Sign in to follow this  
edwardbill

Billy-boy's own

Recommended Posts

Hi,

 

Please download Ad-Aware AE and run a full scan. If this fails to solve your problem please follow the instructions in my signature to post a HJT log file to the HJT forum.

 

Thanks,

 

GoddersUK

 

 

Thanks. Here are the HijackThis and AdAware logs.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:15:37 PM, on 6/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\System32\umonit.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\Promon.exe

C:\WINDOWS\system32\NMSSvc.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

J:\My Music\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab

O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab

O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab

O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 14159 bytes

 

 

 

 

AdAware Log

 

Logfile created: 6/9/2009 10:15:4

Lavasoft Ad-Aware version: 8.0.5

Extended engine version: 8.1

User performing scan: Billy

 

*********************** Definitions database information ***********************

Lavasoft definition file: 148.48

Extended engine definition file: 8.1

 

******************************** Scan results: *********************************

Scan profile name: Full Scan (ID: full)

Objects scanned: 206683

Objects detected: 14

 

 

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 1

Folders.........: 0

LSPs............: 0

Cookies.........: 13

Browser hijacks.: 0

MRU objects.....: 0

 

 

 

Removed items:

Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0

Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0

Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0

Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0

Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0

Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0

Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0

Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0

Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0

Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0

Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0

Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0

 

Quarantined items:

Description: C:\WINDOWS\CouponPrinter.ocx Family Name: Win32.Adware.BHO Clean status: Success Item ID: 766344 Family ID: 61

 

Scan and cleaning complete: Finished correctly after 16906 seconds

 

*********************************** Settings ***********************************

 

Scan profile:

ID: full, enabled:1, value: Full Scan

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: folderstoscan, enabled:1, value: C:\,J:\

ID: scanrootkits, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: extendedengine, enabled:0, value: true

ID: useheuristics, enabled:0, value: true

ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

 

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

 

Scheduled scan settings:

<Empty>

 

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently

ID: displaystatus, enabled:1, value: false

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: autodetectproxy, enabled:1, value: false

ID: useautoconfigscript, enabled:1, value: false

ID: autoconfigurl, enabled:0, value:

ID: useproxy, enabled:1, value: false

ID: proxyserver, enabled:0, value:

ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily, enabled:1, value: Daily

ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly, enabled:1, value: Weekly

ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: true

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: true

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

 

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

 

Realtime protection settings:

ID: realtime, enabled:1

ID: processprotection, enabled:1, value: true

ID: registryprotection, enabled:0, value: false

ID: networkprotection, enabled:0, value: false

ID: loadatstartup, enabled:1, value: true

ID: usespywareheuristics, enabled:0, value: true

ID: extendedengine, enabled:0, value: false

ID: useheuristics, enabled:0, value: false

ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict

ID: infomessages, enabled:1, value: display, domain: display,dontnotify,onlyimportant

 

 

****************************** System information ******************************

Computer name: GIMP

Processor name: Intel® Pentium® 4 CPU 2.40GHz

Processor identifier: x86 Family 15 Model 2 Stepping 4

Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 516, number of processors 1

Physical memory available: 121430016 bytes

Physical memory total: 535609344 bytes

Virtual memory available: 1933856768 bytes

Virtual memory total: 2147352576 bytes

Memory load: 77%

Microsoft Windows XP Professional Service Pack 3 (build 2600)

Windows startup mode:

 

Running processes:

PID: 436 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 492 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 516 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 560 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 576 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 736 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 784 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 852 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY

PID: 892 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 928 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1088 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 1140 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1204 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1288 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1544 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 168 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 196 name: C:\WINDOWS\Nhksrv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 212 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 228 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY

PID: 252 name: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe owner: SYSTEM domain: NT AUTHORITY

PID: 328 name: C:\WINDOWS\System32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY

PID: 372 name: C:\WINDOWS\System32\DVDRAMSV.exe owner: SYSTEM domain: NT AUTHORITY

PID: 484 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 596 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY

PID: 828 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1156 name: C:\Program Files\Tall Emu\Online Armor\oacat.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1124 name: C:\Program Files\Dantz\Retrospect\retrorun.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1724 name: C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1780 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1820 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2040 name: C:\Program Files\Viewpoint\Common\ViewpointService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2064 name: C:\WINDOWS\System32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2084 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2136 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 2300 name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2324 name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2584 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2716 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 2848 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3204 name: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2640 name: C:\WINDOWS\Explorer.EXE owner: Billy domain: GIMP

PID: 4076 name: C:\Program Files\Microsoft Hardware\Mouse\point32.exe owner: Billy domain: GIMP

PID: 1852 name: C:\WINDOWS\System32\umonit.exe owner: Billy domain: GIMP

PID: 3472 name: C:\WINDOWS\system32\WDBtnMgr.exe owner: Billy domain: GIMP

PID: 316 name: C:\WINDOWS\system32\CTHELPER.EXE owner: Billy domain: GIMP

PID: 352 name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe owner: Billy domain: GIMP

PID: 388 name: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe owner: Billy domain: GIMP

PID: 1584 name: C:\WINDOWS\system32\Promon.exe owner: Billy domain: GIMP

PID: 1152 name: C:\WINDOWS\system32\NMSSvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1212 name: C:\WINDOWS\MMKeybd.exe owner: Billy domain: GIMP

PID: 2540 name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe owner: SYSTEM domain: NT AUTHORITY

PID: 976 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Billy domain: GIMP

PID: 2200 name: C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe owner: Billy domain: GIMP

PID: 1148 name: C:\Program Files\Netropa\OSD.exe owner: Billy domain: GIMP

PID: 2728 name: C:\Program Files\Logitech\QuickCam\Quickcam.exe owner: Billy domain: GIMP

PID: 1728 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Billy domain: GIMP

PID: 264 name: J:\My Music\iTunesHelper.exe owner: Billy domain: GIMP

PID: 2696 name: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe owner: Billy domain: GIMP

PID: 1792 name: C:\WINDOWS\system32\ctfmon.exe owner: Billy domain: GIMP

PID: 3172 name: C:\Program Files\Messenger\msmsgs.exe owner: Billy domain: GIMP

PID: 1324 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: Billy domain: GIMP

PID: 3592 name: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe owner: Billy domain: GIMP

PID: 2008 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Billy domain: GIMP

PID: 3792 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: Billy domain: GIMP

PID: 3656 name: C:\WINDOWS\system32\RAMASST.exe owner: Billy domain: GIMP

PID: 4056 name: C:\Program Files\PC Connectivity Solution\NclBTHandler.exe owner: Billy domain: GIMP

PID: 3484 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1836 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP

PID: 2548 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP

PID: 2176 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP

PID: 5360 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Billy domain: GIMP

PID: 5484 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 5828 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Billy domain: GIMP

 

Startup items:

Name: DWQueuedReporting

imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

Name: Nokia.PCSync

imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Browseui preloader

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Component Categories cache daemon

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: WPDShServiceObj

imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Name: POINTER

imagepath: C:\Program Files\Microsoft Hardware\Mouse\point32.exe

Name: UMonit

imagepath: C:\WINDOWS\System32\umonit.exe

Name: WD Button Manager

imagepath: WDBtnMgr.exe

Name: WINDVDPatch

imagepath: CTHELPER.EXE

Name: avast!

imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Name: PCSuiteTrayApplication

imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

Name: Promon.exe

imagepath: Promon.exe

Name: DellTouch

imagepath: C:\WINDOWS\MMKeybd.exe

Name: AppleSyncNotifier

imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

Name: TkBellExe

imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Name: OE

imagepath: "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe"

Name: LogitechQuickCamRibbon

imagepath: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

Name: KernelFaultCheck

imagepath: %systemroot%\system32\dumprep 0 -k

Name: Ad-Watch

imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

Name: Adobe Reader Speed Launcher

imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Name: SunJavaUpdateSched

imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"

Name: QuickTime Task

imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Name: iTunesHelper

imagepath: "J:\My Music\iTunesHelper.exe"

Name: UserFaultCheck

imagepath: %systemroot%\system32\dumprep 0 -u

Name:

location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Name:

imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Name:

location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

imagepath: C:\WINDOWS\system32\RAMASST.exe

Name:

imagepath: C:\Documents and Settings\Billy\Start Menu\Programs\Startup\desktop.ini

 

Bootexecute items:

Name:

imagepath: autocheck autochk *

Name:

imagepath: lsdelete

 

Running services:

Name: ALG

displayname: Application Layer Gateway Service

Name: Apple Mobile Device

displayname: Apple Mobile Device

Name: aswUpdSv

displayname: avast! iAVS4 Control Service

Name: AudioSrv

displayname: Windows Audio

Name: avast! Antivirus

displayname: avast! Antivirus

Name: avast! Mail Scanner

displayname: avast! Mail Scanner

Name: avast! Web Scanner

displayname: avast! Web Scanner

Name: Bonjour Service

displayname: Bonjour Service

Name: Browser

displayname: Computer Browser

Name: btwdins

displayname: Bluetooth Service

Name: CCALib8

displayname: Canon Camera Access Library 8

Name: Creative Service for CDROM Access

displayname: Creative Service for CDROM Access

Name: CryptSvc

displayname: Cryptographic Services

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP Client

Name: Dnscache

displayname: DNS Client

Name: DVD-RAM_Service

displayname: DVD-RAM_Service

Name: ERSvc

displayname: Error Reporting Service

Name: Eventlog

displayname: Event Log

Name: EventSystem

displayname: COM+ Event System

Name: FastUserSwitchingCompatibility

displayname: Fast User Switching Compatibility

Name: helpsvc

displayname: Help and Support

Name: HTTPFilter

displayname: HTTP SSL

Name: iPod Service

displayname: iPod Service

Name: JavaQuickStarterService

displayname: Java Quick Starter

Name: lanmanserver

displayname: Server

Name: lanmanworkstation

displayname: Workstation

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: LmHosts

displayname: TCP/IP NetBIOS Helper

Name: LVPrcSrv

displayname: Process Monitor

Name: Netman

displayname: Network Connections

Name: Nhksrv

displayname: Netropa NHK Server

Name: Nla

displayname: Network Location Awareness (NLA)

Name: NMSSvc

displayname: Intel® NMS

Name: OAcat

displayname: Online Armor Helper Service

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: IPSEC Services

Name: ProtectedStorage

displayname: Protected Storage

Name: RasMan

displayname: Remote Access Connection Manager

Name: RetroLauncher

displayname: Retrospect Launcher

Name: RetroWDSvc

displayname: Retrospect WD Service

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: seclogon

displayname: Secondary Logon

Name: SENS

displayname: System Event Notification

Name: ServiceLayer

displayname: ServiceLayer

Name: SharedAccess

displayname: Windows Firewall/Internet Connection Sharing (ICS)

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: Spooler

displayname: Print Spooler

Name: srservice

displayname: System Restore Service

Name: SSDPSRV

displayname: SSDP Discovery Service

Name: stisvc

displayname: Windows Image Acquisition (WIA)

Name: Symantec Core LC

displayname: Symantec Core LC

Name: TapiSrv

displayname: Telephony

Name: TermService

displayname: Terminal Services

Name: Themes

displayname: Themes

Name: TrkWks

displayname: Distributed Link Tracking Client

Name: upnphost

displayname: Universal Plug and Play Device Host

Name: Viewpoint Manager Service

displayname: Viewpoint Manager Service

Name: W32Time

displayname: Windows Time

Name: WebClient

displayname: WebClient

Name: WinDefend

displayname: Windows Defender

Name: winmgmt

displayname: Windows Management Instrumentation

Name: WMDM PMSP Service

displayname: WMDM PMSP Service

Name: WMPNetworkSvc

displayname: Windows Media Player Network Sharing Service

Name: wscsvc

displayname: Security Center

Name: wuauserv

displayname: Automatic Updates

Name: WudfSvc

displayname: Windows Driver Foundation - User-mode Driver Framework

Name: WZCSVC

displayname: Wireless Zero Configuration

Share this post


Link to post
Share on other sites

Yes, the HijackThis log and AdAware log are from the same system. Thansk for taking a look at them and for hopefully being able to help me. I think my computer is actually running even slower now than when I first posted this.

 

 

 

Hi,

 

Is this from same system?

Share this post


Link to post
Share on other sites

Hi,

 

Ok. I'll close the other topic then :)

 

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Share this post


Link to post
Share on other sites

Hello Blade81. Thanks for your help. Here are the log files you requested. DDS is pasted and the Attach file is attached in Zip format, as instructed by the DDS program. I hope this helps and look forward to your next move for me.

Sincerely,

Billy-boy

 

 

DDS (Ver_09-05-14.01) - NTFSx86

Run by Billy at 13:54:19.48 on Thu 06/18/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.136 [GMT -4:00]

 

AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\NMSSvc.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\System32\umonit.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\Promon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

J:\My Music\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Billy\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aol.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe

mRun: [uMonit] c:\windows\system32\umonit.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [WINDVDPatch] CTHELPER.EXE

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [Promon.exe] Promon.exe

mRun: [DellTouch] c:\windows\MMKeybd.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

uPolicies-explorer: <NO NAME> =

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: aol.com\free

Trusted Zone: rr.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab

DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab

DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab

DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab

DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\billy\applic~1\mozilla\firefox\profiles\a39yc0bg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 9090

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: j:\my music\mozilla plugins\npitunes.dll

 

============= SERVICES / DRIVERS ===============

 

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-4-15 9344]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-1 178376]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-1 30920]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-1 28872]

R2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2008-9-13 196096]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2004-12-13 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2004-12-13 3904]

R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-4-9 6016]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2008-9-13 6942]

S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2008-9-13 120352]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-2-8 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-2-8 8320]

S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2006-5-14 163328]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

 

=============== Created Last 30 ================

 

2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008)

2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp)

2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee]

2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3

2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009]

2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC

2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC

 

==================== Find3M ====================

 

2009-06-18 08:13 0 a------- c:\windows\system32\drivers\lvuvc.hs

2009-06-18 08:13 0 a------- c:\windows\system32\drivers\logiflt.iad

2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll

2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys

2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT

2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys

2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe

2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe

2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat

2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 13:58:13.67 ===============

Attach.zip

Share this post


Link to post
Share on other sites

Hi,

 

Uninstall these vulnerable Javas:

Java 2 Runtime Environment, SE v1.4.2

Java™ 6 Update 4

Java™ 6 Update 7

 

Get Adobe Reader Update 9.1.2 here or uninstall Adobe Reader for good and get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

 

Update Firefox to version 3.0.11 if you use it.

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

Kaspersky Online Scanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

  • Read the requirements and privacy statement then click on the Accept button.

  • The program will launch and start to download the latest definition files.

  • You will be prompted to install an application from Kaspersky. Click Run

  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives

  • Click on My Computer under Scan.

  • Once the scan is complete, it will display the results. Click on View Scan Report.

  • Click on Save Report As....

  • Change the Files of type to Text file (.txt) before clicking on the Save button.

  • Save this report to a convenient place.

  • Copy and paste that information & a fresh dds.txt log into your topic. How's the system running?

  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here

Share this post


Link to post
Share on other sites

Hi. I uninstalled the Java's you listed and Adobe Reader, ran ATF cleaner but am having real problems getting Kapersky to do an entire scan after having tried it for the past 4 days. It reaches a file (different ones on different scans) and freezes. There were 3 infected objects, 5 Threat names and 5 suspiscious objects found before it froze. I have also sometimes gotten a message about a Java error when I retry the Kapersky scan. Is there something I am doing wrong or do you have an other suggestions? On a side note, I also followed your instructions for my laptop, which is on my home netwrk and it found an infected object. I was going to ask if you wouldn't mind looking at that DDS scan after we fix the current problem on my desktop? Thanks.

Here is a new DDS scan in case that may help.

 

 

DDS (Ver_09-05-14.01) - NTFSx86

Run by Billy at 15:52:03.81 on Mon 06/22/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aol.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe

mRun: [uMonit] c:\windows\system32\umonit.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [WINDVDPatch] CTHELPER.EXE

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [Promon.exe] Promon.exe

mRun: [DellTouch] c:\windows\MMKeybd.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

uPolicies-explorer: <NO NAME> =

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: aol.com\free

Trusted Zone: rr.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab

DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab

DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab

DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab

DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

 

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008)

2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp)

2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee]

2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3

2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009]

2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC

2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC

 

==================== Find3M ====================

 

2009-06-21 11:11 0 a------- c:\windows\system32\drivers\lvuvc.hs

2009-06-21 11:11 0 a------- c:\windows\system32\drivers\logiflt.iad

2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll

2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys

2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT

2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys

2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe

2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe

2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat

2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 16:00:51.93 ===============

Share this post


Link to post
Share on other sites

Hi,

 

Have you defragged hard drive lately? Doing that could help with Kaspersky scanning issue.

 

If still no success please try this:

 

Download the latest version of Kaspersky Virus Removal Tool

 

* Close all other applications and double-click and run the installer.

* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.

* If malware is detected, don't remove anything.

* After the scan finishes, don't neutralize anything.

* In the Scan window click the Reports button and select Save to file.

* Name the report AVPT.txt, and save it to the Desktop.

* Close AVPTool.

* You will be prompted if you want to uninstall the program; click Yes.

* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.

* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Share this post


Link to post
Share on other sites

Hello and thanks for your patience. I was able to get a Kapersky scan which I have attached along with a fresh DDS scan. I think the problem was that Kapersky was also scanning my External Hard Drive and kept freezing up there. I disconected the EHD and ran the scan for the C drive. Please let me know if you think it is important to also scan the EHD.

Thanks,

Billy-Boy

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, June 26, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Friday, June 26, 2009 14:01:17

Records in database: 2390991

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Files scanned: 96674

Threat name: 3

Infected objects: 2

Suspicious objects: 5

Duration of the scan: 03:58:04

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Billy\Local Settings\Application Data\Identities\{A7AE0C68-6EBE-4D18-9635-1622F3ACCD9C}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1

C:\Documents and Settings\Nasrin\Local Settings\Application Data\Identities\{3D2AC033-5D88-4026-80F4-B6996657C702}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc15.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc23.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc6.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

 

The selected area was scanned.

 

 

 

DDS Log

 

 

DDS (Ver_09-05-14.01) - NTFSx86

Run by Billy at 12:32:57.03 on Fri 06/26/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aol.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe

mRun: [uMonit] c:\windows\system32\umonit.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [WINDVDPatch] CTHELPER.EXE

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [Promon.exe] Promon.exe

mRun: [DellTouch] c:\windows\MMKeybd.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

uPolicies-explorer: <NO NAME> =

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: aol.com\free

Trusted Zone: rr.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab

DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab

DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab

DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab

DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

 

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008)

2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp)

2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee]

2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3

2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009]

 

==================== Find3M ====================

 

2009-06-25 07:38 0 a------- c:\windows\system32\drivers\lvuvc.hs

2009-06-25 07:38 0 a------- c:\windows\system32\drivers\logiflt.iad

2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll

2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll

2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys

2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT

2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys

2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe

2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe

2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat

2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 12:35:04.37 ===============

Share this post


Link to post
Share on other sites

Hi again,

 

To make sure external drive doesn't carry any bad items it would be recommended to scan its contents too.

 

Check email messages in these mail boxes and delete suspicous looking messages if any present:

C:\Documents and Settings\Billy\Local Settings\Application Data\Identities\{A7AE0C68-6EBE-4D18-9635-1622F3ACCD9C}\Microsoft\Outlook Express\Inbox.dbx

C:\Documents and Settings\Nasrin\Local Settings\Application Data\Identities\{3D2AC033-5D88-4026-80F4-B6996657C702}\Microsoft\Outlook Express\Sent Items.dbx

 

Please empty also Windows recycler bin.

Share this post


Link to post
Share on other sites

Thanks for the quick response. Are you telling me that the only infections I have are in my Outlook Express? Are you asking me to delete the files you listed or to just go through the Inbox of the email accounts to delete any suspicious emails? I use TrendMicro Anti-Spam and it has a spam box. Shouldn't that protect me?

I'll work on getting the Ext Hard Drive scanned.

Thanks again

Share this post


Link to post
Share on other sites
Are you telling me that the only infections I have are in my Outlook Express?

Hi,

 

Yes, it looks like that.

 

Are you asking me to delete the files you listed or to just go through the Inbox of the email accounts to delete any suspicious emails?

Only suspicious emails.

 

I use TrendMicro Anti-Spam and it has a spam box. Shouldn't that protect me?

It's possible that Kaspersky detects some messages falsely positive. That's why I asked to delete only those that look suspicious to you ;)

Share this post


Link to post
Share on other sites

Hello. I ended up using the Kaspersky Virus Removal Tool and am including the AVPT.txt results file. I had a message at the end which said;

Scan Alert - Detected

Trojan-Spy.HTML.Fraud.gen

Email message body contains Trojan Program... and cannot be disinfected

Theen there were option sto Quarintine, Skip or Delete. I chose Skip all which then ended the scan and I was able to generate the report. I also uninstalled and restrted the computer.

It looks as if these results are a little different from the earlier scan of my C drive? It also seems that the External Hard Drive is clean?

Thanks again. I hope your weekend was nice.

 

 

Scan

----

Scanned: 1372082

Detected: 6

Untreated: 6

Start time: 6/27/2009 3:32:46 PM

Duration: 1 days 06:11:10

Finish time: 6/28/2009 9:43:56 PM

 

 

Detected

--------

Status Object

------ ------

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, July 2008 Bank of America Associate Discount Program Savings Update][Time:2008/08/21 20:12:51]/text/html

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Bank of America Associate Discount Program Holiday Savings Program][Time:2008/10/22 20:45:47]/text/html

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, October 2008 Bank of America Associate Discount Program Savings Update][Time:2008/11/12 20:48:06]/text/html

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy, Your Account Has Been Upgraded][Time:2009/01/14 23:14:22]/text/html

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Top 10 Editor's Picks on Bank of America Associate Discount Program][Time:2009/03/31 10:20:38]/text/html

detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, June 2009 Bank of America Associate Discount Program Update][Time:2009/06/11 17:20:00]/text/html

Share this post


Link to post
Share on other sites

Hi,

 

Yes, weekend was nice (and short again). Thanks for asking ;)

 

Do you recognize source of those email messages listed there? If you do, then the findings are probably false positives.

Share this post


Link to post
Share on other sites

What's my next move?

Also, I know I have way too many running processes, which also slows down my computer. Do you have any ideas about helping out with this?

Also, could I send you the DDS and Attach logs to look at for my laptop when we are done with my desktop?

Thanks

Share this post


Link to post
Share on other sites
What's my next move?

Hi,

 

To me the log looks quite ok now. Are you still experiencing any issues with the system?

 

Also, I know I have way too many running processes, which also slows down my computer. Do you have any ideas about helping out with this?

You may see this about slow systems and how to possibly improve the performance ;)

 

 

Also, could I send you the DDS and Attach logs to look at for my laptop when we are done with my desktop?

You may open a new topic for that if the system has issues. If there're no issues then I see no reason to create topic.

Share this post


Link to post
Share on other sites

But I thought my computer was definitely infected with a Trojan virus? Should I run the Kaspersky Virus Removal Tool and Delete or Quarintine the found infected files? Also, the Kapersky Online Virus Tool found a few things but I guess they are the same as the ones the Kapersky Virus Removal Tool found?

Do I need to do a final HijackThis log?

Thanks for everything.

Share this post


Link to post
Share on other sites
But I thought my computer was definitely infected with a Trojan virus?

The scans didn't find anything else than those few email related items.

 

Should I run the Kaspersky Virus Removal Tool and Delete or Quarintine the found infected files?

Do you mean those email messages flagged in the report you posted? If so, then all needed is to delete email messages with those timestamp and subject details. However, if you are familiar with them then the messages are, as I stated earlier, probably false positives.

 

Also, the Kapersky Online Virus Tool found a few things but I guess they are the same as the ones the Kapersky Virus Removal Tool found?

Yes, those were probably same. Just a bit differently shown.

 

Do I need to do a final HijackThis log?

No need to create a new one :)

Share this post


Link to post
Share on other sites

Thank you again for all of your patience and help. This forum is wonderful and volunteers like you are so appreciated. Thanks again and have a great summer.

Sincerely,

Billy-Boy

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this