe
AccountLogon --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\ACCOUN~1\ACCOUN~1\Setup.exe /remove
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F9AE5C-4911-4B76-BC37-EAA5430797B8}\Setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bookworm Deluxe 1.03 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Broderbund Home Design 5.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A4D17B9E-1DE6-47FE-9AA2-A4D26AECD8AF}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
Carleton Sheets Property Analyzer --> C:\ToolKit\UNWISE.EXE C:\ToolKit\INSTALL.LOG
Carleton Sheets Property Manager --> C:\ToolKit\UNWISE.EXE C:\ToolKit\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Clear Estimates v2 --> MsiExec.exe /I{A19F14D1-1BFC-4291-B520-B6AA651C5937}
Command On Demand for Command Software --> rundll32 advpack.dll,LaunchINFSection C:\csscod\uninst.inf,DefaultUninstall
Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\hxfSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D8B155D
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DebtFree™ for Windows Personal 5.0h --> C:\DFWin\UNWISE.EXE C:\DFWin\INSTALL.LOG
E-Z Contact Book version 1.0.7.0 --> "C:\Documents and Settings\All Users\Start Menu\Programs\E-Z Contact Book\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Fireworks Desktop Theme --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Fujifilm USB MemoryCard ReaderWriter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F87F471C-66C0-4F70-B493-6E59E4D402E6} /l1033
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Home Plan Pro for Windows 95/98/00/ME/NT/XP --> "C:\Program Files\Home Plan Software\Home Plan Pro\Remove.exe" /U:"C:\Program Files\Home Plan Software\Home Plan Pro\Remove.log"
HomeGauge --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HomeGauge\Uninst.isu"
HomeGauge3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6782D13-837A-45D5-819D-E7AF2DBA736A}\setup.exe" -l0x9 -removeonly
HomeTech ADVANTAGE Cost Estimator 4.2 --> MsiExec.exe /X{4161D6A3-BB6B-4447-A540-2D2954E68881}
iDEN Packet Data Applet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C5C9DC0-AE08-11D1-AC1D-00C04FD736BC}\setup.exe"
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_2781a0d\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LogMeIn --> MsiExec.exe /I{06BBC7C8-42BD-4571-92AD-E50EE9963C41}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Downloader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61C3245C-40EF-4284-B59E-B1394BB47A6B}\Setup.exe"
MGI PhotoSuite 8.1 (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu" -c"C:\Program Files\MGI\PhotoSuite 8.1\CustomUninstall.dll"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Motorola Driver Installation --> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Budget Planner - Version 1.7 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MyBudgetPlanner\ST6UNST.LOG"
MyBudgetPlanner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12FC1931-EC4C-4884-93EA-7744B238A5B9}\Setup.exe"
NASA World Wind 1.4 --> "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Office Manager Plus --> C:\PROGRA~1\OFFICE~2\UNWISE.EXE C:\PROGRA~1\OFFICE~2\INSTALL.LOG
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC-Checkup --> "C:\WINDOWS\PC Check-up\uninstall.exe" "/U:C:\Program Files\PC Check-up\irunin.xml"
PC Tools AntiVirus4.0 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickBooks Customer Manager Version 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}\setup.exe" -l0x9
QuickBooks Premier: Contractor Edition 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="contractor" QBFULLNAME="QuickBooks Premier: Contractor Edition 2008" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Road Runner Medic --> MsiExec.exe /I{CB45878C-A914-440A-AEE9-C1653F46C90A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spanish Year 1 v1.50 --> C:\WINDOWS\uninst.exe -f"C:\Sofsource\Spanish Year 1\DeIsL1.isu"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpiralFrog Download Manager 0.8.23 --> MsiExec.exe /X{95738B44-49CF-4C62-A620-320F1007B14A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
update to ONE --> C:\PROGRA~1\OFFICE~2\UNWISE.EXE C:\PROGRA~1\OFFICE~2\INSTALL.LOG
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Visual FoxPro ODBC Driver --> MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168}
Visual MP3 CD Burner 1.3 --> "C:\Program Files\Visual MP3 CD Burner\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1451 / Error
Event Submitted/Written: 04/22/2008 02:29:29 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80004002, P2 endinstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type1449 / Error
Event Submitted/Written: 04/21/2008 02:35:38 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80004002, P2 endinstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type1446 / Error
Event Submitted/Written: 04/20/2008 09:21:10 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%HOMEOFFICE27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: HOMEOFFICE\KC1

Checkpoint ID: 1

Error Code: 0x8000ffff

Error description: Catastrophic failure

Event Record #/Type1445 / Error
Event Submitted/Written: 04/20/2008 09:21:10 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%HOMEOFFICE27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: HOMEOFFICE\KC1

Checkpoint ID: 1

Error Code: 0x80070005

Error description: Access is denied.

Event Record #/Type1438 / Warning
Event Submitted/Written: 04/20/2008 09:11:29 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15077 / Warning
Event Submitted/Written: 04/22/2008 09:52:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEOFFICE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEOFFICE27 can't undo changes that you allow.

For more information please see the following:
%HOMEOFFICE275

Scan ID: {430471AC-81B2-4673-8670-FF90201DE81F}

User: HOMEOFFICE\KC1

Name: %HOMEOFFICE271

ID: %HOMEOFFICE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEOFFICE276

Alert Type: %HOMEOFFICE278

Detection Type: 1.1.1593.02

Event Record #/Type15074 / Error
Event Submitted/Written: 04/22/2008 09:51:42 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

Event Record #/Type15067 / Error
Event Submitted/Written: 04/22/2008 05:02:05 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

Event Record #/Type15065 / Warning
Event Submitted/Written: 04/22/2008 09:11:01 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEOFFICE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEOFFICE27 can't undo changes that you allow.

For more information please see the following:
%HOMEOFFICE275

Scan ID: {56A87A3E-C33F-47F0-99AA-8FAC41479A71}

User: HOMEOFFICE\KC1

Name: %HOMEOFFICE271

ID: %HOMEOFFICE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEOFFICE276

Alert Type: %HOMEOFFICE278

Detection Type: 1.1.1593.02

Event Record #/Type14979 / Error
Event Submitted/Written: 04/21/2008 05:01:40 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'DESKTOP.INI' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.



-- End of Deckard's System Scanner: finished at 2008-04-22 21:53:21 ------------
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi the alerts are because the Antivirus is out of date.
You will need to update it manually.
It is showing as enabled in your log.
=========================
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\klehktju.dat
    C:\WINDOWS\system32\gjmtikaz.dat
    C:\WINDOWS\system32\pbrcyplq.dat
    C:\WINDOWS\system32\dyihwyud.dat
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============
Please uninstall all of these
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3


Then After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
====================
Post back one more Hijackthis log and the OT log please and let me know if everything is as it should be.
  • 0

Advertisements


#11
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the info. when I say it disables my antivirus the icon dissapears from the task bar. Even when I update it I still get the warninng. Windows updates will not install and my performance is extremely slow. Below are the results from the scans. Thanks again!


C:\WINDOWS\system32\klehktju.dat moved successfully.
C:\WINDOWS\system32\gjmtikaz.dat moved successfully.
C:\WINDOWS\system32\pbrcyplq.dat moved successfully.
C:\WINDOWS\system32\dyihwyud.dat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04232008_204334




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:32 AM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7624 bytes
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmmm that is strange it could be that it was damaged by the malware.
Try to reinstall it (the antivirus) and see if that fixes the problem.
============================================
Step 1
Are you getting a specific error message?
If so, go here and check it

http://v5.windowsupd...t.aspx?ln=en-us

If there is no error, go to step 2

Step 2

Start >Run, type
regsvr32 jscript.dll
<enter>

Try Windows Update. If it is still not working, then try this:

Start >Run, type
regsvr32 MSXML3.dll
<enter>

Try Windows Update. If it is still not working then lets try this:

step 3

Download and install the following

Windows scripting host 5.6 for Windows XP and Windows 2000
==========================
LEt me know if that helps out at all and we will go from there.
  • 0

#13
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The 1st microsoft link does not work so I didnt go any further. It comes up with error 404 file or directory not found. Please advise. Thanks!
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go ahead with the next steps please.
  • 0

#15
remodelyou

remodelyou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
None of the solutions worked. The first dcript did nothing. The updates would not even download. The second script allowed them to download but installation failed. Installed the scripting host and rebooted. Installation failed for all updates. Computer took about 6 minutes to fully load after the script install. Thanks again for everything.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP