Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible zango infection, dll.shfolder previously had problems [RESOLV

Started by fender3000 , Jun 28 2008 12:50 PM

  • This topic is locked This topic is locked

#1
fender3000
Posted 28 June 2008 - 12:50 PM

fender3000

    Member

  • Member
  • PipPip
  • 10 posts
Along with the onslaught of pop ups among other things, the topic description has what seems to be the main issues that i think zango software caused. I went through all of the steps and it did improve my computer, however it is still acting up. Everything worked except for the panda active scan. Thanks in advance for your assistance and time.


HERE IS MY HIJACK THIS LOG



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:03 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c38a784b-ff24-a1fa-55c4-e3aec3ee7d64} - {46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214674540312
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O20 - AppInit_DLLs: aupaaimr.dll nyyllnou.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12307 bytes







HERE IS MY HIJACK THIS UNINSTALL LIST




Adobe Flash Player ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
AIM Location Info
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Explorer
AOL Instant Messenger
AOL Spyware Protection
AOL Toolbar 2.0
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
Balloon Pop
BigFix
Blast Thru
Blast Thru Game
Bonjour
BUM
CC_ccProxyExt
ccCommon
ccPxyCore
Compton's Interactive Encyclopedia 2000
Creative Modem Blaster PCI DI5633
Digital Media Reader
EA SPORTS™ NBA LIVE 08
GGE909 PC Recoil Pad
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hoyle Kids' Games
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
iPod for Windows 2006-01-10
IsoBuster 1.4
iTunes
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Madden NFL 07
MagicTune Premium
Malwarebytes' Anti-Malware
Math Odyssey Algebra I
Math Odyssey Algebra II
Math Odyssey Calculus
Math Odyssey Pre-Algebra
Math Odyssey Pre-Calculus
Math Odyssey Trigonometry
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Encarta 97 Encyclopedia
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft Money 99
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Picture It! Premium 10
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (1.0.7)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
MVP Baseball 2005
Natural Color Pro
Need for Speed Underground 2
Nero BurnRights
Nero OEM
Netscape Communicator Dial-Up Edition
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
Panda ActiveScan 2.0
PowerDVD
PowerQuest PartitionMagic 8.0
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Sierra Print Artist 6.0
SoftV92 Data Fax Modem with SmartCP
Solitaire Antics Deluxe
SPBBC
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
SymNet
Tiger Woods PGA TOUR 06
TrueSwitch Wizard AT&T Yahoo!
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
West Point Bridge Designer 2007
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
World Book 2003 (Deluxe)







HERE IS MY MALWARE BYTES LOG




Malwarebytes' Anti-Malware 1.17
Database version: 846

9:40:42 AM 6/28/2008
mbam-log-6-28-2008 (09-40-42).txt

Scan type: Quick Scan
Objects scanned: 39474
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 72

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fvixyhgn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\htirabiu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mbochstm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnnnlii.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMdAQji.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vkhrupmp.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtUlkKCV.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGwWMdE.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86358747-c5be-4ddc-ae49-a4192e905f43} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{86358747-c5be-4ddc-ae49-a4192e905f43} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c0facf6-f496-4488-883b-8280ce37489e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c0facf6-f496-4488-883b-8280ce37489e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulkkcv (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6715a434-c9e9-4fc1-8a46-40b04fb0848e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0e83b0d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\A00F1613A70F.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\crgymufp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfumygrc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCTnOh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hOnTCcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hOnTCcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxcleeah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\haeelcxd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyvjaomg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gmoajvye.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flhtcysv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsycthlf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvixyhgn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nghyxivf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htirabiu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uibarith.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgsptoch.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcotpsgj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxogoqkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkqogoxj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lditgqal.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\laqgtidl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmfmukmc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmkumfml.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbochstm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mtshcobm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhpgqlmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmlqgphm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\moeifkuf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fukfieom.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqqnkois.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sioknqqm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvqbkmty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytmkbqvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndwdeddn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nddedwdn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnnlii.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iilnnnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iilnnnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcpydjbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebjdypcq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdAQji.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ijQAdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijQAdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rbwrcspf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fpscrwbr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgbuljga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agjlubgr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sveboobw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wboobevs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvkbailn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nliabkvu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbprhfjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjfhrpbv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkhrupmp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmpurhkv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnopMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dMponUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dMponUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xaegnrbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbrngeax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyftvvki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikvvtfyy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlkKCV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\futuqdtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxmtkaqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jiayiisx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjkcuaeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUolIcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DD92B.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwWMdE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.





HERE IS MY SUPERANTI SPYWARE LOG





SUPERAntiSpyware Scan Log
Generated 06/28/2008 at 12:15 PM

Application Version : 3.6.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 02:25:29

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 5903
Registry threats detected : 0
File items scanned : 121865
File threats detected : 9

Rogue.LiveAntiSpy
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1031\A0152363.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1031\A0152364.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1031\A0152366.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1033\A0152520.EXE

Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\JGFRRTRS.DLL
C:\WINDOWS\SYSTEM32\KHKAFCSS.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\LYIJOQBN.DLL
C:\WINDOWS\SYSTEM32\WGNDXRKM.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
  • 0

Advertisements

#2
Mike
Posted 04 July 2008 - 04:32 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there sorry for the delay.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
fender3000
Posted 04 July 2008 - 09:41 AM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No problem. Thanks. The scan worked well and here are the results of both.


******************HERE ARE THE RESULTS OF MAIN.TXT*************************

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-04 10:26:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
129: 2008-07-04 15:26:45 UTC - RP1071 - Deckard's System Scanner Restore Point
128: 2008-07-03 04:19:01 UTC - RP1070 - System Checkpoint
127: 2008-07-02 02:17:02 UTC - RP1069 - System Checkpoint
126: 2008-06-30 19:21:17 UTC - RP1068 - System Checkpoint
125: 2008-06-29 16:19:25 UTC - RP1067 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-25 01:40:10 UTC - RP943 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:59 AM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c38a784b-ff24-a1fa-55c4-e3aec3ee7d64} - {46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214674540312
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O20 - AppInit_DLLs: aupaaimr.dll nyyllnou.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12451 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NCPro - c:\windows\system32\drivers\mtictwl.sys <Not Verified; Samsung Electronics, Inc.; MagicTunePremium>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys <Not Verified; Samsung Electronics, Inc.; MagicTunePremium>
S3 samhid - c:\windows\system32\drivers\samhid.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MagicTuneEngine - c:\program files\magictune premium\magictuneengine.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 06:35:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-07-20 12:56:29 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-06-29 11:20:46 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 12:53:18 0 d-------- C:\Program Files\Trend Micro
2008-06-28 12:43:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-28 12:26:37 0 d-------- C:\Program Files\Panda Security
2008-06-27 19:42:31 102912 --a------ C:\WINDOWS\system32\ziwkhh.dll
2008-06-27 19:42:29 102912 --a------ C:\WINDOWS\system32\jwxftkxy.dll
2008-06-26 19:37:45 106496 --a------ C:\WINDOWS\system32\gdemvnsk.dll
2008-06-24 20:40:55 99840 --a------ C:\WINDOWS\system32\olqjmgkw.dll
2008-06-24 18:39:02 99840 --a------ C:\WINDOWS\system32\xbtdgggf.dll
2008-06-24 11:01:28 99840 --a------ C:\WINDOWS\system32\xjycvquh.dll
2008-06-24 09:32:12 105472 --a------ C:\WINDOWS\system32\nyyllnou.dll
2008-06-24 09:29:36 105472 --a------ C:\WINDOWS\system32\aupaaimr.dll
2008-06-21 17:46:34 99328 --a------ C:\WINDOWS\system32\bjuwmjhm.dll
2008-06-20 18:44:33 99328 --a------ C:\WINDOWS\system32\onbgummo.dll
2008-06-19 21:50:59 98816 --a------ C:\WINDOWS\system32\ybxadbdl.dll
2008-06-19 15:39:39 98816 --a------ C:\WINDOWS\system32\ynkxcuwf.dll
2008-06-18 21:26:23 98816 --a------ C:\WINDOWS\system32\ierpmmda.dll
2008-06-17 21:25:32 98816 --a------ C:\WINDOWS\system32\ifmqinmd.dll
2008-06-17 21:24:35 90112 --a------ C:\WINDOWS\system32\rrosdfjt.dll
2008-06-16 19:29:58 99328 --a------ C:\WINDOWS\system32\ioxrhlsm.dll
2008-06-15 19:29:59 99840 --a------ C:\WINDOWS\system32\udcueywf.dll
2008-06-14 13:22:04 98304 --a------ C:\WINDOWS\system32\irwiebig.dll
2008-06-14 13:18:37 98304 --a------ C:\WINDOWS\system32\tbexyhtd.dll
2008-06-14 08:16:41 98304 --a------ C:\WINDOWS\system32\ltulcwko.dll
2008-06-13 13:41:54 99328 --a------ C:\WINDOWS\system32\tojyqysc.dll
2008-06-11 20:32:19 98816 --a------ C:\WINDOWS\system32\bmcjditi.dll
2008-06-10 20:32:41 184320 --a------ C:\WINDOWS\system32\kabalqpc.dll
2008-06-09 22:29:15 109056 --a------ C:\WINDOWS\system32\dbrqqhmt.dll
2008-06-08 19:24:53 108544 --a------ C:\WINDOWS\system32\hrmdkuxj.dll
2008-06-08 12:24:32 108544 --a------ C:\WINDOWS\system32\vtjuiwma.dll
2008-06-07 12:23:21 108544 --a------ C:\WINDOWS\system32\xllhqgme.dll
2008-06-07 08:03:58 108544 --a------ C:\WINDOWS\system32\ujxucogg.dll
2008-06-06 20:25:27 108544 --a------ C:\WINDOWS\system32\lottnvea.dll
2008-06-06 20:17:19 108544 --a------ C:\WINDOWS\system32\tuknvlif.dll
2008-06-06 18:38:06 108544 --a------ C:\WINDOWS\system32\liqfuijf.dll
2008-06-06 17:19:23 108544 --a------ C:\WINDOWS\system32\xcivlsbu.dll
2008-06-06 16:43:14 2189 --ahs---- C:\WINDOWS\system32\IRBKmnpo.ini2
2008-06-06 15:56:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 15:40:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 12:25:03 134656 --a------ C:\WINDOWS\system32\foniwgbb.dll
2008-06-06 08:09:29 134656 --a------ C:\WINDOWS\system32\bfjyajlh.dll
2008-06-05 14:05:50 133120 --a------ C:\WINDOWS\system32\gylioulx.dll
2008-06-04 14:04:59 132608 --a------ C:\WINDOWS\system32\bvqwlfti.dll
2008-06-04 14:02:00 132608 --a------ C:\WINDOWS\system32\eubhdptl.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-29 17:12:59 0 d-------- C:\Program Files\TrueSwitchAT&TYahoo
2008-06-28 13:35:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 09:30:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 22:45:23 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-06 20:27:57 0 d-------- C:\Program Files\Common Files
2008-06-06 16:35:13 2126 --ahs---- C:\WINDOWS\system32\MUvGOqru.ini2
2008-06-05 19:40:57 0 d-------- C:\Program Files\LimeWire
2008-06-03 13:25:50 0 d-------- C:\Program Files\Incomplete
2008-06-03 13:25:37 0 d-------- C:\Program Files\iTunes
2008-06-03 12:07:12 2032 --ahs---- C:\WINDOWS\system32\bJjSvyay.ini2
2008-06-02 23:13:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-02 23:13:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:57:11 792 --a------ C:\xcrashdump.dat
2008-06-02 22:56:04 1607 --ahs---- C:\WINDOWS\system32\FeKRCcdd.ini2
2008-06-02 22:26:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-02 21:21:24 178 --a------ C:\handle.dat
2008-05-30 17:33:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-05-30 17:26:57 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-30 17:24:21 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-28 07:54:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-13 22:09:50 11758 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-11 13:25:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Ulead Systems
2008-05-11 12:59:44 0 d-------- C:\Program Files\Web Publish
2008-05-11 12:30:58 0 d-------- C:\Program Files\Nova Development
2008-05-04 21:35:22 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01DD5165-B983-48FB-ADAE-61C45E66E287}]
C:\WINDOWS\system32\urqOGvUM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46d7ee3c-ea3e-4c55-af1a-42ffb487a83c}]
06/27/2008 07:42 PM 102912 --a------ C:\WINDOWS\system32\ziwkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9811CF39-0129-40AB-B6E7-7664949683E3}]
C:\WINDOWS\system32\opnmKBRI.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 03:42 PM]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 05:36 PM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 12:23 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM]
"@"="" []
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 05:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 05:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 05:51 PM]
"CHotkey"="zHotkey.exe" [05/17/2004 08:30 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 11:09 AM C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [09/23/2004 09:27 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/24/2004 08:06 PM C:\WINDOWS\ALCWZRD.EXE]
"HostManager"="C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Reminder"="C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe" [07/25/1998 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/02/2007 11:37 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OOBEDDDemise"=cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [4/13/2007 9:22:10 AM]
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [3/13/2008 4:35:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [7/20/2005 1:06:20 PM]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [12/30/2007 3:18:30 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [12/30/2007 3:08:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=aupaaimr.dll nyyllnou.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-04 10:30:16 ------------





******************HERE ARE THE RESULTS OF EXTRA.TXT************************





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 501.77 MiB / 204.45 MiB
Pagefile Memory (total/avail): 1224.83 MiB / 786.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.07 MiB

C: is Fixed (NTFS) - 182.02 GiB total, 73.63 GiB free.
D: is Fixed (FAT32) - 4.27 GiB total, 1.68 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (FAT32)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-22HBC0 - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.02 GiB - C:
\PARTITION1 - Unknown - 4.28 GiB - D:

\\.\PHYSICALDRIVE6 - Apple iPod USB Device - 74.34 GiB - 1 partition
\PARTITION0 - Unknown - 74.34 GiB - K:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - HP PSC 1610 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AMERIC~1.0"
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AMERIC~1.0"
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Disabled:mvp2005"
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire 4.16.6"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PERROTTE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\PERROTTE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\AOL\1125118890\ee;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=PERROTTE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{869090AE-88E6-45CE-A2B1-13D24F82CA5B}\setup.exe" /uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM Location Info --> C:\PROGRA~1\COMMON~1\AOL\112511~1\ee\services\LOCATI~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\112511~1\ee\services\LOCATI~1\UNINST~1\INSTALL.LOG
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Explorer --> C:\Program Files\Common Files\AOL\1125118890\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Balloon Pop --> C:\PROGRA~1\GALAXY~1\GAMESF~1\BALLOO~1\UNWISE.EXE C:\PROGRA~1\GALAXY~1\GAMESF~1\BALLOO~1\INSTALL.LOG
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blast Thru --> C:\eGames\BLAST_~1\UNWISE.EXE C:\eGames\BLAST_~1\INSTALL.LOG
Blast Thru Game --> C:\PROGRA~1\eGames\BLASTT~1\UNWISE.EXE C:\PROGRA~1\eGames\BLASTT~1\INSTALL.LOG
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Compton's Interactive Encyclopedia 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Broderbund\CIE2000\DeIsL1.isu"
Creative Modem Blaster PCI DI5633 --> C:\Program Files\UIU\CXT1059\HXFSETUP.EXE -U -IVEN_14F1&DEV_1059&SUBSYS_1059148D
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
EA SPORTS™ NBA LIVE 08 --> MsiExec.exe /X{4A0EB804-0413-11DC-8FA2-83B655D89593}
GGE909 PC Recoil Pad --> C:\PROGRA~1\GAMEEL~1\GGE909~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\GGE909~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Kids' Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Kids' Games\Uninst.isu"
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
IsoBuster 1.4 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Owner\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_1931b31b\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Madden NFL 07 --> C:\Program Files\EA SPORTS\Madden NFL 07\EAUninstall.exe
MagicTune Premium --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Odyssey Algebra I --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\Algebra\Uninst.isu"
Math Odyssey Algebra II --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\Algebra 2\Uninst.isu"
Math Odyssey Calculus --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\Calculus\Uninst.isu"
Math Odyssey Pre-Algebra --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\PreAlg\Uninst.isu"
Math Odyssey Pre-Calculus --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\Pre-Calculus\Uninst.isu"
Math Odyssey Trigonometry --> C:\WINDOWS\IsUninst.exe -f"C:\Math Odyssey 2.3\Trigonometry\Uninst.isu"
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Encarta 97 Encyclopedia --> C:\WINDOWS\unenc97.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Money 99 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\setup\setup.exe
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MVP Baseball 2005 --> C:\Program Files\EA SPORTS\MVP Baseball 2005\EAUninstall.exe
Natural Color Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Need for Speed Underground 2 --> C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape Communicator Dial-Up Edition --> C:\WINDOWS\cd3240.exe
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sierra Print Artist 6.0 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PA6\Uninst.isu -c"C:\SIERRA\PA6\PASTP.DLL"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Solitaire Antics Deluxe --> C:\Masque\SOLITA~1\UNWISE.EXE C:\Masque\SOLITA~1\INSTALL.LOG
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tiger Woods PGA TOUR 06 --> C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\EAUninstall.exe
TrueSwitch Wizard AT&T Yahoo! --> C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe -uninstall
Ultimate Mahjongg --> C:\PROGRA~1\ValuSoft\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ValuSoft\ULTIMA~1\INSTALL.LOG
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
West Point Bridge Designer 2007 --> C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
World Book 2003 (Deluxe) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869090AE-88E6-45CE-A2B1-13D24F82CA5B}\Setup.exe" -uninst


-- Application Event Log -------------------------------------------------------

Event Record #/Type243 / Error
Event Submitted/Written: 06/30/2008 10:01:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type242 / Error
Event Submitted/Written: 06/30/2008 10:00:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x60b47930.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type193 / Error
Event Submitted/Written: 06/24/2008 02:53:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5730.13, faulting module ieframe.dll, version 7.0.5730.13, fault address 0x000bc0e6.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type181 / Error
Event Submitted/Written: 06/24/2008 09:30:56 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type180 / Error
Event Submitted/Written: 06/24/2008 09:30:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3393 / Error
Event Submitted/Written: 07/04/2008 10:24:45 AM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2DEED59D-0AB5-486C-BB4D-9793408CB0BE}.
The backup browser is stopping.

Event Record #/Type3385 / Error
Event Submitted/Written: 07/04/2008 00:14:57 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.64 on the
Network Card with network address 001320457709.

Event Record #/Type3384 / Warning
Event Submitted/Written: 07/04/2008 00:14:57 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320457709. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3375 / Warning
Event Submitted/Written: 07/02/2008 10:45:11 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320457709. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3358 / Warning
Event Submitted/Written: 07/02/2008 10:23:02 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320457709. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-04 10:30:16 ------------
  • 0

#4
Mike
Posted 04 July 2008 - 12:59 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again,

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from [url="http://subs.geekstogo.com/ComboFix.exe""]here[/url] or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.
  • 0

#5
fender3000
Posted 05 July 2008 - 12:24 AM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok. It took a bit, but it worked so here is my combofix log and my new hijackthis log.


****************HERE IS MY COMBOFIX LOG************************


ComboFix 08-07-04.1 - Owner 2008-07-05 1:07:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\arjewyej.ini
C:\WINDOWS\system32\bcnibdqm.ini
C:\WINDOWS\system32\bJjSvyay.ini
C:\WINDOWS\system32\bJjSvyay.ini2
C:\WINDOWS\system32\dlbprihl.ini
C:\WINDOWS\system32\dnabhqmp.ini
C:\WINDOWS\system32\evwxtttv.ini
C:\WINDOWS\system32\FeKRCcdd.ini
C:\WINDOWS\system32\FeKRCcdd.ini2
C:\WINDOWS\system32\fpylnyni.ini
C:\WINDOWS\system32\fuvgweqa.ini
C:\WINDOWS\system32\gbjgmoxp.ini
C:\WINDOWS\system32\haksgdpw.ini
C:\WINDOWS\system32\hwbctejk.ini
C:\WINDOWS\system32\IRBKmnpo.ini
C:\WINDOWS\system32\IRBKmnpo.ini2
C:\WINDOWS\system32\jwxftkxy.dll
C:\WINDOWS\system32\kabalqpc.dll
C:\WINDOWS\system32\liqfuijf.dll
C:\WINDOWS\system32\lottnvea.dll
C:\WINDOWS\system32\ltulcwko.dll
C:\WINDOWS\system32\MUvGOqru.ini
C:\WINDOWS\system32\MUvGOqru.ini2
C:\WINDOWS\system32\nqgbjhey.ini
C:\WINDOWS\system32\nyyllnou.dll
C:\WINDOWS\system32\olqjmgkw.dll
C:\WINDOWS\system32\onbgummo.dll
C:\WINDOWS\system32\owpjhwps.ini
C:\WINDOWS\system32\qwebsotk.ini
C:\WINDOWS\system32\rrkraxrn.ini
C:\WINDOWS\system32\rrosdfjt.dll
C:\WINDOWS\system32\tbexyhtd.dll
C:\WINDOWS\system32\tojyqysc.dll
C:\WINDOWS\system32\tuknvlif.dll
C:\WINDOWS\system32\udcueywf.dll
C:\WINDOWS\system32\ujxucogg.dll
C:\WINDOWS\system32\umjxgefx.ini
C:\WINDOWS\system32\vtjuiwma.dll
C:\WINDOWS\system32\vuxomypp.ini
C:\WINDOWS\system32\wvmmpupk.ini
C:\WINDOWS\system32\x86
C:\WINDOWS\system32\x86\ReadMe.Txt
C:\WINDOWS\system32\x86\ShFolder.Exe
C:\WINDOWS\system32\xbtdgggf.dll
C:\WINDOWS\system32\xcivlsbu.dll
C:\WINDOWS\system32\xjycvquh.dll
C:\WINDOWS\system32\xllhqgme.dll
C:\WINDOWS\system32\yadxthyh.ini
C:\WINDOWS\system32\ybxadbdl.dll
C:\WINDOWS\system32\ynkxcuwf.dll
C:\WINDOWS\system32\ziwkhh.dll
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-04 10:26 . 2008-07-04 10:26 <DIR> d-------- C:\Deckard
2008-06-29 11:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-29 11:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-29 11:20 . 2008-06-29 11:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 12:53 . 2008-06-28 12:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 12:26 . 2008-06-28 12:27 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 21:24 . 2008-06-17 21:24 109,803 --a------ C:\WINDOWS\BMb3db0891.xml
2008-06-06 15:56 . 2008-06-10 20:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-06 15:56 . 2008-06-08 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 15:40 . 2008-06-06 20:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 08:06 . 2008-06-06 12:24 1,671 --ahs---- C:\WINDOWS\system32\HhhhkUtv.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 06:04 --------- d-----w C:\Program Files\TrueSwitchAT&TYahoo
2008-06-28 18:35 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-28 14:30 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 03:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 00:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 00:40 --------- d-----w C:\Program Files\LimeWire
2008-06-03 18:25 --------- d-----w C:\Program Files\iTunes
2008-06-03 18:25 --------- d-----w C:\Program Files\Incomplete
2008-06-03 04:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-03 02:21 178 ----a-w C:\handle.dat
2008-05-30 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-30 22:24 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-30 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 12:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-14 03:09 11,758 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-11 18:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems
2008-05-11 17:59 --------- d-----w C:\Program Files\Web Publish
2008-05-11 17:30 --------- d-----w C:\Program Files\Nova Development
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 02:35 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-06 01:41 37,834 -c--a-w C:\Program Files\sch_2006FFAScholarshipApplication.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe" [1998-07-25 00:00 36352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 23:37 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42 212992]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 12:23 218240]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"HostManager"="C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 21:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 20:06 2559488 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OOBEDDDemise"="erase" [X]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-04-13 09:22:10 225280]
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [2008-03-13 04:35:00 1069056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-07-20 13:06:20 1742384]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-12-30 15:18:30 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-12-30 15:08:34 49220]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aupaaimr.dll nyyllnou.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSPAC"= NSPAC32.ACM
"MSACM.voxacm118"= vdk32118.acm
"MSACM.NSX83"= NSX83P32.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 13:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 11:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-20 17:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll
BHO-{46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll
BHO-{9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 01:12:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
OOBEDDDemise = cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe??????????????u?w?????????????????????????????M??????????????i?wis???????????????????????????????????????????*&?|p????&?|??-w????????????????H??????????|A??|????0??????????? ?]?d???H?1?????0?1???:??????&?|B%?|???????????????? ?]???????????-wC

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 1:16:25
ComboFix-quarantined-files.txt 2008-07-05 06:15:26

Pre-Run: 78,939,594,752 bytes free
Post-Run: 78,942,199,808 bytes free

214 --- E O F --- 2008-06-29 16:22:50





****************HERE IS MY NEW HIJACKTHIS LOG*****************************




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:49 AM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c38a784b-ff24-a1fa-55c4-e3aec3ee7d64} - {46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214674540312
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O20 - AppInit_DLLs: aupaaimr.dll nyyllnou.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11989 bytes
  • 0

#6
Mike
Posted 05 July 2008 - 04:40 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Now,

go to add or remove programs and uninstall:
Viewpoint <-- everything with viewpoint in it.
Tell me if you see any other entries that you do not recognize.

Then,
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\windows\system32\aupaaimr.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Please repeat the steps substituting the file to copy for nyyllnou.dll

Now let's get rid of some baddies.
Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
 C:\WINDOWS\BMb3db0891.xml
 C:\WINDOWS\system32\HhhhkUtv.ini
 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe 
 C:\Documents and Settings\Owner\Application Data\wklnhst.dat
 
 Folder::
 C:\program files\viewpoint
 C:\Documents and Settings\All Users\Application Data\viewpoint
 
 Registry::
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 "OOBEDDDemise"=-
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.
  • 0

#7
fender3000
Posted 05 July 2008 - 10:38 AM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok. I had some problems here. And its kinda hard since I am having to do this forum on a seperate computer since the other one won't let me do stuff.

First, since it wouldn't let me open or access spybot, I just deleted the program for now.
I was able to remove viewpoint however.
Then, when I tried virscan.org, both the files I typed in returned an "Error: can't find file" message.
Last, after I had typed the code into notepad on my other computer and saved it, whenever I dragged the file on to combofix, combofix opened but then stopped on the blue screen where it says "scanning for infected files...", however it said it's couple more lines and then says "The process cannot access the file because it is being used by another process." and then combofix stops.

I have no idea what I'm doing wrong or if it is just my computer.
  • 0

#8
Mike
Posted 05 July 2008 - 11:24 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

For the files please do the following,

Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter aupaaimr.dll
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

do the same for nyyllnou.dll, the results will be located at C:\Export(2).txt

For the second,

There was a bug in Combofix, which has been fixed in the latest version.

Click START then RUN
Now type Combofix /u in the runbox and click OK
Posted Image
Notice the space between the x and / -- That needs to be there.

Then download the latest version from [url="http://subs.geekstogo.com/ComboFix.exe""]here[/url] or here. It is important that you save this file to your desktop.

Try and do the above again please.

Post back with export an export(2).txt as well as the combofix log.
  • 0

#9
fender3000
Posted 05 July 2008 - 12:59 PM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
alright. The file find application was still not able to find either file saying "0 files found in 14029 Directories." however the combofix did work so here is the log from that.




ComboFix 08-07-04.6 - Owner 2008-07-05 13:43:29.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Application Data\wklnhst.dat
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\WINDOWS\BMb3db0891.xml
C:\WINDOWS\system32\HhhhkUtv.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\viewpoint
C:\Documents and Settings\Owner\Application Data\wklnhst.dat
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\WINDOWS\BMb3db0891.xml
C:\WINDOWS\system32\HhhhkUtv.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-06-29 11:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-29 11:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-29 11:20 . 2008-06-29 11:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 12:53 . 2008-06-28 12:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 12:26 . 2008-06-28 12:27 <DIR> d-------- C:\Program Files\Panda Security
2008-06-06 15:56 . 2008-06-08 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 15:40 . 2008-06-06 20:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 18:41 --------- d-----w C:\Program Files\TrueSwitchAT&TYahoo
2008-06-28 18:35 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-28 14:30 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 03:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 00:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 00:40 --------- d-----w C:\Program Files\LimeWire
2008-06-03 18:25 --------- d-----w C:\Program Files\iTunes
2008-06-03 18:25 --------- d-----w C:\Program Files\Incomplete
2008-06-03 04:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-03 02:21 178 ----a-w C:\handle.dat
2008-05-30 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-30 22:24 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-30 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 12:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-11 18:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems
2008-05-11 17:59 --------- d-----w C:\Program Files\Web Publish
2008-05-11 17:30 --------- d-----w C:\Program Files\Nova Development
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 02:35 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-06 01:41 37,834 -c--a-w C:\Program Files\sch_2006FFAScholarshipApplication.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe" [1998-07-25 00:00 36352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 23:37 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42 212992]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 12:23 218240]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"HostManager"="C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 21:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 20:06 2559488 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [2008-03-13 04:35:00 1069056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-07-20 13:06:20 1742384]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-12-30 15:18:30 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-12-30 15:08:34 49220]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aupaaimr.dll nyyllnou.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSPAC"= NSPAC32.ACM
"MSACM.voxacm118"= vdk32118.acm
"MSACM.NSX83"= NSX83P32.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 13:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 11:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-20 17:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll
BHO-{46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll
BHO-{9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll
HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 13:48:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-05 13:52:50
ComboFix-quarantined-files.txt 2008-07-05 18:51:46

Pre-Run: 81,286,565,888 bytes free
Post-Run: 81,272,344,576 bytes free

159 --- E O F --- 2008-06-29 16:22:50
  • 0

#10
Mike
Posted 05 July 2008 - 01:58 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again :)

You are running two antivirus programs - Mcafee and Norton. You will need to uninstall one as running both at the same time can cause slowdowns and possibly lower your security.

Do you use any flash drives, USB devices etc... ? Don't plug them in at the moment as it could reinfect you.

Could you go to windows explorer (press windows key + E ), click on search then "all files and folders" and search for aupaaimr.dll & nyyllnou.dll,
would you by chance know what these files are?

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Now,

Download the latest version of Java Runtime Environment (JRE) 6 Update 6. Uninstall any old versions that you find in add or remove programs.

And go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

Advertisements

#11
fender3000
Posted 05 July 2008 - 04:57 PM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK. I uninstalled Mcafee because norton would not let me uninstall it. and i was using a flash drive so i won't do that for the time being. I have no clue what those two files are for and when i searched for them with the new method, my computer found no such files. Otherwise the two scans worked well, and the malware bytes one did not find anything. Here they both are.




**********MBAM LOG*****************



Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 2

15:34:09 2008-07-05
mbam-log-7-5-2008 (15-34-09).txt

Scan type: Quick Scan
Objects scanned: 40856
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




**************KASPERSKY SCAN**************



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 05, 2008 19:24:44
Records in database: 916362
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 123595
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:36:33


File name / Threat name / Threats count
C:\Program Files\eGames\Blast Thru Game\bt.exe Infected: Trojan-Dropper.Win32.Agent.zc 1
C:\Program Files\eGames\Blast Thru Game\TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F4212AC.zip Infected: Trojan.Java.Femad 4
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F4212AC.zip Infected: Trojan-Clicker.Win32.Small.hs 1

The selected area was scanned.
  • 0

#12
Mike
Posted 06 July 2008 - 05:53 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Empty out everything in this folder please: C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine <--- Delete everything in there.

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
C:\Program Files\eGames\Blast Thru Game\bt.exe
C:\Program Files\eGames\Blast Thru Game\TSUninstaller.exe
C:\windows\system32\nyyllnou.dll
C:\windows\system32\aupaaimr.dll 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

Post back with the log.

Now,

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Run a full scan with your antivirus program.

Post back with combofix.txt and a new hijack this log.

How is your computer running?

Edited by Mike, 06 July 2008 - 05:54 AM.

  • 0

#13
fender3000
Posted 06 July 2008 - 10:40 AM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey,
well, my computer seems to be doing much better. it is not locking up on me, i can change properties that i wasn't able to before, it seems my security settings are staying, and knock on wood no pop-ups yet. And also i am finally able to log into this site from my computer. Here are my new combofix and hijack this logs.



**************COMBOFIX LOG*******************




ComboFix 08-07-04.6 - Owner 2008-07-06 10:22:57.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\eGames\Blast Thru Game\bt.exe
C:\Program Files\eGames\Blast Thru Game\TSUninstaller.exe
C:\windows\system32\aupaaimr.dll
C:\windows\system32\nyyllnou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\eGames\Blast Thru Game\bt.exe
C:\Program Files\eGames\Blast Thru Game\TSUninstaller.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-05 15:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-29 11:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-29 11:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-29 11:20 . 2008-06-29 11:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 12:53 . 2008-06-28 12:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 12:26 . 2008-06-28 12:27 <DIR> d-------- C:\Program Files\Panda Security
2008-06-06 15:56 . 2008-06-08 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 15:40 . 2008-06-06 20:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 20:53 --------- d-----w C:\Program Files\Java
2008-07-05 20:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 20:14 --------- d-----w C:\Program Files\TrueSwitchAT&TYahoo
2008-07-05 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-28 19:21 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:21 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 18:35 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-16 03:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 00:40 --------- d-----w C:\Program Files\LimeWire
2008-06-03 18:25 --------- d-----w C:\Program Files\iTunes
2008-06-03 18:25 --------- d-----w C:\Program Files\Incomplete
2008-06-03 04:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-03 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-03 02:21 178 ----a-w C:\handle.dat
2008-05-30 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-30 22:24 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-30 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 12:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-11 18:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems
2008-05-11 17:59 --------- d-----w C:\Program Files\Web Publish
2008-05-11 17:30 --------- d-----w C:\Program Files\Nova Development
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-06 01:41 37,834 -c--a-w C:\Program Files\sch_2006FFAScholarshipApplication.zip
.

((((((((((((((((((((((((((((( snapshot@2008-07-05_13.51.31.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 18:40:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 20:14:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-06-03 07:24:06 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 06:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-06-03 07:24:14 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-06-03 08:52:56 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 07:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01DD5165-B983-48FB-ADAE-61C45E66E287}]
C:\WINDOWS\system32\urqOGvUM.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46d7ee3c-ea3e-4c55-af1a-42ffb487a83c}]
C:\WINDOWS\system32\ziwkhh.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9811CF39-0129-40AB-B6E7-7664949683E3}]
C:\WINDOWS\system32\opnmKBRI.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe" [1998-07-25 00:00 36352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 23:37 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42 212992]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 12:23 218240]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"HostManager"="C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 21:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 20:06 2559488 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [2008-03-13 04:35:00 1069056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-07-20 13:06:20 1742384]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-12-30 15:18:30 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-12-30 15:08:34 49220]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSPAC"= NSPAC32.ACM
"MSACM.voxacm118"= vdk32118.acm
"MSACM.NSX83"= NSX83P32.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125118890\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 13:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 11:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-20 17:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 10:25:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-06 10:30:21
ComboFix-quarantined-files.txt 2008-07-06 15:29:18
ComboFix2.txt 2008-07-05 18:52:51

Pre-Run: 81,103,589,376 bytes free
Post-Run: 81,134,858,240 bytes free

166 --- E O F --- 2008-06-29 16:22:50




****************HIJACKTHIS LOG********************************



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c38a784b-ff24-a1fa-55c4-e3aec3ee7d64} - {46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125118890\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money 2005\MNYCoreFiles\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214674540312
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11181 bytes
  • 0

#14
Mike
Posted 06 July 2008 - 11:42 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again,

Almost there :)

Please open Hijack This and do a "Scan Only". Place a check mark next to these items:

O2 - BHO: (no name) - {01DD5165-B983-48FB-ADAE-61C45E66E287} - C:\WINDOWS\system32\urqOGvUM.dll (file missing)
O2 - BHO: {c38a784b-ff24-a1fa-55c4-e3aec3ee7d64} - {46d7ee3c-ea3e-4c55-af1a-42ffb487a83c} - C:\WINDOWS\system32\ziwkhh.dll (file missing)
O2 - BHO: (no name) - {9811CF39-0129-40AB-B6E7-7664949683E3} - C:\WINDOWS\system32\opnmKBRI.dll (file missing)

Then press "Fix checked". Exit the program.

I'm still interested in getting those files from you, so let's try one more time and see if we can find them :)

  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter *.vir
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

and then go to search and search for aupaaimr & nyyllnou WITHOUT the .dll at the end.

Tell me if it finds anything. Did the flash drive disinfector run properly last post?

If we can't find the files, we'll go through some final steps and you can finally get rid of me :)

Edited by Mike, 06 July 2008 - 11:43 AM.

  • 0

#15
fender3000
Posted 06 July 2008 - 12:35 PM

fender3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
alright, the hijackthis step worked just fine and the flash drive disinfector ran without a problem as well. The filefind for the *.vir found 6 files and the export is pasted below. However, i tried all previous search methods above for those two files without the .dll and they still returned nothing so it seems as if my computer wants to go through some final steps.


****************EXPORT.TXT***********************


C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\wklnhst.dat.vir - 11758 Bytes
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe.vir - 225280 Bytes
C:\QooBox\Quarantine\C\Program Files\eGames\Blast Thru Game\bt.exe.vir - 771776 Bytes
C:\QooBox\Quarantine\C\Program Files\eGames\Blast Thru Game\TSUninstaller.exe.vir - 76288 Bytes
C:\QooBox\Quarantine\C\WINDOWS\BMb3db0891.xml.vir - 109803 Bytes
C:\QooBox\Quarantine\C\WINDOWS\system32\HhhhkUtv.ini.vir - 1671 Bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP