Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS! [RESOLVED]


  • This topic is locked This topic is locked

#1
midtown1

midtown1

    Member

  • Member
  • PipPip
  • 20 posts
every time i turn on my computer...i get a rectangular box with a message.."spyware detected on your computer. Please install a antivirus or spyware remover to clean your computer"..with a blue backround. Also it wont let me see the rest of my programs on my start menu, and theres a VIRUS ALERT! on the bottom right hand corner...

Anyone please help! thanx! i have windows xp.
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

* Download Trend Micro Hijack This™
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
  • 0

#3
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok this is what came up on my notepad......



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31: VIRUS ALERT!, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1162349349\ee\aolsoftware.exe
C:\Program Files\rhclnej0er69\rhclnej0er69.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\pphcgnej0er69.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qndsfmao - {F4A52746-813B-4276-A8D7-E2ABD0C8C8A8} - C:\WINDOWS\qndsfmao.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.EXE" /pause
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [QuickTime Task] "F:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\29.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe] C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\29.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [lphcgnej0er69] C:\WINDOWS\system32\lphcgnej0er69.exe
O4 - HKLM\..\Run: [SMrhclnej0er69] C:\Program Files\rhclnej0er69\rhclnej0er69.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\29.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\QuickPhrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Twins\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162176015077
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: bxvnkv.dll swvulq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwssvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://youtube.com/i..._over_20x20.gif
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9085 bytes
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#5
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok everytime i click the "save list" button it clicks out of the hijackthis program...any suggestions?
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to midtown.exe and try again. That should work :)
  • 0

#7
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
how do i do that? :)
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Go to the C:\Program Files\Trend Micro\HijackThis folder, find HijackThis.exe in there, rightclick HijackThis.exe and choose rename. Then rename it to midtown.exe
Make sure HijacckThis is not open while you rename it.
Then doubleclick midtown.exe (which is actually HijackThis.exe) and perform my previous step.
  • 0

#9
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok so this is what im clicking.....

on the main menu im clicking "open the misc tools section"
after that im clicking the "open uninstall manager"
then after that i click "save list" but is just clicks out of the hijackthis program.. :)
  • 0

#10
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Did you rename HijackThis first?
Nevermind, let's do something else - because I really need to see the Uninstall list.

Do next please..

* Download Deckard's System Scanner to your Desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - main.txt
  • Post the contents of this log in your next reply. Also post the extra.txt present in that folder. (use a new reply in this thread for that since both logs won't fit in one reply)

  • 0

Advertisements


#11
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok this is what came up on the main.txt...

Deckard's System Scanner v20071014.68
Run by Twins on 2008-08-05 12:30:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-08-05 19:31:13 UTC - RP524 - Deckard's System Scanner Restore Point
37: 2008-08-04 00:58:17 UTC - RP523 - System Checkpoint
36: 2008-07-28 05:51:29 UTC - RP522 - System Checkpoint
35: 2008-07-25 21:43:07 UTC - RP521 - Installed Ad-Aware
34: 2008-07-25 21:40:38 UTC - RP520 - Removed Ad-Aware SE Professional


-- First Restore Point --
1: 2008-07-21 23:32:12 UTC - RP487 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Twins.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41: VIRUS ALERT!, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\qttask.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\rhclnej0er69\rhclnej0er69.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1162349349\ee\aolsoftware.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\pphcgnej0er69.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Twins\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Twins.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: {6d566ece-98fb-e4a9-a8b4-285514291dd4} - {4dd19241-5582-4b8a-9a4e-bf89ece665d6} - C:\WINDOWS\system32\cgrkah.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {6A10732F-BDB9-48B3-9DF7-622478AD74FC} - C:\WINDOWS\system32\awtsSigE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7733C0C4-DA4C-427F-99DA-AC46AB264C9C} - C:\WINDOWS\system32\hgGwTLfe.dll
O2 - BHO: QXK Olive - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QXK Olive - {BD19D8FE-624C-4259-8342-C2922F51EC2E} - C:\WINDOWS\kgxmotaptbp.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qndsfmao - {F4A52746-813B-4276-A8D7-E2ABD0C8C8A8} - C:\WINDOWS\qndsfmao.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.EXE" /pause
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [QuickTime Task] "F:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\29.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe] C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\29.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [lphcgnej0er69] C:\WINDOWS\system32\lphcgnej0er69.exe
O4 - HKLM\..\Run: [SMrhclnej0er69] C:\Program Files\rhclnej0er69\rhclnej0er69.exe
O4 - HKLM\..\Run: [105dddc6] rundll32.exe "C:\WINDOWS\system32\bsxtjkbo.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\29.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\QuickPhrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Twins\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162176015077
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: bxvnkv.dll swvulq.dll
O20 - Winlogon Notify: awtsSigE - C:\WINDOWS\SYSTEM32\awtsSigE.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwssvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://youtube.com/i..._over_20x20.gif
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10518 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 rllahnvp - c:\windows\system32\drivers\aruocjth.dat

S3 lgatbus (LG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\lgatbus.sys <Not Verified; MCCI; LG USB Composite Device>
S3 lgatmdm (LG CDMA USB Modem Drivers) - c:\windows\system32\drivers\lgatmdm.sys <Not Verified; MCCI; LG CDMA USB Modem>
S3 lgatserd (LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)) - c:\windows\system32\drivers\lgatserd.sys <Not Verified; MCCI; LG CDMA USB Modem Diagnostic Serial Port>
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\29.bin\mwssvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-05 12:01:33 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-25 15:00:06 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-23 21:26:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-18 03:30:00 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 00:39:02 120960 --a------ C:\WINDOWS\system32\cgrkah.dll
2008-08-05 00:39:00 120960 --a------ C:\WINDOWS\system32\xnmpkvfc.dll
2008-08-05 00:38:14 99200 --a------ C:\WINDOWS\system32\bsxtjkbo.dll
2008-08-04 00:29:35 0 d-------- C:\Program Files\Trend Micro
2008-08-03 17:07:40 130432 --a------ C:\WINDOWS\system32\swvulq.dll
2008-08-03 17:07:37 130432 --a------ C:\WINDOWS\system32\afpyfpjc.dll
2008-08-03 17:06:52 98688 --a------ C:\WINDOWS\system32\gpcomspj.dll
2008-08-02 15:06:15 130432 --a------ C:\WINDOWS\system32\bxvnkv.dll
2008-08-02 15:06:08 130432 --a------ C:\WINDOWS\system32\kbvqfrih.dll
2008-07-27 18:25:53 116352 --a------ C:\WINDOWS\system32\qlowoo.dll
2008-07-27 18:25:51 116352 --a------ C:\WINDOWS\system32\dlygybge.dll
2008-07-25 14:44:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 14:30:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 18:23:48 116864 --a------ C:\WINDOWS\system32\nigrny.dll
2008-07-24 18:23:47 116864 --a------ C:\WINDOWS\system32\ealomjxx.dll
2008-07-23 20:23:40 0 d-------- C:\Documents and Settings\Twins\Application Data\AVGTOOLBAR
2008-07-23 20:22:29 0 d-------- C:\Program Files\AVG
2008-07-23 20:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 13:00:58 116864 --a------ C:\WINDOWS\system32\stwdmy.dll
2008-07-23 13:00:58 116864 --a------ C:\WINDOWS\system32\olubseqq.dll
2008-07-23 12:16:35 116864 --a------ C:\WINDOWS\system32\witwaz.dll
2008-07-23 12:16:32 116864 --a------ C:\WINDOWS\system32\hrxfjcyk.dll
2008-07-23 12:08:04 0 d-------- C:\WINDOWS\privacy_danger
2008-07-23 11:51:54 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-07-23 11:51:54 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-07-23 11:51:54 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-23 11:51:54 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-23 11:51:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-07-23 11:51:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-23 11:51:54 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-07-23 11:51:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-07-23 11:51:54 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-23 11:51:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-23 11:51:54 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-23 11:51:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-07-23 11:51:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-23 11:51:53 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-21 23:33:41 116864 --a------ C:\WINDOWS\system32\goktnj.dll
2008-07-21 23:33:40 116864 --a------ C:\WINDOWS\system32\mutacsbv.dll
2008-07-21 23:25:16 0 d-------- C:\Documents and Settings\Twins\Application Data\Viewpoint
2008-07-21 16:32:44 4218880 --a------ C:\Documents and Settings\Twins\ntuser.dat
2008-07-21 16:32:32 606208 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-21 16:17:04 788256 --ahs---- C:\WINDOWS\system32\efLTwGgh.ini2
2008-07-21 16:15:15 322304 --a------ C:\WINDOWS\system32\hgGwTLfe.dll
2008-07-21 16:09:47 94208 --a------ C:\WINDOWS\system32\pphcgnej0er69.exe
2008-07-21 16:09:45 33152 --a------ C:\WINDOWS\system32\xxyxYrSL.dll
2008-07-21 16:09:45 0 d-------- C:\Documents and Settings\Twins\Application Data\rhclnej0er69
2008-07-21 16:09:44 33152 --a------ C:\WINDOWS\system32\awtsSigE.dll
2008-07-21 16:09:04 0 d-------- C:\Documents and Settings\Twins\Application Data\TmpRecentIcons
2008-07-21 16:08:09 454656 --a------ C:\WINDOWS\kgxmotapktx.dll
2008-07-21 16:08:09 163840 --a------ C:\WINDOWS\erms.exe
2008-07-21 16:07:50 0 d-------- C:\Program Files\rhclnej0er69
2008-07-21 16:06:58 60928 --a------ C:\WINDOWS\system32\blphcgnej0er69.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-21 16:06:53 192512 --a------ C:\WINDOWS\qndsfmao.dll
2008-07-21 16:06:53 372736 --a------ C:\WINDOWS\kvxqmtre.dll
2008-07-21 16:06:53 438272 --a------ C:\WINDOWS\kgxmotaptbp.dll
2008-07-21 16:06:53 262144 --a------ C:\WINDOWS\evgratsm.dll
2008-07-21 16:06:53 163840 --a------ C:\WINDOWS\edel.exe
2008-07-21 16:06:53 102400 --a------ C:\WINDOWS\agpqlrfm.exe


-- Find3M Report ---------------------------------------------------------------

2008-07-25 14:44:18 0 d-------- C:\Program Files\Lavasoft
2008-07-25 14:30:54 0 d-------- C:\Program Files\Common Files
2008-07-21 20:03:15 0 d-------- C:\Documents and Settings\Twins\Application Data\Starware367
2008-07-21 19:59:24 0 d-------- C:\Program Files\Viewpoint
2008-07-20 20:29:41 0 d-------- C:\Documents and Settings\Twins\Application Data\LimeWire
2008-07-11 16:23:23 0 d-------- C:\Program Files\Broderbund
2008-07-11 16:21:17 0 d-------- C:\Program Files\Coupons
2008-06-19 02:11:14 0 d-------- C:\Documents and Settings\Twins\Application Data\Mozilla
2008-06-03 21:19:36 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-05-13 13:02:20 2041 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4dd19241-5582-4b8a-9a4e-bf89ece665d6}]
08/05/2008 00:39: VIRUS ALERT! 120960 --a------ C:\WINDOWS\system32\cgrkah.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A10732F-BDB9-48B3-9DF7-622478AD74FC}]
07/21/2008 16:09: VIRUS ALERT! 33152 --a------ C:\WINDOWS\system32\awtsSigE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7733C0C4-DA4C-427F-99DA-AC46AB264C9C}]
07/21/2008 16:15: VIRUS ALERT! 322304 --a------ C:\WINDOWS\system32\hgGwTLfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{812AE34E-162C-4C94-BAA1-A2C0431AEC84}]
07/17/2008 03:14: VIRUS ALERT! 454656 --a------ C:\WINDOWS\kgxmotapktx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD19D8FE-624C-4259-8342-C2922F51EC2E}]
07/17/2008 21:56: VIRUS ALERT! 438272 --a------ C:\WINDOWS\kgxmotaptbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47: VIRUS ALERT! C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 10:03: VIRUS ALERT!]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 09:59: VIRUS ALERT!]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 17:50: VIRUS ALERT!]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 17:50: VIRUS ALERT!]
"BDSwitchAgent"="C:\progra~1\softwin\bitdef~1\bdswitch.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 23:57: VIRUS ALERT!]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 12:09: VIRUS ALERT!]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 05:52: VIRUS ALERT!]
"BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe" []
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 09:59: VIRUS ALERT!]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38: VIRUS ALERT!]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 08:46: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/18/2004 10:55: VIRUS ALERT!]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [08/04/2004 00:56: VIRUS ALERT!]
"QuickTime Task"="F:\qttask.exe" [04/27/2007 09:41: VIRUS ALERT!]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\29.bin\MWSBAR.DLL" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe" []
"C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe"="C:\DOCUME~1\Twins\LOCALS~1\Temp\update.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00: VIRUS ALERT!]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\29.bin\M3PLUGIN.DLL" []
"lphcgnej0er69"="C:\WINDOWS\system32\lphcgnej0er69.exe" []
"SMrhclnej0er69"="C:\Program Files\rhclnej0er69\rhclnej0er69.exe" [07/21/2008 04:46: VIRUS ALERT!]
"105dddc6"="C:\WINDOWS\system32\bsxtjkbo.dll" [08/05/2008 00:38: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/10/2007 08:38: VIRUS ALERT!]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\29.bin\mwsoemon.exe" []
"My Web Search Community Tools"="C:\Program Files\MyWebSearch\bar\29.bin\m3IMPipe.exe" []
"QuickPhrase"="C:\Program Files\TypingMaster\QuickPhrase\quickphrase.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 18:13: VIRUS ALERT!]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6A10732F-BDB9-48B3-9DF7-622478AD74FC}"= C:\WINDOWS\system32\awtsSigE.dll [07/21/2008 16:09: VIRUS ALERT! 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsSigE]
awtsSigE.dll 07/21/2008 16:09: VIRUS ALERT! 33152 C:\WINDOWS\system32\awtsSigE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=bxvnkv.dll swvulq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGwTLfe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38338ccb-072a-11dd-af77-00402b498740}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-05 12:48:25 ------------
  • 0

#12
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
and this is what came up on the extra.txt...


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.30GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 246.98 MiB / 48.37 MiB
Pagefile Memory (total/avail): 605.96 MiB / 163.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 13.45 GiB total, 3.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 31.5 GiB total, 30.89 GiB free.

\\.\PHYSICALDRIVE0 - IBM-DTTA-371440 - 13.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 13.45 GiB - C:

\\.\PHYSICALDRIVE1 - SAMSUNG SV8004H - 31.49 GiB - 1 partition
\PARTITION0 - 16-bit FAT - 31.5 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1162349349\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1162349349\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1162349349\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1162349349\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Twins\Application Data
CLASSPATH=.;F:\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TWINS14
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Twins
LOGONSERVER=\\TWINS14
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Twins\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;F:\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=F:\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Twins\LOCALS~1\Temp
TMP=C:\DOCUME~1\Twins\LOCALS~1\Temp
USERDOMAIN=TWINS14
USERNAME=Twins
USERPROFILE=C:\Documents and Settings\Twins
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Twins (admin)
Adrian (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AntivirXP08 --> "C:\Program Files\rhclnej0er69\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Memorex exPressit Label Design Studio --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starware Toolbar de Música --> C:\Program Files\Starware367\Starware367Uninstall.exe
ToneThis 3.0 --> C:\Program Files\ToneThis 3.0\Uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\agpqlrfm.exe
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type4566 / Error
Event Submitted/Written: 08/05/2008 01:33:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4565 / Error
Event Submitted/Written: 08/05/2008 01:13:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4564 / Error
Event Submitted/Written: 08/05/2008 01:13:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4509 / Error
Event Submitted/Written: 07/23/2008 08:13:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avgsetup.exe, version 8.0.0.134, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4454 / Error
Event Submitted/Written: 07/21/2008 05:14:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38422 / Warning
Event Submitted/Written: 08/05/2008 00:45:43 PM
Event ID/Source: 52 / Disk
Event Description:
The driver has detected that device \Device\Harddisk1\DR1 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.

Event Record #/Type38421 / Error
Event Submitted/Written: 08/05/2008 00:36:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type38420 / Error
Event Submitted/Written: 08/05/2008 00:01:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type38406 / Error
Event Submitted/Written: 08/05/2008 11:50:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The My Web Search Service service failed to start due to the following error:
%%3

Event Record #/Type38400 / Error
Event Submitted/Written: 08/05/2008 02:01:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-08-05 12:48:25 ------------
  • 0

#13
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

From my previous instructions:

Post the contents of this log in your next reply. Also post the extra.txt present in that folder.

So open the Deckard System Scanner folder and post the contents of extra.txt here

Ignore this, I see you've already posted it :)
Hang on for a new set of instructions...

Edited by miekiemoes, 05 August 2008 - 01:54 PM.

  • 0

#14
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Ok, first step..

Go to start > control panel > software > add & remove programs and uninstall the following programs:

AntivirXP08
Starware Toolbar de Música
Viewpoint Manager (Remove Only)


REBOOT afterwards!

After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#15
midtown1

midtown1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
for some reason "antivirxp08" doesnt want to uninstall.. it says its uninstalled but its still appears on the add or remove programs...any suggestions?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP