Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware Popups wont go away!


  • Please log in to reply

#1
Highfire

Highfire

    New Member

  • Member
  • Pip
  • 5 posts
Hi
This is my first time posting on Geeks to Go! so forgive me if I make any mistakes.
So my problem is that I have some adware on my computer, and after the numerous programs I have run, (including: Spybot S&D , Ad-Aware, ATF Cleaner, Malware-bytes anti-malware, Spyware blaster, and I have AVG free running and did a scan on that) I did find viruses and cleared them off, but the popups on the computer while surfing the internet persists. I am using Internet Explorer 7 and Windows XP Home Edition Service Pack 2. I have run Hijack this! and this is the log it created: Please help me, what should I do?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:17 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: {492fb0f3-57da-d62a-79d4-3cc4db26a621} - {126a62bd-4cc3-4d97-a26d-ad753f0bf294} - C:\WINDOWS\system32\nlykhn.dll
O2 - BHO: (no name) - {38C562D4-7100-4F9E-A562-E71C185863CD} - C:\WINDOWS\system32\pmnlkHXN.dll (file missing)
O2 - BHO: QXK Rhythm - {744ED899-9428-4EDB-9658-E5E3272D7D39} - C:\WINDOWS\nldfmtapxqm.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE428B31-D925-4B7F-836F-DE103BA2BBE6} - C:\WINDOWS\system32\xxyawvWm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: gktxaspm - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - C:\WINDOWS\gktxaspm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [41260257005717053692419391045699] C:\Program Files\XP Antivirus\xpa.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B8E3821-AFBE-4D0F-9E64-CE082131074A} (Gigasoft Pesgo v6) - http://www.kwlemeral...meraldgraph.cab
O16 - DPF: {536600D3-70FE-4C50-92FB-640F6BFC49AD} (TeeChart Pro Activex control v6) - http://www.kwlemeral...S/teechart6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212022465959
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcDuVpm - ddcDuVpm.dll (file missing)
O21 - SSODL: CheckService - {843774ee-4d67-49c8-b861-42109c7f221e} - C:\WINDOWS\Resources\CheckService.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - https://mail.bimbc.c...mg/icon-doc.gif

--
End of file - 7772 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Highfire

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Highfire

Highfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the info you requested.
Thanks,

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-13 12:49:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-07-13 19:50:02 UTC - RP301 - Deckard's System Scanner Restore Point
47: 2008-07-13 05:19:48 UTC - RP300 - System Checkpoint
46: 2008-07-12 03:52:31 UTC - RP299 - Last known good configuration
45: 2008-07-12 03:52:15 UTC - RP298 - Installed AVG Free 8.0
44: 2008-07-12 03:52:15 UTC - RP297 - System Checkpoint


-- First Restore Point --
1: 2008-07-12 03:52:05 UTC - RP254 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 376 MiB (512 MiB recommended).
System Drive C: has 1.21 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:49 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: {492fb0f3-57da-d62a-79d4-3cc4db26a621} - {126a62bd-4cc3-4d97-a26d-ad753f0bf294} - C:\WINDOWS\system32\nlykhn.dll
O2 - BHO: (no name) - {38C562D4-7100-4F9E-A562-E71C185863CD} - C:\WINDOWS\system32\pmnlkHXN.dll (file missing)
O2 - BHO: QXK Rhythm - {744ED899-9428-4EDB-9658-E5E3272D7D39} - C:\WINDOWS\nldfmtapxqm.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE428B31-D925-4B7F-836F-DE103BA2BBE6} - C:\WINDOWS\system32\xxyawvWm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: gktxaspm - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - C:\WINDOWS\gktxaspm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [41260257005717053692419391045699] C:\Program Files\XP Antivirus\xpa.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B8E3821-AFBE-4D0F-9E64-CE082131074A} (Gigasoft Pesgo v6) - http://www.kwlemeral...meraldgraph.cab
O16 - DPF: {536600D3-70FE-4C50-92FB-640F6BFC49AD} (TeeChart Pro Activex control v6) - http://www.kwlemeral...S/teechart6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212022465959
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcDuVpm - ddcDuVpm.dll (file missing)
O21 - SSODL: CheckService - {843774ee-4d67-49c8-b861-42109c7f221e} - C:\WINDOWS\Resources\CheckService.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - https://mail.bimbc.c...mg/icon-doc.gif

--
End of file - 7724 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 CSMBATT - c:\windows\system32\drivers\csmbatt.sys
R1 nbmkmd - c:\windows\system32\drivers\nbmkmd.sys
R1 TDOEM - c:\windows\system32\drivers\tdoem.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TSMOEMP - c:\windows\system32\drivers\tsmoemp.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>

S3 AIRPLUS (D-Link AirPlus Wireless Adapter) - c:\windows\system32\drivers\airplus.sys <Not Verified; D-Link; D-Link AirPlus 22M Wireless LAN Adapter>
S3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys (file missing)
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2004-12-13 11:25:21 346 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-12 14:10:33 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:08:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 21:08:31 0 d-------- C:\Program Files\SpywareBlaster
2008-07-11 20:53:45 81168 -----n--- C:\WINDOWS\system32\ydxtctik.dll
2008-07-11 20:53:41 105248 --a------ C:\WINDOWS\system32\nlykhn.dll
2008-07-11 20:53:39 105248 --a------ C:\WINDOWS\system32\gesbcjyf.dll
2008-07-11 20:53:10 90928 -----n--- C:\WINDOWS\system32\buewvecw.dll
2008-07-11 19:39:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-11 19:39:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 19:39:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 19:39:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-11 15:30:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-07-10 20:38:33 0 d--h----- C:\$AVG8.VAULT$
2008-07-10 20:35:11 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 20:34:35 0 d-------- C:\Program Files\AVG
2008-07-10 12:39:41 116352 --a------ C:\WINDOWS\system32\wneqpd.dll
2008-07-02 22:14:06 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2008-07-02 22:13:49 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-07-02 20:19:22 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-02 20:19:21 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Find3M Report ---------------------------------------------------------------

2008-07-11 20:25:32 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-07-11 19:39:24 0 d-------- C:\Program Files\Common Files
2008-07-11 04:17:12 173380 --ahs---- C:\WINDOWS\system32\mWvwayxx.ini2
2008-07-02 20:19:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 18:22:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 18:22:39 0 d-------- C:\Program Files\Symantec
2008-05-23 08:17:56 0 d-------- C:\Program Files\Google
2008-05-21 14:29:27 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-21 14:10:11 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-05-21 11:23:07 520669 --ahs---- C:\WINDOWS\system32\NXHklnmp.ini2
2008-05-21 10:21:00 2548 --a------ C:\WINDOWS\unins000.dat
2008-05-21 10:19:08 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-19 11:06:41 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-05-19 11:06:41 0 --a------ C:\Program Files\uninstall.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{126a62bd-4cc3-4d97-a26d-ad753f0bf294}]
07/11/2008 08:53 PM 105248 --a------ C:\WINDOWS\system32\nlykhn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38C562D4-7100-4F9E-A562-E71C185863CD}]
C:\WINDOWS\system32\pmnlkHXN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{744ED899-9428-4EDB-9658-E5E3272D7D39}]
C:\WINDOWS\nldfmtapxqm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/10/2008 08:35 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE428B31-D925-4B7F-836F-DE103BA2BBE6}]
C:\WINDOWS\system32\xxyawvWm.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/10/2008 08:35 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [08/04/2004 01:13 AM C:\WINDOWS\system32\tp4serv.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/26/2002 09:05 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/26/2002 08:45 AM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [08/31/2003 11:34 PM]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 04:32 PM]
"LTSMMSG"="LTSMMSG.exe" [08/02/2001 08:28 PM C:\WINDOWS\LTSMMSG.exe]
"TP4EX"="tp4ex.exe" [09/04/2002 02:05 AM C:\WINDOWS\system32\TP4EX.exe]
"TP2000TRAY"="" []
"AGRSMMSG"="AGRSMMSG.exe" [06/27/2003 06:53 AM C:\WINDOWS\AGRSMMSG.exe]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [07/19/2005 11:06 AM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [09/04/2007 03:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"D066UUtility"="C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE" [07/06/2000 01:15 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/10/2008 08:34 PM]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [04/19/2004 09:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [07/19/2005 11:14 AM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [09/04/2007 03:54 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/08/2008 09:13 PM]
"41260257005717053692419391045699"="C:\Program Files\XP Antivirus\xpa.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [4/10/2007 7:23:09 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [4/10/2007 7:18:57 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/15/2008 9:53:29 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckService"= {843774ee-4d67-49c8-b861-42109c7f221e} - C:\WINDOWS\Resources\CheckService.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDuVpm]
ddcDuVpm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avgfws8"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df68cc0-be4c-11dc-ad76-0013469e50ec}]
AutoRun\command- F:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-13 12:53:21 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Celeron™ CPU 1133MHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 375.36 MiB / 110.98 MiB
Pagefile Memory (total/avail): 990.6 MiB / 754.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933 MiB

C: is Fixed (NTFS) - 9.77 GiB total, 1.21 GiB free.
D: is Fixed (NTFS) - 8.85 GiB total, 6.1 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI_DK23DA-20 - 18.63 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 8.85 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOBBY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\BOBBY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\;C:\IBMWORK;C:\IBMWORK\TOOLS
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b04
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=BOBBY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems AC'97 Modem --> agrsmdel
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmo.dll"
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNPDR.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinspdo.dll"
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support --> C:\WINDOWS\System32\tp4unins.exe
Intel® 82830M Graphics Driver Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lucent Technologies Soft Modem AMR --> agrsmdel
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - Topo Canada v2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9F308117-9B2F-45EB-9FAF-B59CD8339673} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OLYMPUS Master 2 --> MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
QuickBooks Basic Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b21-78c1-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b21-78c1-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
ThinkPad Configuration for Win2000/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C427188B-3101-4385-BB6A-66738B6536DB}\SETUP.EXE" -l0x9 -uninst
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type12700 / Warning
Event Submitted/Written: 07/12/2008 02:03:26 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type12699 / Warning
Event Submitted/Written: 07/12/2008 02:03:26 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 8007041F.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54019 / Warning
Event Submitted/Written: 07/12/2008 11:17:43 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A30C17. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type54016 / Warning
Event Submitted/Written: 07/12/2008 11:17:23 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A30C17. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type54014 / Warning
Event Submitted/Written: 07/12/2008 11:17:11 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A30C17. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type54011 / Warning
Event Submitted/Written: 07/12/2008 11:16:57 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A30C17. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type54009 / Warning
Event Submitted/Written: 07/12/2008 11:16:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A30C17. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-13 12:53:21 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ydxtctik.dll
    C:\WINDOWS\system32\nlykhn.dll
    C:\WINDOWS\system32\gesbcjyf.dll
    C:\WINDOWS\system32\buewvecw.dll
    C:\WINDOWS\system32\wneqpd.dll
    C:\WINDOWS\system32\mWvwayxx.ini2
    C:\WINDOWS\system32\NXHklnmp.ini2
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe 
    C:\Program Files\XP Antivirus
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#5
Highfire

Highfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok I did everything that you did: here are the logs for OTMoveit and kaspersky online scanner:

OTMoveit:

LoadLibrary failed for C:\WINDOWS\system32\ydxtctik.dll
C:\WINDOWS\system32\ydxtctik.dll NOT unregistered.
C:\WINDOWS\system32\ydxtctik.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nlykhn.dll
C:\WINDOWS\system32\nlykhn.dll NOT unregistered.
C:\WINDOWS\system32\nlykhn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gesbcjyf.dll
C:\WINDOWS\system32\gesbcjyf.dll NOT unregistered.
C:\WINDOWS\system32\gesbcjyf.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\buewvecw.dll
C:\WINDOWS\system32\buewvecw.dll NOT unregistered.
C:\WINDOWS\system32\buewvecw.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wneqpd.dll
C:\WINDOWS\system32\wneqpd.dll NOT unregistered.
C:\WINDOWS\system32\wneqpd.dll moved successfully.
C:\WINDOWS\system32\mWvwayxx.ini2 moved successfully.
C:\WINDOWS\system32\NXHklnmp.ini2 moved successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe moved successfully.
File/Folder C:\Program Files\XP Antivirus not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_172833







Kaspersky Online Scanner


Sunday, July 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 02:04:04
Records in database: 950157


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 45388
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 02:39:42

File name Threat name Threats count
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1

C:\System Volume Information\_restore{FB6DB57C-1620-40FA-8A58-CD634488102F}\RP287\A0130209.dll Infected: Trojan.Win32.Monderb.gen 1

C:\System Volume Information\_restore{FB6DB57C-1620-40FA-8A58-CD634488102F}\RP292\A0135588.dll Infected: Trojan.Win32.Monderb.gen 1

C:\System Volume Information\_restore{FB6DB57C-1620-40FA-8A58-CD634488102F}\RP292\A0135589.dll Infected: Trojan.Win32.Monderb.gen 1

C:\_OTMoveIt\MovedFiles\07132008_172833\WINDOWS\system32\wneqpd.dll Infected: Trojan.Win32.Monderb.gen 1
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay great can you please post a new dss log and let me know how things are running?
  • 0

#7
Highfire

Highfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the scan, and thank you for all the help with this :)


Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-14 19:36:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 376 MiB (512 MiB recommended).
System Drive C: has 1.07 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:10 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: {492fb0f3-57da-d62a-79d4-3cc4db26a621} - {126a62bd-4cc3-4d97-a26d-ad753f0bf294} - C:\WINDOWS\system32\nlykhn.dll (file missing)
O2 - BHO: (no name) - {38C562D4-7100-4F9E-A562-E71C185863CD} - C:\WINDOWS\system32\pmnlkHXN.dll (file missing)
O2 - BHO: QXK Rhythm - {744ED899-9428-4EDB-9658-E5E3272D7D39} - C:\WINDOWS\nldfmtapxqm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE428B31-D925-4B7F-836F-DE103BA2BBE6} - C:\WINDOWS\system32\xxyawvWm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: gktxaspm - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - C:\WINDOWS\gktxaspm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [41260257005717053692419391045699] C:\Program Files\XP Antivirus\xpa.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B8E3821-AFBE-4D0F-9E64-CE082131074A} (Gigasoft Pesgo v6) - http://www.kwlemeral...meraldgraph.cab
O16 - DPF: {536600D3-70FE-4C50-92FB-640F6BFC49AD} (TeeChart Pro Activex control v6) - http://www.kwlemeral...S/teechart6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212022465959
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcDuVpm - ddcDuVpm.dll (file missing)
O21 - SSODL: CheckService - {843774ee-4d67-49c8-b861-42109c7f221e} - C:\WINDOWS\Resources\CheckService.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - https://mail.bimbc.c...mg/icon-doc.gif

--
End of file - 8496 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-13 17:38:42 0 d-------- C:\Program Files\Java
2008-07-13 17:38:04 0 d-------- C:\Program Files\Common Files\Java
2008-07-12 14:10:33 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:08:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 21:08:31 0 d-------- C:\Program Files\SpywareBlaster
2008-07-11 19:39:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-11 19:39:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 19:39:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 19:39:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-11 15:30:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-07-10 20:38:33 0 d--h----- C:\$AVG8.VAULT$
2008-07-10 20:35:11 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 20:34:35 0 d-------- C:\Program Files\AVG
2008-07-02 22:14:06 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2008-07-02 22:13:49 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-07-02 20:19:22 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-02 20:19:21 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Find3M Report ---------------------------------------------------------------

2008-07-13 17:38:04 0 d-------- C:\Program Files\Common Files
2008-07-11 20:25:32 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-07-02 20:19:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 18:22:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 18:22:39 0 d-------- C:\Program Files\Symantec
2008-05-23 08:17:56 0 d-------- C:\Program Files\Google
2008-05-21 14:29:27 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-21 14:10:11 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-05-21 10:21:00 2548 --a------ C:\WINDOWS\unins000.dat
2008-05-21 10:19:08 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-19 11:06:41 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-05-19 11:06:41 0 --a------ C:\Program Files\uninstall.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{126a62bd-4cc3-4d97-a26d-ad753f0bf294}]
C:\WINDOWS\system32\nlykhn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38C562D4-7100-4F9E-A562-E71C185863CD}]
C:\WINDOWS\system32\pmnlkHXN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{744ED899-9428-4EDB-9658-E5E3272D7D39}]
C:\WINDOWS\nldfmtapxqm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/10/2008 08:35 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE428B31-D925-4B7F-836F-DE103BA2BBE6}]
C:\WINDOWS\system32\xxyawvWm.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/10/2008 08:35 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [08/04/2004 01:13 AM C:\WINDOWS\system32\tp4serv.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/26/2002 09:05 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/26/2002 08:45 AM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [08/31/2003 11:34 PM]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 04:32 PM]
"LTSMMSG"="LTSMMSG.exe" [08/02/2001 08:28 PM C:\WINDOWS\LTSMMSG.exe]
"TP4EX"="tp4ex.exe" [09/04/2002 02:05 AM C:\WINDOWS\system32\TP4EX.exe]
"TP2000TRAY"="" []
"AGRSMMSG"="AGRSMMSG.exe" [06/27/2003 06:53 AM C:\WINDOWS\AGRSMMSG.exe]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [07/19/2005 11:06 AM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [09/04/2007 03:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"D066UUtility"="C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE" [07/06/2000 01:15 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/10/2008 08:34 PM]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [04/19/2004 09:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [07/19/2005 11:14 AM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [09/04/2007 03:54 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/08/2008 09:13 PM]
"41260257005717053692419391045699"="C:\Program Files\XP Antivirus\xpa.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [4/10/2007 7:18:57 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/15/2008 9:53:29 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckService"= {843774ee-4d67-49c8-b861-42109c7f221e} - C:\WINDOWS\Resources\CheckService.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDuVpm]
ddcDuVpm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avgfws8"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df68cc0-be4c-11dc-ad76-0013469e50ec}]
AutoRun\command- F:\wd_windows_tools\setup.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-07-14 19:38:31 ------------
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Highfire

Highfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the scan from Kaspersky, it didnt show any infected objects, and there are no longer any popups!
Thank you kahdah for all your help with this :)



KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 15, 2008 16:05:05
Records in database: 956227


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 32494
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:39:59

No malware has been detected. The scan area is clean.
The selected area was scanned.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please post one more Hijackthis log and we will wrap it up.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP