Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown malware maybe antivirus 2009? Need some help [CLOSED]

Started by dan19666 , Jul 26 2008 09:28 AM

  • This topic is locked This topic is locked

#1
dan19666
Posted 26 July 2008 - 09:28 AM

dan19666

    New Member

  • Member
  • Pip
  • 8 posts
HI everyone. I have run kaspersky, avg, spybot, and spyware blaster. I think I got some of it but something still isn't right. I'm still getting occasional popups and computer slow could someone PLEASE look at my file. Thank you Bobbi


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:52 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dan\My Documents\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ebay.c...assZoldstufftwo
F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O2 - BHO: (no name) - {3E62B6AA-A7BB-4817-9B5F-3D9EE195CC6F} - C:\WINDOWS\system32\wvUkHYrO.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {4c417e86-592d-2f59-3c74-aac5b168ca5e} - {e5ac861b-5caa-47c3-95f2-d29568e714c4} - C:\WINDOWS\system32\fevvag.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...5.14/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg...ol_v1-0-3-0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqnomj - urqnomj.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 17587 bytes
  • 0

Advertisements

#2
Essexboy
Posted 26 July 2008 - 03:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there it appears that spybot is not able to delete them - so let me have a go :)

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O2 - BHO: (no name) - {3E62B6AA-A7BB-4817-9B5F-3D9EE195CC6F} - C:\WINDOWS\system32\wvUkHYrO.dll (file missing)
O2 - BHO: {4c417e86-592d-2f59-3c74-aac5b168ca5e} - {e5ac861b-5caa-47c3-95f2-d29568e714c4} - C:\WINDOWS\system32\fevvag.dll
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O20 - Winlogon Notify: urqnomj - urqnomj.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ljjgh.exe
C:\WINDOWS\system32\wvUkHYrO.dll 
C:\WINDOWS\system32\fevvag.dll
C:\WINDOWS\system32\dudgtcdc.dll
C:\WINDOWS\system32\snxfmvog.dll
C:\Program Files\Performanceoptimizer (Free)
C:\WINDOWS\system32\wvUkHYrO.dll_old
C:\WINDOWS\system32\snxfmvog.dll_old
C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
dan19666
Posted 27 July 2008 - 12:59 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi thanks for your help. I deleted the files off Hijack this, I downloaded OTMoveIt2 by OldTimer. But it won't let me open the file. Windows error. Bobbi
  • 0

#4
Essexboy
Posted 27 July 2008 - 02:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK continue on with the Combofix segment
  • 0

#5
dan19666
Posted 27 July 2008 - 04:06 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I could not load the recoery operation. This is the log from combo fix..

ComboFix 08-07-27.2 - Dan 2008-07-27 16:17:19.1 - NTFSx86
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\#SharedObjects\SD2ZXNTT\interclick.com
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\#SharedObjects\SD2ZXNTT\interclick.com\ud.sol
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\ISM2
C:\Program Files\Performanceoptimizer (Free)
C:\Program Files\Performanceoptimizer (Free)\Download\dbtunezb\Update.exe
C:\WINDOWS\BM27e87fa6.txt
C:\WINDOWS\bundles
C:\WINDOWS\bundles\CSV7P070.exe
C:\WINDOWS\bundles\dealhelper.exe
C:\WINDOWS\bundles\ez_advolt.exe
C:\WINDOWS\bundles\optimizejames.exe
C:\WINDOWS\bundles\Setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\temp
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\aprriaov.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cdctgdud.ini
C:\WINDOWS\system32\cjprofym.ini
C:\WINDOWS\system32\dudgtcdc.dll
C:\WINDOWS\system32\fevvag.dll
C:\WINDOWS\system32\hgjjl.ini
C:\WINDOWS\system32\hgjjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\OrYHkUvw.ini
C:\WINDOWS\system32\OrYHkUvw.ini2
C:\WINDOWS\system32\pfmqbpqe.dll
C:\WINDOWS\system32\usqdyqgv.dll
C:\WINDOWS\system32\xybay.ini
C:\WINDOWS\system32\xybay.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-26 10:24 . 2008-07-26 10:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 11:58 . 2008-07-25 11:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 11:58 . 2008-07-25 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 12:50 . 2008-07-24 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-24 12:48 . 2008-07-24 12:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-24 12:48 . 2008-07-24 12:48 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
2008-07-24 12:46 . 2008-07-24 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 19:33 . 2008-07-25 15:42 111,483 --a------ C:\WINDOWS\BM27e87fa6.xml
2008-07-23 19:25 . 2008-07-23 19:25 0 --a------ C:\END
2008-07-05 17:20 . 2008-07-05 17:20 268 --ah----- C:\sqmdata00.sqm
2008-07-05 17:20 . 2008-07-05 17:20 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 21:06 --------- d-----w C:\Documents and Settings\Dan\Application Data\OpenOffice.org2
2008-07-25 16:53 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-18 01:53 --------- d-----w C:\Program Files\MSN Messenger
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:18 --------- d-----w C:\Documents and Settings\Dan\Application Data\Image Zone Express
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB460"="command" [X]
"SpybotDeletingD3854"="del" [X]
"SpybotDeletingB9659"="command" [X]
"SpybotDeletingD8089"="del" [X]
"SpybotDeletingB2992"="command" [X]
"SpybotDeletingD7792"="del" [X]
"SpybotDeletingB6454"="command" [X]
"SpybotDeletingD2831"="del" [X]
"SpybotDeletingB8668"="command" [X]
"SpybotDeletingD3198"="del" [X]
"SpybotDeletingB5132"="command" [X]
"SpybotDeletingD685"="del" [X]
"SpybotDeletingB7120"="command" [X]
"SpybotDeletingD7925"="del" [X]
"SpybotDeletingB6814"="command" [X]
"SpybotDeletingD3507"="del" [X]
"SpybotDeletingB6830"="command" [X]
"SpybotDeletingD1809"="del" [X]
"SpybotDeletingB5309"="command" [X]
"SpybotDeletingD6788"="del" [X]
"SpybotDeletingB2830"="command" [X]
"SpybotDeletingD5462"="del" [X]
"SpybotDeletingB6912"="command" [X]
"SpybotDeletingD9731"="del" [X]
"SpybotDeletingB5437"="command" [X]
"SpybotDeletingD3902"="del" [X]
"SpybotDeletingB2423"="command" [X]
"SpybotDeletingD3576"="del" [X]
"SpybotDeletingB7315"="command" [X]
"SpybotDeletingD451"="del" [X]
"SpybotDeletingB1907"="command" [X]
"SpybotDeletingD9167"="del" [X]
"SpybotDeletingB5339"="command" [X]
"SpybotDeletingD9814"="del" [X]
"SpybotDeletingB8433"="command" [X]
"SpybotDeletingD2409"="del" [X]
"SpybotDeletingB2896"="command" [X]
"SpybotDeletingD974"="del" [X]
"SpybotDeletingB517"="command" [X]
"SpybotDeletingD7287"="del" [X]
"SpybotDeletingB7335"="command" [X]
"SpybotDeletingD261"="del" [X]
"SpybotDeletingB1507"="command" [X]
"SpybotDeletingD3659"="del" [X]
"SpybotDeletingB1844"="command" [X]
"SpybotDeletingD5716"="del" [X]
"SpybotDeletingB3259"="command" [X]
"SpybotDeletingD1216"="del" [X]
"SpybotDeletingB4132"="command" [X]
"SpybotDeletingD2729"="del" [X]
"SpybotDeletingB6579"="command" [X]
"SpybotDeletingD9753"="del" [X]
"SpybotDeletingB9876"="command" [X]
"SpybotDeletingD3160"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18 49152]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-07-12 00:17 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 11:23 45056 C:\WINDOWS\system32\ico.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7503"="del" [X]
"SpybotDeletingA8919"="command" [X]
"SpybotDeletingC6226"="del" [X]
"SpybotDeletingA9103"="command" [X]
"SpybotDeletingC3396"="del" [X]
"SpybotDeletingA4173"="command" [X]
"SpybotDeletingC5787"="del" [X]
"SpybotDeletingA6702"="command" [X]
"SpybotDeletingC8100"="del" [X]
"SpybotDeletingA8775"="command" [X]
"SpybotDeletingC1187"="del" [X]
"SpybotDeletingA996"="command" [X]
"SpybotDeletingC6463"="del" [X]
"SpybotDeletingA7699"="command" [X]
"SpybotDeletingC8359"="del" [X]
"SpybotDeletingA7513"="command" [X]
"SpybotDeletingC6566"="del" [X]
"SpybotDeletingA7108"="command" [X]
"SpybotDeletingC4385"="del" [X]
"SpybotDeletingA5466"="command" [X]
"SpybotDeletingC4363"="del" [X]
"SpybotDeletingA5959"="command" [X]
"SpybotDeletingC9959"="del" [X]
"SpybotDeletingA2071"="command" [X]
"SpybotDeletingC3071"="del" [X]
"SpybotDeletingA2466"="command" [X]
"SpybotDeletingC717"="del" [X]
"SpybotDeletingA6532"="command" [X]
"SpybotDeletingC4852"="del" [X]
"SpybotDeletingC4019"="del" [X]
"SpybotDeletingA6001"="command" [X]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 09:42 4891472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ljjgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\FileZilla\\filezilla.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Dan\\My Documents\\limewire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2001-12-13 14:53]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2002-01-31 18:28]
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-27 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-24db4c3a - C:\WINDOWS\system32\dudgtcdc.dll
HKLM-Run-BM27e87fa6 - C:\WINDOWS\system32\snxfmvog.dll
HKLM-Run-windows auto update - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.ebay.com/_W0QQfgtpZ1QQfrppZ25QQsassZoldstufftwo
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
O8 -: C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll//iemenu
O8 -: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 -: &Get Gutcheck
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan\Start Menu\Programs\IMVU\Run IMVU.lnk

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 16:40:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-07-27 16:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 21:55:42

Pre-Run: 242,896,896 bytes free
Post-Run: 358,469,632 bytes free

289 --- E O F --- 2008-07-10 08:02:51




THis is the hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:37 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ebay.c...assZoldstufftwo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...5.14/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg...ol_v1-0-3-0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 17155 bytes
  • 0

#6
Essexboy
Posted 28 July 2008 - 12:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you please turn off teatimer as it is restoring the malware registry entries

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\BM27e87fa6.xml
C:\WINDOWS\system32\ljjgh.exe
C:\WINDOWS\system32\dudgtcdc.dll
C:\WINDOWS\system32\snxfmvog.dll

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
dan19666
Posted 28 July 2008 - 01:49 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 08-07-27.2 - Dan 2008-07-28 14:15:44.2 - NTFSx86
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM27e87fa6.xml
C:\WINDOWS\system32\dudgtcdc.dll
C:\WINDOWS\system32\ljjgh.exe
C:\WINDOWS\system32\snxfmvog.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM27e87fa6.xml

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-26 10:24 . 2008-07-26 10:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 11:58 . 2008-07-25 11:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 11:58 . 2008-07-25 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 12:50 . 2008-07-24 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-24 12:48 . 2008-07-24 12:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-24 12:48 . 2008-07-24 12:48 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
2008-07-24 12:46 . 2008-07-24 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 19:25 . 2008-07-23 19:25 0 --a------ C:\END
2008-07-05 17:20 . 2008-07-05 17:20 268 --ah----- C:\sqmdata00.sqm
2008-07-05 17:20 . 2008-07-05 17:20 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 18:58 --------- d-----w C:\Documents and Settings\Dan\Application Data\OpenOffice.org2
2008-07-25 16:53 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-18 01:53 --------- d-----w C:\Program Files\MSN Messenger
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:18 --------- d-----w C:\Documents and Settings\Dan\Application Data\Image Zone Express
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB460"="command" [X]
"SpybotDeletingD3854"="del" [X]
"SpybotDeletingB9659"="command" [X]
"SpybotDeletingD8089"="del" [X]
"SpybotDeletingB2992"="command" [X]
"SpybotDeletingD7792"="del" [X]
"SpybotDeletingB6454"="command" [X]
"SpybotDeletingD2831"="del" [X]
"SpybotDeletingB8668"="command" [X]
"SpybotDeletingD3198"="del" [X]
"SpybotDeletingB5132"="command" [X]
"SpybotDeletingD685"="del" [X]
"SpybotDeletingB7120"="command" [X]
"SpybotDeletingD7925"="del" [X]
"SpybotDeletingB6814"="command" [X]
"SpybotDeletingD3507"="del" [X]
"SpybotDeletingB6830"="command" [X]
"SpybotDeletingD1809"="del" [X]
"SpybotDeletingB5309"="command" [X]
"SpybotDeletingD6788"="del" [X]
"SpybotDeletingB2830"="command" [X]
"SpybotDeletingD5462"="del" [X]
"SpybotDeletingB6912"="command" [X]
"SpybotDeletingD9731"="del" [X]
"SpybotDeletingB5437"="command" [X]
"SpybotDeletingD3902"="del" [X]
"SpybotDeletingB2423"="command" [X]
"SpybotDeletingD3576"="del" [X]
"SpybotDeletingB7315"="command" [X]
"SpybotDeletingD451"="del" [X]
"SpybotDeletingB1907"="command" [X]
"SpybotDeletingD9167"="del" [X]
"SpybotDeletingB5339"="command" [X]
"SpybotDeletingD9814"="del" [X]
"SpybotDeletingB8433"="command" [X]
"SpybotDeletingD2409"="del" [X]
"SpybotDeletingB2896"="command" [X]
"SpybotDeletingD974"="del" [X]
"SpybotDeletingB517"="command" [X]
"SpybotDeletingD7287"="del" [X]
"SpybotDeletingB7335"="command" [X]
"SpybotDeletingD261"="del" [X]
"SpybotDeletingB1507"="command" [X]
"SpybotDeletingD3659"="del" [X]
"SpybotDeletingB1844"="command" [X]
"SpybotDeletingD5716"="del" [X]
"SpybotDeletingB3259"="command" [X]
"SpybotDeletingD1216"="del" [X]
"SpybotDeletingB4132"="command" [X]
"SpybotDeletingD2729"="del" [X]
"SpybotDeletingB6579"="command" [X]
"SpybotDeletingD9753"="del" [X]
"SpybotDeletingB9876"="command" [X]
"SpybotDeletingD3160"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18 49152]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-07-12 00:17 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 11:23 45056 C:\WINDOWS\system32\ico.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"windows auto update"="" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\FileZilla\\filezilla.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Dan\\My Documents\\limewire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2001-12-13 14:53]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2002-01-31 18:28]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 14:21:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-28 14:31:47
ComboFix-quarantined-files.txt 2008-07-28 19:31:20
ComboFix2.txt 2008-07-27 21:56:04

Pre-Run: 409,055,232 bytes free
Post-Run: 401,555,456 bytes free

175 --- E O F --- 2008-07-10 08:02:51


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:39 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ebay.c...assZoldstufftwo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...5.14/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg...ol_v1-0-3-0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 17108 bytes
  • 0

#8
Essexboy
Posted 28 July 2008 - 03:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Teatimer is still running and preventing me from fixing the problems, could you please turn it off

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


THEN RE-DO THE HIJACKTHIS FIX

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: load=C:\WINDOWS\system32\ljjgh.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3160] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#9
dan19666
Posted 28 July 2008 - 04:03 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

5:01:46 PM 7/28/2008
mbam-log-7-28-2008 (17-01-46).txt

Scan type: Quick Scan
Objects scanned: 46300
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#10
Essexboy
Posted 28 July 2008 - 04:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks better - how is your system running now ?
  • 0

Advertisements

#11
dan19666
Posted 28 July 2008 - 04:42 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
HI the tea timer is off however I keep getting the attempted registry changes at start up. I'm also getting about 25 pop up windows at start up that say " 16 BIT MS DOS SUBSYSTEM, C:/WINDOWS/SYSTEM 32/COMMAND.COM, C:/WINDOWS32/AUTOEXEC.NT, THE SYSTEM FILE NOT SUITABLE FOR RUNNING MS DOS AND MICROSOFT WINDOWS APPLICATION.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:17 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ebay.c...assZoldstufftwo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24db4c3a] rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b
O4 - HKLM\..\Run: [BM27e87fa6] Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC7503] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8919] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6226] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4173] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5787] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6702] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8100] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8775] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1187] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA996] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6463] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7699] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6566] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7108] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4385] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5466] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4363] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5959] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9959] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2071] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3071] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2466] command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC717] cmd /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6532] command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4852] cmd /c del "C:\WINDOWS\system32\snxfmvog.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC4019] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB460] command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3854] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9659] command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8089] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2992] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7792] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6454] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2831] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8668] command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3198] cmd /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5132] command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD685] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7925] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3507] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1809] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5309] command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6788] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2830] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5462] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9731] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3902] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2423] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3576] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7315] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9167] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5339] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9814] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8433] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2896] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD974] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB517] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7335] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD261] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3659] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1844] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5716] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3259] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1216] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4132] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2729] cmd /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6579] command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...5.14/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg...ol_v1-0-3-0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 16774 bytes
  • 0

#12
dan19666
Posted 28 July 2008 - 04:51 PM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
mAYBE i SHOULD JUST UNINSTALL SPYBOT???
  • 0

#13
Essexboy
Posted 29 July 2008 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please uninstall spybot and then

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#14
dan19666
Posted 30 July 2008 - 10:34 AM

dan19666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[code=auto:0]OTScanIt logfile created on: 7/30/2008 11:32:17 AM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Dan\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 64.36 Mb Available Physical Memory | 28.80% Memory free
855.74 Mb Paging File | 309.51 Mb Available in Paging File | 36.17% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 0.12 Gb Free Space | 0.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-QMHTWTU0R5L
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 12:05:02 PM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 8:22:50 PM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 329104 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ]
client.exe -> %ProgramFiles%\DHL\EasyShip Connect\client.exe -> DHL [Ver = 2.0.51.0 | Size = 2732032 bytes | Modified Date = 10/11/2007 2:16:50 PM | Attr = ]
java.exe -> %SystemRoot%\system32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ]
zoombrowser.exe -> %ProgramFiles%\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe -> [Ver = 5.6.0.27 | Size = 122976 bytes | Modified Date = 11/16/2005 9:52:04 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 8:22:50 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 12:05:02 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
24db4c3a -> %SystemRoot%\system32\dudgtcdc.DLL [rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b] -> File not found
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 12:01:56 PM | Attr = ]
BM27e87fa6 -> %SystemRoot%\system32\snxfmvog.DLL [Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s] -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 61.0.163.000 | Size = 49152 bytes | Modified Date = 12/15/2005 12:18:50 PM | Attr = ]
Mouse Suite 98 Daemon -> %SystemRoot%\system32\ico.exe [ICO.EXE] -> Primax Electronics Ltd. [Ver = 1, 0, 0, 7 | Size = 45056 bytes | Modified Date = 8/23/2001 11:23:10 AM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Avance Logic, Inc. [Ver = 5.0.02 | Size = 46592 bytes | Modified Date = 7/12/2002 12:17:52 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
VTPreset -> %SystemRoot%\system32\VTPreset.exe [VTPreset.exe] -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 2/24/2004 8:17:18 PM | Attr = ]
windows auto update -> [] -> File not found
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck] -> Safer Networking Limited [Ver = 1, 6, 0, 30 | Size = 4891472 bytes | Modified Date = 7/7/2008 9:42:04 AM | Attr = ]
SpybotDeletingA2071 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA2466 -> %SystemRoot%\system32\command.com [command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA4173 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA5466 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA5959 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA6001 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA6532 -> %SystemRoot%\system32\command.com [command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA6702 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA7108 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA7513 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA7699 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA8775 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA8919 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA9103 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingA996 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
SpybotDeletingB1507 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB1844 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB1907 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2423 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2896 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2992 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB3259 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB4132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB460 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB517 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5309 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5339 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5437 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6454 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6579 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6814 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6912 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7120 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7315 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7335 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB8433 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB8668 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB9659 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB9876 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\ljjgh.exe -> %SystemRoot%\system32\ljjgh.exe -> File not found
*MultiFile Done* -> ->
< Run [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ]
< RunOnce [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
SpybotDeletingB1507 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB1844 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB1907 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2423 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2896 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB2992 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB3259 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB4132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB460 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB517 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5309 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5339 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB5437 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6454 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6579 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6814 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB6912 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7120 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7315 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB7335 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB8433 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB8668 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB9659 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
SpybotDeletingB9876 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"] -> [Ver = | Size = 50620 bytes | Modified Date = 9/3/2002 11:29:11 AM | Attr = ]
< Windows NT\\Load [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\ljjgh.exe -> %SystemRoot%\system32\ljjgh.exe -> File not found
*MultiFile Done* -> ->
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 61.0.163.000 | Size = 282624 bytes | Modified Date = 12/15/2005 11:40:44 AM | Attr = ]
< Dan Startup Folder > -> C:\Documents and Settings\Dan\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\IMVU.lnk -> %ProgramFiles%\IMVU\IMVUClient.exe -> File not found
%UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> %ProgramFiles%\OpenOffice.org 2.3\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 8/17/2007 10:57:56 PM | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Mad Startup Folder > -> C:\Documents and Settings\Mad\Start Menu\Programs\Startup ->
< QBDataServiceUser Startup Folder > -> C:\Documents and Settings\QBDataServiceUser\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:59:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CD-ROM_CDU5211_____________________YYS7____\5&2dfcc752&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://search.ebay.com/_W0QQfgtpZ1QQfrppZ25QQsassZoldstufftwo ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: Main\\Start Page -> http://search.ebay.com/_W0QQfgtpZ1QQfrppZ25QQsassZoldstufftwo ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE�
  • 0

#15
Essexboy
Posted 30 July 2008 - 01:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I did not get the full report but there should be sufficient for a partial fix. On completion please re-run OTScanit and attach the file

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 24db4c3a -> %SystemRoot%\system32\dudgtcdc.DLL [rundll32.exe "C:\WINDOWS\system32\dudgtcdc.dll",b]
YN -> BM27e87fa6 -> %SystemRoot%\system32\snxfmvog.DLL [Rundll32.exe "C:\WINDOWS\system32\snxfmvog.dll",s]
YN -> windows auto update -> []
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck]
YY -> SpybotDeletingA2071 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"]
YY -> SpybotDeletingA2466 -> %SystemRoot%\system32\command.com [command /c del "C:\WINDOWS\system32\wvUkHYrO.dll_old"]
YY -> SpybotDeletingA4173 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"]
YY -> SpybotDeletingA5466 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"]
YY -> SpybotDeletingA5959 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"]
YY -> SpybotDeletingA6001 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"]
YY -> SpybotDeletingA6532 -> %SystemRoot%\system32\command.com [command /c del "C:\WINDOWS\system32\snxfmvog.dll_old"]
YY -> SpybotDeletingA6702 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"]
YY -> SpybotDeletingA7108 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"]
YY -> SpybotDeletingA7513 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"]
YY -> SpybotDeletingA7699 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"]
YY -> SpybotDeletingA8775 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"]
YY -> SpybotDeletingA8919 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"]
YY -> SpybotDeletingA9103 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"]
YY -> SpybotDeletingA996 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> SpybotDeletingB1507 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"]
YY -> SpybotDeletingB1844 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"]
YY -> SpybotDeletingB1907 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"]
YY -> SpybotDeletingB2423 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"]
YY -> SpybotDeletingB2830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"]
YY -> SpybotDeletingB2896 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"]
YY -> SpybotDeletingB2992 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"]
YY -> SpybotDeletingB3259 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"]
YY -> SpybotDeletingB4132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"]
YY -> SpybotDeletingB460 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"]
YY -> SpybotDeletingB5132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"]
YY -> SpybotDeletingB517 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"]
YY -> SpybotDeletingB5309 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"]
YY -> SpybotDeletingB5339 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"]
YY -> SpybotDeletingB5437 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"]
YY -> SpybotDeletingB6454 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"]
YY -> SpybotDeletingB6579 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"]
YY -> SpybotDeletingB6814 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"]
YY -> SpybotDeletingB6830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"]
YY -> SpybotDeletingB6912 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"]
YY -> SpybotDeletingB7120 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"]
YY -> SpybotDeletingB7315 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"]
YY -> SpybotDeletingB7335 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"]
YY -> SpybotDeletingB8433 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"]
YY -> SpybotDeletingB8668 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"]
YY -> SpybotDeletingB9659 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"]
YY -> SpybotDeletingB9876 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\ljjgh.exe -> %SystemRoot%\system32\ljjgh.exe
< Run [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe]
< RunOnce [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> SpybotDeletingB1507 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg"]
YY -> SpybotDeletingB1844 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg"]
YY -> SpybotDeletingB1907 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg"]
YY -> SpybotDeletingB2423 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg"]
YY -> SpybotDeletingB2830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg"]
YY -> SpybotDeletingB2896 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg"]
YY -> SpybotDeletingB2992 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk"]
YY -> SpybotDeletingB3259 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg"]
YY -> SpybotDeletingB4132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg"]
YY -> SpybotDeletingB460 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe"]
YY -> SpybotDeletingB5132 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp"]
YY -> SpybotDeletingB517 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg"]
YY -> SpybotDeletingB5309 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\sload.sbd"]
YY -> SpybotDeletingB5339 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg"]
YY -> SpybotDeletingB5437 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg"]
YY -> SpybotDeletingB6454 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk"]
YY -> SpybotDeletingB6579 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg"]
YY -> SpybotDeletingB6814 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url"]
YY -> SpybotDeletingB6830 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url"]
YY -> SpybotDeletingB6912 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg"]
YY -> SpybotDeletingB7120 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe"]
YY -> SpybotDeletingB7315 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg"]
YY -> SpybotDeletingB7335 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg"]
YY -> SpybotDeletingB8433 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg"]
YY -> SpybotDeletingB8668 -> %SystemRoot%\system32\command.com [command /c del "C:\Documents and Settings\Dan\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk"]
YY -> SpybotDeletingB9659 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe"]
YY -> SpybotDeletingB9876 -> %SystemRoot%\system32\command.com [command /c del "C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg"]
< Windows NT\\Load [HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-448539723-706699826-1708537768-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\ljjgh.exe -> %SystemRoot%\system32\ljjgh.exe
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP