Sign in to follow this  
Anton.B

Zlob has got me

Recommended Posts

Welcome to the Lavasoft Support Forums Anton B)

 

Please post the latest scan log so we can see what's being detected.

Share this post


Link to post
Share on other sites
Welcome to the Lavasoft Support Forums Anton :)

 

Please post the latest scan log so we can see what's being detected.

 

 

Tx Noadfear, here is my latest hijackthis log, I've sent the adaware log as an attchment.

 

Thanks Anton

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Sunday, 18 November 2007 12:32:47 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R202 12.11.2007

???????????????????????????????????????????????????

 

References detected during the scan:

???????????????????????????????????????

MRU List(TAC index:0):11 total references

Win32.Trojandownloader.Zlob(TAC index:10):7 total references

???????????????????????????????????????

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R202 12.11.2007

Internal build : 245

File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 1871318 Bytes

Total size : 6874979 Bytes

Signature data size : 6829259 Bytes

Reference data size : 45208 Bytes

Signatures total : 174383

CSI Fingerprints total : 11211

CSI data size : 752065 Bytes

Target categories : 15

Target families : 1333

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:55 %

Total physical memory:1048048 kb

Available physical memory:566636 kb

Total page file size:2996928 kb

Available on page file:2637660 kb

Total virtual memory:2097024 kb

Available virtual memory:2008004 kb

OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Obtain command line of scanned processes

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

18-11-2007 12:32:47 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Dad\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Dad\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\nvidia corporation\global\nview\windowmanagement

Description : nvidia nview cached application window positions

 

 

Listing running processes

??????????????????????????????????????

 

#:1 [smss.exe]

ModuleName : \SystemRoot\System32\smss.exe

Command Line : n/a

ProcessID : 480

ThreadCreationTime : 17-11-2007 12:54:21 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

ModuleName : \??\C:\WINDOWS\system32\csrss.exe

Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh

ProcessID : 536

ThreadCreationTime : 17-11-2007 12:54:23 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

ModuleName : \??\C:\WINDOWS\system32\winlogon.exe

Command Line : winlogon.exe

ProcessID : 560

ThreadCreationTime : 17-11-2007 12:54:24 PM

BasePriority : High

 

 

#:4 [services.exe]

ModuleName : C:\WINDOWS\system32\services.exe

Command Line : C:\WINDOWS\system32\services.exe

ProcessID : 612

ThreadCreationTime : 17-11-2007 12:54:25 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

ModuleName : C:\WINDOWS\system32\lsass.exe

Command Line : C:\WINDOWS\system32\lsass.exe

ProcessID : 624

ThreadCreationTime : 17-11-2007 12:54:25 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch

ProcessID : 804

ThreadCreationTime : 17-11-2007 12:54:33 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k rpcss

ProcessID : 908

ThreadCreationTime : 17-11-2007 12:54:36 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs

ProcessID : 944

ThreadCreationTime : 17-11-2007 12:54:37 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

ProcessID : 1032

ThreadCreationTime : 17-11-2007 12:54:39 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService

ProcessID : 1088

ThreadCreationTime : 17-11-2007 12:54:41 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService

ProcessID : 1120

ThreadCreationTime : 17-11-2007 12:54:42 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [aswupdsv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

ProcessID : 1160

ThreadCreationTime : 17-11-2007 12:54:46 PM

BasePriority : Normal

FileVersion : 4, 7, 1043, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! Antivirus updating service

InternalName : aswUpdSv.exe

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswUpdSv.exe

 

#:13 [ashserv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

ProcessID : 1208

ThreadCreationTime : 17-11-2007 12:54:46 PM

BasePriority : High

FileVersion : 4, 7, 1043, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! antivirus service

InternalName : aswServ

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswServ.exe

 

#:14 [spoolsv.exe]

ModuleName : C:\WINDOWS\system32\spoolsv.exe

Command Line : C:\WINDOWS\system32\spoolsv.exe

ProcessID : 1384

ThreadCreationTime : 17-11-2007 12:54:52 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [applemobiledeviceservice.exe]

ModuleName : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

Command Line : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

ProcessID : 1480

ThreadCreationTime : 17-11-2007 12:54:55 PM

BasePriority : Normal

FileVersion : 1, 14, 0, 0

ProductVersion : 1, 14, 0, 0

ProductName : Apple Mobile Device Service

CompanyName : Apple, Inc.

FileDescription : Apple Mobile Device Service

InternalName : usbaapld

LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.

OriginalFilename : usbmuxd.exe

 

#:16 [btwdins.exe]

ModuleName : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

Command Line : "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"

ProcessID : 1508

ThreadCreationTime : 17-11-2007 12:54:55 PM

BasePriority : Normal

FileVersion : 1.4.2 Build 10

ProductVersion : 1.4.2 Build 10

ProductName : Bluetooth Software 1.4.2 Build 10

CompanyName : WIDCOMM, Inc.

FileDescription : Bluetooth Support Server

InternalName : BTWDIns

LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.

OriginalFilename : BTWDIns.EXE

 

#:17 [devsvc.exe]

ModuleName : C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

Command Line : "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"

ProcessID : 1520

ThreadCreationTime : 17-11-2007 12:54:55 PM

BasePriority : Normal

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : Capture Device Service

CompanyName : InterVideo Inc.

FileDescription : Capture Device Service

InternalName : DevSvc.exe

LegalCopyright : InterVideo© Inc. All rights reserved.

OriginalFilename : DevSvc.exe

 

#:18 [cisvc.exe]

ModuleName : C:\WINDOWS\system32\cisvc.exe

Command Line : C:\WINDOWS\system32\cisvc.exe

ProcessID : 1540

ThreadCreationTime : 17-11-2007 12:54:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:19 [ctsvccda.exe]

ModuleName : C:\WINDOWS\system32\CTSvcCDA.EXE

Command Line : C:\WINDOWS\system32\CTSvcCDA.EXE

ProcessID : 1556

ThreadCreationTime : 17-11-2007 12:54:58 PM

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:20 [kodakccs.exe]

ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe

Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe

ProcessID : 1708

ThreadCreationTime : 17-11-2007 12:55:04 PM

BasePriority : Normal

FileVersion : 1.1.4900.0

ProductVersion : 4.3.1.0

ProductName : Kodak DC File System Driver (Win32)

CompanyName : Eastman Kodak Company

FileDescription : Kodak DC Ring 3 Conduit (Win32)

InternalName : DcFsSvc.exe

LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003

OriginalFilename : DcFsSvc.exe

 

#:21 [lssrvc.exe]

ModuleName : C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Command Line : "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"

ProcessID : 1744

ThreadCreationTime : 17-11-2007 12:55:05 PM

BasePriority : Normal

FileVersion : 1.4.124.1

ProductName : LightScribe

CompanyName : Hewlett-Packard Company

LegalCopyright : ? Copyright 2003-2006 Hewlett-Packard Development Company, LP

OriginalFilename : LSSrvc.exe

 

#:22 [mdm.exe]

ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

ProcessID : 1768

ThreadCreationTime : 17-11-2007 12:55:06 PM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft? Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:23 [csfiremon.exe]

ModuleName : C:\Program Files\CS Fire Monitor\CSFireMon.exe

Command Line : "C:\Program Files\CS Fire Monitor\CSFireMon.exe" /service

ProcessID : 1816

ThreadCreationTime : 17-11-2007 12:55:07 PM

BasePriority : High

FileVersion : 2.05.0005

ProductVersion : 2.05.0005

ProductName : CS Fire Monitor

CompanyName : Crofts Software

FileDescription : CS Fire Monitor

InternalName : CSFireMon

LegalCopyright : Copyright ?? 1999-2005 Crofts Software

OriginalFilename : CSFireMon.exe

 

#:24 [nvsvc32.exe]

ModuleName : C:\WINDOWS\system32\nvsvc32.exe

Command Line : C:\WINDOWS\system32\nvsvc32.exe

ProcessID : 1836

ThreadCreationTime : 17-11-2007 12:55:07 PM

BasePriority : Normal

FileVersion : 6.14.10.6631

ProductVersion : 6.14.10.6631

ProductName : NVIDIA Driver Helper Service, Version 66.31

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 66.31

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:25 [scsiaccess.exe]

ModuleName : C:\WINDOWS\system32\ScsiAccess.EXE

Command Line : C:\WINDOWS\system32\ScsiAccess.EXE

ProcessID : 1888

ThreadCreationTime : 17-11-2007 12:55:10 PM

BasePriority : Normal

 

 

#:26 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc

ProcessID : 1916

ThreadCreationTime : 17-11-2007 12:55:10 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:27 [ulcdrsvr.exe]

ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"

ProcessID : 1980

ThreadCreationTime : 17-11-2007 12:55:14 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 5

ProductVersion : 1, 0, 0, 5

ProductName : Ulead Systems ULCDRSvr

CompanyName : Ulead Systems, Inc.

FileDescription : ULCDRSvr

InternalName : ULCDRSvr

LegalCopyright : Copyright c 2002 Ulead Systems, Inc.

OriginalFilename : ULCDRSvr.exe

 

#:28 [ustorsrv.exe]

ModuleName : C:\WINDOWS\system32\UStorSrv.exe

Command Line : C:\WINDOWS\system32\UStorSrv.exe /Service

ProcessID : 2032

ThreadCreationTime : 17-11-2007 12:55:16 PM

BasePriority : Normal

FileVersion : 1, 1, 1, 4

ProductVersion : 1, 1, 1, 4

ProductName : OTi Content Service

CompanyName : OTi

FileDescription : OTi Content Service

InternalName : UniCntSrvSvc

LegalCopyright : Copyright © 2004

OriginalFilename : UniCntSrvSvc.EXE

Comments : Build on 6/10/2003

 

#:29 [fxssvc.exe]

ModuleName : C:\WINDOWS\system32\fxssvc.exe

Command Line : C:\WINDOWS\system32\fxssvc.exe

ProcessID : 264

ThreadCreationTime : 17-11-2007 12:55:18 PM

BasePriority : Normal

FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.2.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Fax Service

InternalName : FXSSVC.EXE

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : FXSSVC.EXE

 

#:30 [explorer.exe]

ModuleName : C:\WINDOWS\Explorer.EXE

Command Line : C:\WINDOWS\Explorer.EXE

ProcessID : 1716

ThreadCreationTime : 17-11-2007 12:55:26 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:31 [type32.exe]

ModuleName : C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

Command Line : "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

ProcessID : 2200

ThreadCreationTime : 17-11-2007 12:55:33 PM

BasePriority : Normal

 

 

#:32 [atwtusb.exe]

ModuleName : C:\WINDOWS\system32\atwtusb.exe

Command Line : "C:\WINDOWS\system32\atwtusb.exe" beta

ProcessID : 2208

ThreadCreationTime : 17-11-2007 12:55:33 PM

BasePriority : Realtime

FileVersion : 2, 15, 0, 0

ProductVersion : 1, 1, 0, 0

ProductName : Tablet HID

CompanyName : Aiptek

FileDescription : Tablet HID

InternalName : Tablet

LegalCopyright : Copyright © 1999

OriginalFilename : usbtablet.exe

Comments : USB

 

#:33 [ashdisp.exe]

ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

ProcessID : 2216

ThreadCreationTime : 17-11-2007 12:55:34 PM

BasePriority : Normal

FileVersion : 4, 7, 1043, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! service GUI component

InternalName : aswDisp

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswDisp.exe

 

#:34 [logmeinsystray.exe]

ModuleName : C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

Command Line : "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

ProcessID : 2248

ThreadCreationTime : 17-11-2007 12:55:35 PM

BasePriority : Normal

FileVersion : 3.0.596

ProductVersion : 3.0.596

ProductName : LogMeIn

CompanyName : LogMeIn, Inc.

FileDescription : LogMeIn Desktop Application

InternalName : LogMeInSystray

LegalCopyright : Copyright ? 2003-2007 LogMeIn, Inc. US patents pending.

OriginalFilename : LogMeInSystray.exe

 

#:35 [svchost.exe]

ModuleName : C:\WINDOWS\Fonts\svchost.exe

Command Line : "C:\WINDOWS\Fonts\svchost.exe"

ProcessID : 2308

ThreadCreationTime : 17-11-2007 12:55:38 PM

BasePriority : Normal

 

 

#:36 [jusched.exe]

ModuleName : C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

Command Line : "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

ProcessID : 2348

ThreadCreationTime : 17-11-2007 12:55:38 PM

BasePriority : Normal

 

 

#:37 [rundll32.exe]

ModuleName : C:\WINDOWS\system32\rundll32.exe

Command Line : rundll32.exe nview.dll,nViewInitialize

ProcessID : 2364

ThreadCreationTime : 17-11-2007 12:55:40 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:38 [bttray.exe]

ModuleName : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Command Line : "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"

ProcessID : 2460

ThreadCreationTime : 17-11-2007 12:55:46 PM

BasePriority : Normal

FileVersion : 1.4.2 Build 10

ProductVersion : 1.4.2 Build 10

ProductName : Bluetooth Software 1.4.2 Build 10

CompanyName : WIDCOMM, Inc.

FileDescription : Bluetooth Tray Application

InternalName : BTTray

LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.

OriginalFilename : BTTray.exe

 

#:39 [hpobnz08.exe]

ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"

ProcessID : 2480

ThreadCreationTime : 17-11-2007 12:55:47 PM

BasePriority : Normal

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Device Objects

InternalName : HPOBNZ08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOBNZ08.EXE

Comments : HP OfficeJet <Banzai> Series COM Device Objects

 

#:40 [hpotdd01.exe]

ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

ProcessID : 2492

ThreadCreationTime : 17-11-2007 12:55:48 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Hewlett-Packard hpotdd01

CompanyName : Hewlett-Packard

FileDescription : hpotdd01

InternalName : hpotdd01

LegalCopyright : Copyright ? 2002

OriginalFilename : hpotdd01.exe

 

#:41 [ashmaisv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

ProcessID : 2628

ThreadCreationTime : 17-11-2007 12:56:13 PM

BasePriority : Normal

 

 

#:42 [ashwebsv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

ProcessID : 2644

ThreadCreationTime : 17-11-2007 12:56:15 PM

BasePriority : Normal

 

 

#:43 [alg.exe]

ModuleName : C:\WINDOWS\System32\alg.exe

Command Line : C:\WINDOWS\System32\alg.exe

ProcessID : 3100

ThreadCreationTime : 17-11-2007 12:56:41 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:44 [hpoevm08.exe]

ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding

ProcessID : 3108

ThreadCreationTime : 17-11-2007 12:56:42 PM

BasePriority : Normal

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Event Manager

InternalName : HPOEVM08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOEVM08.EXE

Comments : HP OfficeJet COM Event Manager

 

#:45 [hposts08.exe]

ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2200 series#1125623360" /Startup

ProcessID : 3292

ThreadCreationTime : 17-11-2007 12:57:00 PM

BasePriority : Normal

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet Status

InternalName : HPOSTS08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOSTS08.EXE

Comments : HP OfficeJet Status

 

#:46 [cidaemon.exe]

ModuleName : C:\WINDOWS\system32\cidaemon.exe

Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1540l

ProcessID : 3748

ThreadCreationTime : 17-11-2007 1:02:06 PM

BasePriority : Idle

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : cidaemon.exe

 

#:47 [wuauclt.exe]

ModuleName : C:\WINDOWS\system32\wuauclt.exe

Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b0]SUSDS9f92068832231944a4320cbf6fb745df

ProcessID : 2836

ThreadCreationTime : 17-11-2007 1:28:00 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft? Windows? Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : ? Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:48 [ad-aware.exe]

ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"

ProcessID : 2304

ThreadCreationTime : 17-11-2007 1:30:10 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright ? Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

??????????????????????????????????????

New critical objects: 0

Objects found so far: 11

 

 

Started registry scan

??????????????????????????????????????

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{11a69ae4-fbed-4832-a2bf-45af82825583}

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a}

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {11a69ae4-fbed-4832-a2bf-45af82825583}

 

Registry Scan result:

??????????????????????????????????????

New critical objects: 6

Objects found so far: 17

 

 

Started deep registry scan

??????????????????????????????????????

 

Deep registry scan result:

??????????????????????????????????????

New critical objects: 0

Objects found so far: 17

 

 

Started Tracking Cookie scan

??????????????????????????????????????

 

 

Tracking cookie scan result:

??????????????????????????????????????

New critical objects: 0

Objects found so far: 17

 

 

 

Deep scanning and examining files (C:)

??????????????????????????????????????

 

Disk Scan Result for C:\

??????????????????????????????????????

New critical objects: 0

Objects found so far: 17

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

????????????????????????????????????????????????????????????????????????????

 

Hosts file scan result:

??????????????????????????????????????

1 entries scanned.

New critical objects:0

Objects found so far: 17

 

 

 

 

Performing conditional scans...

??????????????????????????????????????

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : tracking.log

TAC Rating : 10

Category : Malware

Comment :

Object : c:\system volume information\

 

 

 

Conditional scan result:

??????????????????????????????????????

New critical objects: 1

Objects found so far: 18

 

1:57:15 AM Scan Complete

 

Summary Of This Scan

??????????????????????????????????????

Total scanning time:01:24:27.94

Objects scanned:318651

Objects identified:7

Objects ignored:0

New critical objects:7

Adaware_Full_Scan.txt

Share this post


Link to post
Share on other sites

:)--><div class='quotetop'>QUOTE(Anton.B @ Nov 18 2007, 12:09 PM) 61052[/snapback]</div><div class='quotemain'><!--quotec-->Tx Noadfear, here is my latest hijackthis log, I've sent the adaware log as an attchment.

 

Thanks Anton

 

Sorry about that

 

Anton

 

Logfile of HijackThis v1.99.1

Scan saved at 12:01:31 PM, on 18/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\system32\atwtusb.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\CS Fire Monitor\CSFireMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\Documents and Settings\Dad\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\wqnfsxfb.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DB3BE.dat

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

hijackthis.log

Share this post


Link to post
Share on other sites

Download VundoFix by Atribune, saving it to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log in a reply to this thread.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Share this post


Link to post
Share on other sites

Hi Dave,

 

I am re-sending this info ..got a gut feeling I messed up last time....

 

Vundo could not remove C:\windows\system32\_c00DB3BE.DAT (I tried 6 times).

I've attached the logs you asked for previously.

 

Cheers, and thanks.

Anton

Share this post


Link to post
Share on other sites

:)-->

QUOTE(Anton.B @ Nov 18 2007, 09:36 PM) 61106[/snapback]
Hi Dave,

 

I am re-sending this info ..got a gut feeling I messed up last time....

 

Vundo could not remove C:\windows\system32\_c00DB3BE.DAT (I tried 6 times).

I've attached the logs you asked for previously.

 

Cheers, and thanks.

Anton

 

 

Sorry dave, sent you wrong file last time.

 

Cheers

VundoFix.txt

VundoFix.txt

Share this post


Link to post
Share on other sites
Please run a new scan with HijackThis and post the log.

 

New HJT log attached

 

Logfile of HijackThis v1.99.1

Scan saved at 6:26:57 AM, on 19/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CS Fire Monitor\CSFireMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\atwtusb.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\Dad\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\wqnfsxfb.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

hijackthis.log

Share this post


Link to post
Share on other sites

Download ComboFix by sUBs from here, saving the file to your desktop.

  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites
Download ComboFix by sUBs from here, saving the file to your desktop.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Combofix is downloading but when run states that it is out of date and uninstalls itself

Share this post


Link to post
Share on other sites

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

  • Close all applications and windows.
  • Double click on dss.exe to run it and follow the prompts.
  • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

Share this post


Link to post
Share on other sites
Download Deckard's System Scanner (dss.exe) and save it to your desktop.
  • Close all applications and windows.
  • Double click on dss.exe to run it and follow the prompts.
  • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Deckard's System Scanner v20071014.68

Run by Dad on 2007-11-19 10:55:12

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 3 Restore Point(s) --

3: 2007-11-18 23:55:32 UTC - RP648 - Deckard's System Scanner Restore Point

2: 2007-11-18 23:49:03 UTC - RP647 - Last known good configuration

1: 2007-11-18 23:48:40 UTC - RP646 - System Checkpoint

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Dad.exe) -------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 10:57:46 AM, on 19/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\WINDOWS\system32\fdhaoohi.exe

C:\Program Files\CS Fire Monitor\CSFireMon.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\system32\atwtusb.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dad\Desktop\dss.exe

C:\DOCUME~1\Dad\Desktop\Dad.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)

O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll

O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fpktuukr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fpktuukr.dll

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat

O20 - Winlogon Notify: fpktuukr - C:\WINDOWS\SYSTEM32\fpktuukr.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: tuvwwxy - C:\WINDOWS\SYSTEM32\tuvwwxy.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\fdhaoohi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

 

 

-- HijackThis Fixed Entries (C:\DOCUME~1\Dad\Desktop\backups\) -----------------

 

backup-20071117-224612-508 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-224612-736 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20071117-224612-957 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

backup-20071117-224613-360 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20071117-224613-732 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yykgwquj.exe (file missing)

backup-20071117-225611-345 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-232507-408 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-232523-543 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-235154-656 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-235210-352 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-235853-186 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071117-235853-313 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

backup-20071117-235853-790 O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

backup-20071118-000440-504 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071118-002640-825 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

backup-20071118-002640-908 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

backup-20071118-031523-396 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys

R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

R3 uscbs108 - c:\windows\system32\drivers\uscbs108.sys

R3 uscsc108 - c:\windows\system32\drivers\uscsc108.sys

 

S3 catchme - c:\docume~1\dad\locals~1\temp\catchme.sys (file missing)

S3 StkMini (Syntek DC-112X) - c:\windows\system32\drivers\stkmini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver>

S3 StkScan (Syntek DC-112X Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>

R2 DomainService - c:\windows\system32\fdhaoohi.exe /service <Not Verified; ; DDC>

R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

R2 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>

 

S2 CS Fire Monitor - "c:\program files\cs fire monitor\csfiremonservice.exe" -service <Not Verified; Crofts Software; CS Fire Monitor Service>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\71402320ED

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\71402320ED

Service: NIC1394

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD00

Manufacturer: Nokia

Name: Princess Nokia N70

PNP Device ID: ROOT\WPD00

Service: WUDFRd

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Antons Nokia N70

Device ID: ROOT\WPD01

Manufacturer: Nokia

Name: Antons Nokia N70

PNP Device ID: ROOT\WPD01

Service: WUDFRd

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-11-19 10:29:24 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

2007-11-14 20:02:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2006-08-21 12:11:04 338 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125623360.job

 

 

-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

 

2007-11-19 09:55:46 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll

2007-11-19 09:55:17 145984 --a------ C:\WINDOWS\system32\rjfppvrf.dll

2007-11-19 06:37:18 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll

2007-11-19 06:34:29 85056 --a------ C:\WINDOWS\system32\utmojxcc.dll

2007-11-19 06:28:22 71232 --a------ C:\WINDOWS\system32\fdhaoohi.exe <Not Verified; ; DDC>

2007-11-19 06:25:18 10816 --a------ C:\WINDOWS\system32\__c00A6484.dat

2007-11-19 06:25:16 10816 --a------ C:\WINDOWS\system32\okxlwala.dll

2007-11-19 06:24:44 10816 --a------ C:\WINDOWS\system32\fqjdksao.dll

2007-11-18 16:51:42 152642 --ahs---- C:\WINDOWS\system32\ggjlm.ini2

2007-11-18 16:51:28 320608 --a------ C:\WINDOWS\system32\mljgg.dll

2007-11-18 10:04:14 82496 --a------ C:\WINDOWS\system32\rwnyclfe.dll

2007-11-18 09:57:26 10816 -----n--- C:\WINDOWS\system32\__c00DB3BE.dat

2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe

2007-11-16 21:42:12 35840 --a------ C:\WINDOWS\17PHolmes1188.exe

2007-11-16 21:41:59 36352 --a------ C:\WINDOWS\system32\ddcyvww.dll

2007-11-16 20:44:42 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll

2007-11-16 17:03:24 71232 --a------ C:\WINDOWS\system32\brepqytj.exe <Not Verified; ; DDC>

2007-11-16 16:54:48 40960 --a------ C:\Documents and Settings\Mum\f.exe

2007-11-16 16:54:35 0 --a------ C:\Documents and Settings\Mum\x.dat

2007-11-16 16:54:23 36352 --a------ C:\WINDOWS\system32\yaywxuv.dll

2007-11-16 16:54:19 1017 --a------ C:\Documents and Settings\Mum\z.dat

2007-11-16 16:54:01 36352 --a------ C:\WINDOWS\system32\pmnopnk.dll

2007-11-15 11:03:37 40960 --a------ C:\Documents and Settings\Dad\f.exe

2007-11-15 11:03:24 1204 --a------ C:\Documents and Settings\Dad\x.dat

2007-11-15 11:03:16 36352 --a------ C:\WINDOWS\system32\byxuvvu.dll

2007-11-15 11:03:07 4840 --a------ C:\Documents and Settings\Dad\z.dat

2007-11-15 11:02:54 36352 --a------ C:\WINDOWS\system32\vtuvsqr.dll

2007-11-15 10:36:10 35840 --a------ C:\WINDOWS\mrofinu1000106.exe

2007-11-15 10:35:01 40960 --a------ C:\Documents and Settings\Anton\f.exe

2007-11-15 10:34:54 299 --a------ C:\Documents and Settings\Anton\x.dat

2007-11-15 10:34:30 40341 --a------ C:\Documents and Settings\Anton\z.dat

2007-11-15 10:34:17 36352 --a------ C:\WINDOWS\system32\iifffde.dll

2007-11-15 10:34:00 0 d-------- C:\WINDOWS\system32\rMa18yy

2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat

2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss

2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5

2007-10-30 12:22:51 0 d-------- C:\Racing

2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod

2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes

2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2007-10-19 23:05:01 0 d-------- C:\the hedgehog

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft

2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft

2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-17 17:36:23 0 d-------- C:\Program Files\Java

2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files

2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3

2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor

2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM

2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe

2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>

2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome

2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro

2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn

2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame

2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity

2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update

2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free

2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce

2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight

2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade

2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games

2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System

2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>

2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows>

2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1

2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>

2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}]

18/11/2007 04:51 PM 320608 --a------ C:\WINDOWS\system32\mljgg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}]

19/11/2007 06:37 AM 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

19/11/2007 09:55 AM 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

16/11/2007 08:44 PM 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}]

C:\WINDOWS\system32\vtstt.dll

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fpktuukr.dll [19/11/2007 09:55 AM 145984]

 

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]

"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]

"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]

"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []

"d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" [19/11/2007 06:34 AM]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]

"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fpktuukr]

fpktuukr.dll 19/11/2007 09:55 AM 145984 C:\WINDOWS\system32\fpktuukr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxy]

tuvwwxy.dll 16/11/2007 08:44 PM 36352 C:\WINDOWS\system32\tuvwwxy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgg.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]

backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]

wfxsnt40.exe

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]

AutoRun\command- G:\LaunchU3.exe -a

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-19 10:59:47 ------------

main.txt

Edited by noahdfear
dss log posted

Share this post


Link to post
Share on other sites

Highlight and copy the bolded command below.

 

sc stop DomainService

 

Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command.

 

sc delete DomainService

 

 

 

Delete the following folder.

 

C:\WINDOWS\system32\rMa18yy

 

 

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

 

Filename: vundofix.vft

Save As Type: All Files (*.*)

 

C:\WINDOWS\system32\fpktuukr.dll
C:\WINDOWS\system32\rjfppvrf.dll
C:\WINDOWS\system32\uimnlulf.dll
C:\WINDOWS\system32\utmojxcc.dll
C:\WINDOWS\system32\fdhaoohi.exe
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\okxlwala.dll
C:\WINDOWS\system32\fqjdksao.dll
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rwnyclfe.dll
C:\WINDOWS\system32\__c00DB3BE.dat
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\ddcyvww.dll
C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\brepqytj.exe
C:\Documents and Settings\Mum\f.exe
C:\WINDOWS\system32\yaywxuv.dll
C:\WINDOWS\system32\pmnopnk.dll
C:\Documents and Settings\Dad\f.exe
C:\WINDOWS\system32\byxuvvu.dll
C:\WINDOWS\system32\vtuvsqr.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Documents and Settings\Anton\f.exe
C:\WINDOWS\system32\iifffde.dll

  • Close all other windows and programs.
  • Double-click VundoFix.exe to run it.
  • Drag vundofix.vft onto the listbox (white box) of VundoFix.
  • Click the "Remove Vundo" button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new dss log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting

 

 

Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as;

C:\passwords\Mum

C:\passwords\Dad

C:\passwords\Anton

 

 

C:\Documents and Settings\Mum\x.dat

C:\Documents and Settings\Mum\z.dat

C:\Documents and Settings\Dad\x.dat

C:\Documents and Settings\Dad\z.dat

C:\Documents and Settings\Anton\x.dat

C:\Documents and Settings\Anton\z.dat

 

Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt

Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own ;)

Share this post


Link to post
Share on other sites
Highlight and copy the bolded command below.

 

sc stop DomainService

 

Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command.

 

sc delete DomainService

Delete the following folder.

 

C:\WINDOWS\system32\rMa18yy

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

 

Filename: vundofix.vft

Save As Type: All Files (*.*)

 

C:\WINDOWS\system32\fpktuukr.dll
C:\WINDOWS\system32\rjfppvrf.dll
C:\WINDOWS\system32\uimnlulf.dll
C:\WINDOWS\system32\utmojxcc.dll
C:\WINDOWS\system32\fdhaoohi.exe
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\okxlwala.dll
C:\WINDOWS\system32\fqjdksao.dll
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rwnyclfe.dll
C:\WINDOWS\system32\__c00DB3BE.dat
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\ddcyvww.dll
C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\brepqytj.exe
C:\Documents and Settings\Mum\f.exe
C:\WINDOWS\system32\yaywxuv.dll
C:\WINDOWS\system32\pmnopnk.dll
C:\Documents and Settings\Dad\f.exe
C:\WINDOWS\system32\byxuvvu.dll
C:\WINDOWS\system32\vtuvsqr.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Documents and Settings\Anton\f.exe
C:\WINDOWS\system32\iifffde.dll

  • Close all other windows and programs.
  • Double-click VundoFix.exe to run it.
  • Drag vundofix.vft onto the listbox (white box) of VundoFix.
  • Click the "Remove Vundo" button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new dss log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting

Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as;

C:\passwords\Mum

C:\passwords\Dad

C:\passwords\Anton

C:\Documents and Settings\Mum\x.dat

C:\Documents and Settings\Mum\z.dat

C:\Documents and Settings\Dad\x.dat

C:\Documents and Settings\Dad\z.dat

C:\Documents and Settings\Anton\x.dat

C:\Documents and Settings\Anton\z.dat

 

Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt

Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own ;)

 

Vundofix is unable to delete C:\windows\system32\c00A6484.dat

Share this post


Link to post
Share on other sites

;)-->

QUOTE(Anton.B @ Nov 19 2007, 12:02 PM) 61193[/snapback]
Vundofix is unable to delete C:\windows\system32\c00A6484.dat

 

CORRECTION file is _c00A6484.dat (sorry)

Share this post


Link to post
Share on other sites
Please post the logs.

 

Logs as requested

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 4:28:50 PM 18/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\__c00DB3BE.dat

C:\WINDOWS\system32\adkfjpjc.dll

C:\windows\system32\adkfjpjc.dllbox

C:\windows\system32\efcywvw.dll

C:\windows\system32\kxsxwyxs.dll

C:\windows\system32\ojslqoow.dll

C:\windows\system32\ttstv.ini

C:\windows\system32\ttstv.ini2

C:\windows\system32\vtstt.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00DB3BE.dat

C:\windows\system32\__c00DB3BE.dat Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\adkfjpjc.dll

C:\WINDOWS\system32\adkfjpjc.dll Has been deleted!

 

Attempting to delete C:\windows\system32\adkfjpjc.dllbox

C:\windows\system32\adkfjpjc.dllbox Has been deleted!

 

Attempting to delete C:\windows\system32\efcywvw.dll

C:\windows\system32\efcywvw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\kxsxwyxs.dll

C:\windows\system32\kxsxwyxs.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ojslqoow.dll

C:\windows\system32\ojslqoow.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ttstv.ini

C:\windows\system32\ttstv.ini Has been deleted!

 

Attempting to delete C:\windows\system32\ttstv.ini2

C:\windows\system32\ttstv.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\vtstt.dll

C:\windows\system32\vtstt.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00DB3BE.dat

C:\windows\system32\__c00DB3BE.dat Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 4:46:53 PM 18/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\__c00DB3BE.dat

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00DB3BE.dat

C:\windows\system32\__c00DB3BE.dat Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00DB3BE.dat

C:\windows\system32\__c00DB3BE.dat Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 5:06:55 PM 18/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\__c00DB3BE.dat

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00DB3BE.dat

C:\windows\system32\__c00DB3BE.dat Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 11:39:20 AM 19/11/2007

 

Listing files found while scanning....

 

 

Beginning removal...

 

Attempting to delete C:\Documents and Settings\Anton\f.exe

C:\Documents and Settings\Anton\f.exe Has been deleted!

 

Attempting to delete C:\Documents and Settings\Dad\f.exe

C:\Documents and Settings\Dad\f.exe Has been deleted!

 

Attempting to delete C:\Documents and Settings\Mum\f.exe

C:\Documents and Settings\Mum\f.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\17PHolmes1188.exe

C:\WINDOWS\17PHolmes1188.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\mrofinu1000106.exe

C:\WINDOWS\mrofinu1000106.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\__c00A6484.dat

C:\WINDOWS\system32\__c00A6484.dat Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\__c00DB3BE.dat

C:\WINDOWS\system32\__c00DB3BE.dat Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\brepqytj.exe

C:\WINDOWS\system32\brepqytj.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\byxuvvu.dll

C:\WINDOWS\system32\byxuvvu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddcyvww.dll

C:\WINDOWS\system32\ddcyvww.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fdhaoohi.exe

C:\WINDOWS\system32\fdhaoohi.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fpktuukr.dll

C:\WINDOWS\system32\fpktuukr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fqjdksao.dll

C:\WINDOWS\system32\fqjdksao.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ggjlm.ini2

C:\WINDOWS\system32\ggjlm.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\iifffde.dll

C:\WINDOWS\system32\iifffde.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljgg.dll

C:\WINDOWS\system32\mljgg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\okxlwala.dll

C:\WINDOWS\system32\okxlwala.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnopnk.dll

C:\WINDOWS\system32\pmnopnk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rjfppvrf.dll

C:\WINDOWS\system32\rjfppvrf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rwnyclfe.dll

C:\WINDOWS\system32\rwnyclfe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tuvwwxy.dll

C:\WINDOWS\system32\tuvwwxy.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\uimnlulf.dll

C:\WINDOWS\system32\uimnlulf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\utmojxcc.dll

C:\WINDOWS\system32\utmojxcc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtuvsqr.dll

C:\WINDOWS\system32\vtuvsqr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yaywxuv.dll

C:\WINDOWS\system32\yaywxuv.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 11:47:06 AM 19/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\__c00A6484.dat

C:\windows\system32\fpktuukr.dllbox

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00A6484.dat

C:\windows\system32\__c00A6484.dat Could not be deleted.

 

Attempting to delete C:\windows\system32\fpktuukr.dllbox

C:\windows\system32\fpktuukr.dllbox Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\__c00A6484.dat

C:\windows\system32\__c00A6484.dat Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

Deckard's System Scanner v20071014.68

Run by Dad on 2007-11-19 12:20:21

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Dad.exe) -------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:20:31 PM, on 19/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CS Fire Monitor\CSFireMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\system32\atwtusb.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\Dad\Desktop\dss.exe

C:\DOCUME~1\Dad\Desktop\Dad.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)

O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)

O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

 

 

-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

 

2007-11-19 11:51:31 6948 --ahs---- C:\WINDOWS\system32\hjkmp.ini2

2007-11-19 11:51:14 320608 --a------ C:\WINDOWS\system32\pmkjh.dll

2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups

2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat

2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe

2007-11-16 20:44:42 36352 -----n--- C:\WINDOWS\system32\tuvwwxy.dll

2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat

2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss

2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5

2007-10-30 12:22:51 0 d-------- C:\Racing

2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod

2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes

2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2007-10-19 23:05:01 0 d-------- C:\the hedgehog

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft

2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft

2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-17 17:36:23 0 d-------- C:\Program Files\Java

2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files

2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3

2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor

2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM

2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe

2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>

2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome

2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro

2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn

2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame

2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity

2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update

2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free

2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce

2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight

2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade

2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games

2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System

2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>

2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows>

2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1

2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>

2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}]

C:\WINDOWS\system32\mljgg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}]

C:\WINDOWS\system32\uimnlulf.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B13CD278-8708-412A-A1D5-12DC54BCF488}]

19/11/2007 11:51 AM 320608 --a------ C:\WINDOWS\system32\pmkjh.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

16/11/2007 08:44 PM 36352 --------- C:\WINDOWS\system32\tuvwwxy.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}]

C:\WINDOWS\system32\vtstt.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]

"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]

"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]

"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []

"d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]

"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]

backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]

wfxsnt40.exe

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]

AutoRun\command- G:\LaunchU3.exe -a

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-19 12:21:14 ------------

main.txt

VundoFix.txt

Edited by noahdfear
posted attached logs

Share this post


Link to post
Share on other sites

Please post your logs right into the topic rather than attaching them. Thanks! ;)

 

 

Copy the contents of the code box below to a blank notepad. Save it to the desktop as;

 

Filename: fix.reg

Save as type: All Files (*.*)

 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Don't do anything with it just yet.

 

Please download OTMoveIt by OldTimer, saving it to your desktop.

 

Scan again with HijackThis and place a check next to the following entries then click Fix Checked.

 

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)

O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)

O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)

O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)

O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll

O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat

 

Close HijackThis

Double click fix.reg and allow it to merge with the registry.

  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
     
    C:\WINDOWS\system32\hjkmp.ini2
    C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\__c00A6484.dat
    C:\WINDOWS\system32\tmp.reg
    C:\Documents and Settings\Dad\services.exe
    C:\WINDOWS\system32\tuvwwxy.dll

     
     
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :

C:\_OTMoveIt\MovedFiles\********_******.log

(where "********_******" is the "date_time")

 

Click "Exit" to close OTMoveIt.

 

After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Now reboot into Safe Mode and logon to your user account.

  1. Open the extracted SDFix folder and double click RunThis.bat to start the script.
  2. Type Y to begin the cleanup process.
  3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  4. Press any Key and it will restart the PC.
  5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  7. Post the contents of the Report.txt along with a new dss log.

Share this post


Link to post
Share on other sites
Please post your logs right into the topic rather than attaching them. Thanks! ;)

Copy the contents of the code box below to a blank notepad. Save it to the desktop as;

 

Filename: fix.reg

Save as type: All Files (*.*)

 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Don't do anything with it just yet.

 

Please download OTMoveIt by OldTimer, saving it to your desktop.

 

Scan again with HijackThis and place a check next to the following entries then click Fix Checked.

 

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)

O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)

O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)

O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)

O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll

O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat

 

Close HijackThis

Double click fix.reg and allow it to merge with the registry.

  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
     
    C:\WINDOWS\system32\hjkmp.ini2
    C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\__c00A6484.dat
    C:\WINDOWS\system32\tmp.reg
    C:\Documents and Settings\Dad\services.exe
    C:\WINDOWS\system32\tuvwwxy.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :

C:\_OTMoveIt\MovedFiles\********_******.log

(where "********_******" is the "date_time")

 

Click "Exit" to close OTMoveIt.

 

After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop.before downloading and running

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Now reboot into Safe Mode and logon to your user account.

  1. Open the extracted SDFix folder and double click RunThis.bat to start the script.
  2. Type Y to begin the cleanup process.
  3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  4. Press any Key and it will restart the PC.
  5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  7. Post the contents of the Report.txt along with a new dss log.

 

I'm on a different computer because...

I forgot to the post OT_MoveIt log before downlading & extracting SDFix.

when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....

Share this post


Link to post
Share on other sites

;)-->

QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback]
I'm on a different computer because...

I forgot to the post OT_MoveIt log before downlading & extracting SDFix.

when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....

my keyboard has gone haywire 3 acts as delete..nothing else seems to work

Share this post


Link to post
Share on other sites

;)-->

QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback]
I'm on a different computer because...

I forgot to the post OT_MoveIt log before downlading & extracting SDFix.

when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....

 

Latest....now able to logon to my user (DAD)

 

requested log

C:\WINDOWS\system32\hjkmp.ini2 moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmkjh.dll

C:\WINDOWS\system32\pmkjh.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\pmkjh.dll scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\__c00A6484.dat scheduled to be moved on reboot.

C:\WINDOWS\system32\tmp.reg moved successfully.

C:\Documents and Settings\Dad\services.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvwwxy.dll

C:\WINDOWS\system32\tuvwwxy.dll NOT unregistered.

C:\WINDOWS\system32\tuvwwxy.dll moved successfully.

 

Created on 11/19/2007 13:13:25

Share this post


Link to post
Share on other sites

;)-->

QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback]
I'm on a different computer because...

I forgot to the post OT_MoveIt log before downlading & extracting SDFix.

when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....

 

 

I have been waiting for SDFix to complete it job. Has been approx 20 mins..have blank SDFix screen..HDD LED is constantly lit.

Share this post


Link to post
Share on other sites

Give it a bit longer if you would please, and if it doesn't complete after 45 min or so, exit out and back to normal mode. Then post a new dss log and see if there is a report.txt in the C:\SDFix folder (post it too if there is).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this