Sponsored By

Jared

Cannot Delete Trojan Virus

Recommended Posts

Hello, my computer recently started running really slow, I play online games and it has become impossible because my computer is lagging so much. Even as I type this the letters are appearing noticeably seconds later then that should be. I ran a virus check with Windows Live OneCare and it found three Trojans that it couldn't delete, I have done a scan with Hijackthis, this is my log, please help me :)

For some reason Hijackthis wont let me save a log file so ill show you a screen shot of what it comes up with. I would really appreciate any help, thank you.

screenshot1zy7.jpg

screenshot2ak8.jpg

Please help.

Share this post


Link to post
Share on other sites

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Since you are running Vista, you may need to right-click and run as an Administrator.

Download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Share this post


Link to post
Share on other sites

Thank you for you help, I ran DSS, here are the main.txt and extra.txt

MAIN

Deckard's System Scanner v20070905.67

Run by Grant on 2007-09-20 01:42:11

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

12: 2007-09-19 10:40:50 UTC - RP159 - Microsoft OneCare Protection Checkpoint

11: 2007-09-19 05:32:25 UTC - RP157 - Microsoft OneCare Protection Checkpoint

10: 2007-09-19 02:10:11 UTC - RP155 - Microsoft OneCare Protection Checkpoint

9: 2007-09-18 11:17:10 UTC - RP153 - Installed Windows Live

8: 2007-09-18 10:55:22 UTC - RP152 - Installed Windows Live

-- First Restore Point --

1: 2007-09-18 01:46:25 UTC - RP144 - Microsoft OneCare Protection Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Grant.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:43:41 AM, on 20/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe

C:\Users\Grant\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Grant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)

O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O20 - Winlogon Notify: wvwxw - C:\Windows\

O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 5476 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 16197 - \??\c:\windows\system32\16197.sys

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>

R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S4 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Nokia N73

Device ID: ROOT\WPD000

Manufacturer: Nokia

Name: Nokia N73

PNP Device ID: ROOT\WPD000

Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2007-09-15 14:33:38 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-08-20 and 2007-09-20 -----------------------------

2007-09-19 15:34:35 0 d-------- C:\75cf96a29f74c67ebc0686a23926

2007-09-19 08:37:16 0 d-------- C:\Program Files\Trend Micro

2007-09-18 20:44:57 0 d-------- C:\Program Files\Windows Live

2007-09-18 20:44:27 0 d-------- C:\Users\All Users\WLInstaller

2007-09-18 20:35:10 0 d-------- C:\Users\All Users\Avg7

2007-09-18 07:40:49 0 d-------- C:\Program Files\Microsoft Windows OneCare Live

2007-09-17 21:05:51 0 d-------- C:\Program Files\Windows Live Safety Center

2007-09-11 10:46:24 95744 --a------ C:\Windows\system32\msencode.dll

2007-09-11 10:46:24 4126 --a------ C:\Windows\system32\msdxmlc.dll

2007-09-11 10:46:24 311296 --a------ C:\Windows\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport>

2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files\NSV

-- Find3M Report ---------------------------------------------------------------

2007-09-19 11:44:02 2062 --a------ C:\Windows\bthservsdp.dat

2007-09-18 20:37:02 0 d-------- C:\Program Files\Image-Line

2007-09-18 08:27:59 0 d-------- C:\Program Files\AskPBar

2007-09-18 08:18:57 0 d-------- C:\Users\Grant\AppData\Roaming\Paltalk

2007-09-18 08:18:57 0 d-------- C:\Program Files\Paltalk Messenger

2007-09-18 07:57:10 0 d-------- C:\Program Files\VstPlugins

2007-09-17 14:35:41 0 d-------- C:\Program Files\LimeWire

2007-09-16 12:13:58 0 d-------- C:\Users\Grant\AppData\Roaming\uTorrent

2007-09-14 18:14:59 2910 --a------ C:\Users\Grant\AppData\Roaming\wklnhst.dat

2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files

2007-08-11 16:53:36 0 d-------- C:\Program Files\iTunes

2007-08-11 16:53:30 0 d-------- C:\Program Files\iPod

2007-08-11 16:44:57 0 d-------- C:\Program Files\QuickTime

2007-08-10 15:59:35 0 d-------- C:\Program Files\World of Warcraft

2007-07-31 19:00:00 0 d-------- C:\Program Files\Siemens Subscriber Networks

2007-07-30 16:44:20 0 d-------- C:\Program Files\ousbnic

2007-06-21 13:22:52 43520 --a------ C:\Windows\system32\CmdLineExt03.dll <CMDLIN~1.DLL>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8071E65A-3F56-4426-8372-8667CD213057}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2007 01:28 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 06:44 PM]

"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/08/2007 03:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 04:19 PM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 10:33 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvwxw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxwvw]

xxyxwvw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Grant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

path=C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk

backup=C:\Windows\pss\CCC.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\Windows\system32\mfqdlycu.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]

C:\Program Files\Ascentive\Performance Center\APCMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0612725f-e7c9-11db-b257-0015c5ba7ce8}]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------

EXTRA

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)

Architecture: X86; Language: English

CPU 0: Intel® Core2 CPU T7200 @ 2.00GHz

Percentage of Memory in Use: 46%

Physical Memory (total/avail): 2045.82 MiB / 1101.88 MiB

Pagefile Memory (total/avail): 4312.68 MiB / 3248.64 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1929.17 MiB

C: is Fixed (NTFS) - 107.42 GiB total, 35.23 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 2 partitions

\PARTITION0 (bootable) - Installable File System - 107.42 GiB - C:

\PARTITION1 - Unknown - 1435.5 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)

AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated

AS: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:[email protected] User Interface"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Grant\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=GRANT-B3E9F098A

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Grant

LOCALAPPDATA=C:\Users\Grant\AppData\Local

LOGONSERVER=\\GRANT-B3E9F098A

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f06

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Grant\AppData\Local\Temp

TMP=C:\Users\Grant\AppData\Local\Temp

USERDOMAIN=GRANT-B3E9F098A

USERNAME=Grant

USERPROFILE=C:\Users\Grant

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Grant

-- Add/Remove Programs ---------------------------------------------------------

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything

µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Photoshop CS2 -->

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log

Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}

Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Branding -->

Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}

Canon iP4300 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0009

Canon Setup Utility 2.3 --> "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini

Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox --> C:\Program Files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini

Catalyst Control Center Core Implementation -->

Catalyst Control Center Graphics Full Existing -->

Catalyst Control Center Graphics Full New -->

Catalyst Control Center Graphics Light -->

Catalyst Control Center Graphics Previews Vista -->

ccc-core-static -->

ccc-core-update1 -->

ccc-utility -->

CCC Help English -->

CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

DawnOfWar -->

DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}

Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}

Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"

e-tax 2007 --> C:\etax2007\e-tax 2007_uninstall.exe

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe

iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"

mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft Protection Service --> MsiExec.exe /I{A9475612-7515-4532-B59C-06689088F5E0}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Windows Live OneCare Resources v1.6.2111.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}

Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}

Microsoft Windows OneCare Live v1.6.2111.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}

Microsoft Windows OneCare Live v1.6.2111.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}

Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}

Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}

Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}

Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}

Nokia Nseries Skin for Microsoft Windows Media Player --> MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}

Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng.exe

Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}

Nokia Software Updater --> MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2}

Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}

PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}

PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Prism --> C:\Program Files\NCH Software\Prism\uninst.exe

PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Roxio DVDit Pro HD --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skins -->

Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe

VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe

WebFldrs XP -->

WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf

Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf

Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf

Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf

Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf

Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf

Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf

Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}

Windows Live Mail --> MsiExec.exe /I{EDB619FD-4E71-403C-8E99-DFC9CF9DD345}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u

Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}

Windows Movie Maker 2.6 --> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type58486 / Error

Event Submitted/Written: 09/20/2007 01:37:04 AM

Event ID/Source: 454 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022.

Event Record #/Type58485 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 419 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022.

Event Record #/Type58484 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 481 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: An attempt to read from the file "\\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db" at offset 1179648 (0x0000000000120000) for 8192 (0x00002000) bytes failed after msnmsgr0 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Event Record #/Type58480 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 454 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022.

Event Record #/Type58479 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 419 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type65430 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65429 / Error

Event Submitted/Written: 09/20/2007 01:36:59 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65427 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65426 / Error

Event Submitted/Written: 09/20/2007 00:36:50 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65422 / Warning

Event Submitted/Written: 09/20/2007 00:00:14 AM

Event ID/Source: 1006 / OneCareMP

Event Description:

%GRANT-B3E9F098A29 scan has detected spyware or other potentially unwanted software.

For more information please see the following:

%GRANT-B3E9F098A295

Scan ID: {45E52CDF-CD44-42D4-882B-507375334443}

Scan Type: %GRANT-B3E9F098A02

Scan Parameters: %GRANT-B3E9F098A08

User: GRANT-B3E9F098A\Grant

Name: %GRANT-B3E9F098A291

ID: %GRANT-B3E9F098A292

Severity: 1.5.1937.05

Category: 1.5.1937.06

Path Found: %GRANT-B3E9F098A296

Detection Type: 1.5.1937.02

-- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------

Share this post


Link to post
Share on other sites

Hey Jared,

Step 1

Please download DAFT and save it to your desktop:

  • Double-click the daft.exe icon. Read the disclaimer and click OK.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile and a fresh HJT log with your next reply.

Step 2

Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Share this post


Link to post
Share on other sites

Hey, thanks for the help.

Daft:

DAFT Log saved on 2007-09-20 23:24:27

-----------------------------------------------------------------------

All associations okay!

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:52 PM, on 20/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)

O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O20 - Winlogon Notify: wvwxw - C:\Windows\

O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 5507 bytes

Im running the VundoFix now. Once again, thanks for the help. Is it looking better?

EDIT - VundoFix didnt find anything, so nothing happened.

Edited by Jared

Share this post


Link to post
Share on other sites

Hello again,

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Step 1

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)

O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file)

O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)

O20 - Winlogon Notify: wvwxw - C:\Windows\

O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 2

Click on the Start Button, Click Search

  • Click All Files and Folder
  • Click Advanced Options, put a check next to the following:
    • Search System Folders
    • Search Hidden Files And Folders
    • Search Subfolders

Now in the Search box, please copy/paste the following into it(one at a time):

xxyxwvw.dll

wvwxw

If they are found, please make sure to delete them.

If you have any errors with the manual deletions please let me know.

Step 3

Download and scan with SUPERAntiSpyware Free for Home Users

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

    [*]Click the "Close" button to leave the control center screen.

    [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

    [*]On the left, make sure you check C:\Fixed Drive.

    [*]On the right, under "Complete Scan", choose Perform Complete Scan.

    [*]Click "Next" to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

    [*]Make sure everything has a checkmark next to it and click "Next".

    [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

    [*]If asked if you want to reboot, click "Yes".

    [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply along with a fresh HJT log.

    [*]Click Close to exit the program.

Share this post


Link to post
Share on other sites

Thanks for the help, I did what you said, here are the logs:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:54:55 PM, on 21/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 5436 bytes

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/21/2007 at 05:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3310

Trace Rules Database Version: 1314

Scan type : Complete Scan

Total Scan Time : 07:21:01

Memory items scanned : 629

Memory threats detected : 0

Registry items scanned : 6803

Registry threats detected : 1

File items scanned : 200568

File threats detected : 7

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8071E65A-3F56-4426-8372-8667CD213057}

Adware.Tracking Cookie

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Is it running better yet? Or is there still problems?

EDIT - After I did this I ran a quick virus check with Windows Live OneCare and it still comes up with a virus called 'Trojan:Win32/Conhook.A' do you have any idea what this is??

Edited by Jared

Share this post


Link to post
Share on other sites

Yes that is a vundo variant. Lets run another scan to see if we can find anything else hiding.

Step 1

Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step 2

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Share this post


Link to post
Share on other sites

I ran VundoFix and it found nothing.

When I went to the Panda site the scan wouldn't open because it said they don't currently support Windows Vista...

Thank you for your help so far, I hope you can help me remove this Trojan.

Share this post


Link to post
Share on other sites

To me it sounds just like something left over in System Restore.

Lets try a Vista supported scan then.

Please go HERE to run Panda's TotalScan

  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Edited by MoNsTeReNeRgY22

Share this post


Link to post
Share on other sites

Finished the scan, here are the results:

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2007-09-22 12:25:53

PROTECTIONS: 1

MALWARE: 33

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Windows Live OneCare 1.0.0 Yes Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.doubleclick.net/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atdmt.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.mediaplex.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.pacificpoker.com/]

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.clickbank.net/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.toplist.cz/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bs.serving-sys.com/]

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/]

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[www.burstbeacon.com/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[statse.webtrendslive.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.overture.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adrevolver.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atwola.com/]

00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[adserver.filefront.com/]

01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\ijophorg.dll

01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\epvpqyit.dll

01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\mfqdlycu.dll

02133701 Trj/Downloader.QGS Virus/Trojan No 0 No No C:\Deckard\System Scanner\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[patch.exe]

02137870 Spyware/Virtumonde Spyware No 1 No No C:\Deckard\System Scanner\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[keygen.exe]

;===============================================================================

=================================================================================

===================

SUSPECTS

Location

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

Share this post


Link to post
Share on other sites

Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    C:\Windows\System32\ijophorg.dll
    C:\Windows\System32\epvpqyit.dll
    C:\Windows\System32\mfqdlycu.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :

C:\_OTMoveIt\MovedFiles\********_******.log

(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Share this post


Link to post
Share on other sites

Ran that, here are the results:

LoadLibrary failed for C:\Windows\System32\ijophorg.dll

C:\Windows\System32\ijophorg.dll NOT unregistered.

C:\Windows\System32\ijophorg.dll moved successfully.

LoadLibrary failed for C:\Windows\System32\epvpqyit.dll

C:\Windows\System32\epvpqyit.dll NOT unregistered.

C:\Windows\System32\epvpqyit.dll moved successfully.

LoadLibrary failed for C:\Windows\System32\mfqdlycu.dll

C:\Windows\System32\mfqdlycu.dll NOT unregistered.

C:\Windows\System32\mfqdlycu.dll moved successfully.

Created on 09/22/2007 17:00:36

Share this post


Link to post
Share on other sites

Deckard's System Scanner v20070905.67

Run by Grant on 2007-09-23 08:17:30

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- HijackThis (run as Grant.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:17:54 AM, on 23/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Users\Grant\Desktop\dss(2).exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Grant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 5552 bytes

-- Files created between 2007-08-23 and 2007-09-23 -----------------------------

2007-09-22 17:55:01 0 d-------- C:\Program Files\ABC

2007-09-22 10:30:53 0 d-------- C:\Program Files\Panda Security

2007-09-21 10:22:59 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com

2007-09-21 10:19:30 0 d-------- C:\Program Files\SUPERAntiSpyware

2007-09-21 10:13:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-09-20 23:26:56 0 d-------- C:\VundoFix Backups

2007-09-19 15:34:35 0 d-------- C:\75cf96a29f74c67ebc0686a23926

2007-09-19 08:37:16 0 d-------- C:\Program Files\Trend Micro

2007-09-18 20:44:57 0 d-------- C:\Program Files\Windows Live

2007-09-18 20:44:27 0 d-------- C:\Users\All Users\WLInstaller

2007-09-18 20:35:10 0 d-------- C:\Users\All Users\Avg7

2007-09-18 07:40:49 0 d-------- C:\Program Files\Microsoft Windows OneCare Live

2007-09-17 21:05:51 0 d-------- C:\Program Files\Windows Live Safety Center

2007-09-11 10:46:24 95744 --a------ C:\Windows\system32\msencode.dll

2007-09-11 10:46:24 4126 --a------ C:\Windows\system32\msdxmlc.dll

2007-09-11 10:46:24 311296 --a------ C:\Windows\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport>

2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files\NSV

-- Find3M Report ---------------------------------------------------------------

2007-09-22 20:07:33 0 d-------- C:\Users\Grant\AppData\Roaming\.ABC

2007-09-21 17:50:21 12 --a------ C:\Windows\bthservsdp.dat

2007-09-21 10:19:30 0 d-------- C:\Users\Grant\AppData\Roaming\SUPERAntiSpyware.com

2007-09-21 10:13:16 0 d-------- C:\Program Files\Common Files

2007-09-18 20:37:02 0 d-------- C:\Program Files\Image-Line

2007-09-18 08:27:59 0 d-------- C:\Program Files\AskPBar

2007-09-18 08:18:57 0 d-------- C:\Users\Grant\AppData\Roaming\Paltalk

2007-09-18 08:18:57 0 d-------- C:\Program Files\Paltalk Messenger

2007-09-18 07:57:10 0 d-------- C:\Program Files\VstPlugins

2007-09-17 14:35:41 0 d-------- C:\Program Files\LimeWire

2007-09-16 12:13:58 0 d-------- C:\Users\Grant\AppData\Roaming\uTorrent

2007-09-14 18:14:59 2910 --a------ C:\Users\Grant\AppData\Roaming\wklnhst.dat

2007-08-11 16:53:36 0 d-------- C:\Program Files\iTunes

2007-08-11 16:53:30 0 d-------- C:\Program Files\iPod

2007-08-11 16:44:57 0 d-------- C:\Program Files\QuickTime

2007-08-10 15:59:35 0 d-------- C:\Program Files\World of Warcraft

2007-07-31 19:00:00 0 d-------- C:\Program Files\Siemens Subscriber Networks

2007-07-30 16:44:20 0 d-------- C:\Program Files\ousbnic

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2007 01:28 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 06:44 PM]

"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/08/2007 03:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 04:19 PM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 10:33 PM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Grant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

path=C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk

backup=C:\Windows\pss\CCC.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\Windows\system32\mfqdlycu.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]

C:\Program Files\Ascentive\Performance Center\APCMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0612725f-e7c9-11db-b257-0015c5ba7ce8}]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-09-23 08:18:47 ------------

:D Thanks once again.

Share this post


Link to post
Share on other sites

Hello again,

Step 1

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

So, let’s set you up with a FREE and excellent anti-virus program called avast! 4 Home Edition.

First go HERE and download avast! 4 Home Edition to your Desktop.

Steps for installing avast! 4 Home Edition:

Locate the file for installing avast! double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.

Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choicing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, you will see two new tray icons trey2.jpg right click on the a icon in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan.

schedulebootav.jpg

Next, choose

  • Scan all local disks
  • scan archive files
    scheduleboot12.jpg
  • click on Schedule

On the next dialog Operating system restart needed select Yes

scheduleboot23.jpg

Now avast! will restart your computer and start to scan before Windows fully loads. If detects infections while boot time scaning, you will be given choices for actions, choose move to chest actions and don't delete anything.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

Finally when the scan will finish the computer will boot in Normal Mode, then using Windows Explorer navigate to C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt double click on aswBoot.txt it will open Notepad with report of the scan, please copy and paste the report in this thread.

Note:

If you are not able to use Normal Mode, to download programs and to update avast! use Safe Mode with Networking. To run scans reboot to Safe Mode. Do NOT use "Safe Mode with Networking" for running scans!

If you have installed avast! from Safe Mode, when the setup is done, you will not see the two icons in the tray, instead of that use the icon at the desktop for updating and scheduling boot time scan avasticon.jpg

The icons in the tray are visible in Normal Mode!

Please post back with avast! scan report and new HijackThis log. Let me know if you have any problems with above instructions, or you have any questions

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

Step 2

I also notice you don't have a firewall. A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

Step 3

Please run the TotalScan again from above and post the log along with the Avast log and a fresh HJT Log.

Share this post


Link to post
Share on other sites

09/24/2007 12:53

Scan of all local drives

File C:\Program Files\Panda Security\TotalScan\pskavs.dll is infected by Win32:CTX, Repair: Error 42060 {The file was not repaired.}, Deleted

File C:\Users\Grant\Desktop\sdsetup.exe\{app}\IDBLib.sdp Error 42146 {Installer archive is corrupted.}

File C:\Windows\System32\gebyx.dll is infected by Win32:Vundo-gen49 [Adw], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted

File C:\Windows\System32\pmkkh.dll is infected by Win32:Vundo-gen49 [Adw], Repair: Error 42060 {The file was not repaired.}, Deleted

Scanning aborted

Number of searched folders: 10656

Number of tested files: 296916

Number of infected files: 3

----------------------------------------

09/25/2007 07:46

Scan of all local drives

File C:\Users\Grant\Desktop\sdsetup.exe\{app}\IDBLib.sdp Error 42146 {Installer archive is corrupted.}

File C:\Windows\System32\epvpqyit.dll is infected by Win32:Virtumonde-BA [Adw], Moved

File C:\Windows\System32\gebyx.dll is infected by Win32:Vundo-gen49 [Adw], Moved to chest

File C:\Windows\System32\ijophorg.dll is infected by Win32:Virtumonde-BA [Adw], Moved

File C:\Windows\System32\mfqdlycu.dll is infected by Win32:Virtumonde-BA [Adw], Moved to chest

File C:\Windows\System32\pmkkh.dll is infected by Win32:Vundo-gen49 [Adw], Moved to chest

Number of searched folders: 15800

Number of tested files: 319137

Number of infected files: 5

TotalScan:

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2007-09-25 20:30:22

PROTECTIONS: 2

MALWARE: 36

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

avast! antivirus 4.7.1043 [VPS 000776-1] 4.7.1043 No Yes

Windows Live OneCare 1.0.0 No Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.doubleclick.net/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.mediaplex.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.com.com/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.yadro.ru/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.toplist.cz/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bs.serving-sys.com/]

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/]

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[www.burstbeacon.com/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[statse.webtrendslive.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.overture.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.realmedia.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adrevolver.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atwola.com/]

00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[adserver.filefront.com/]

01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\epvpqyit.dll.vir

01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\ijophorg.dll.vir

02133701 Trj/Downloader.QGS Virus/Trojan No 0 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[patch.exe]

02137870 Spyware/Virtumonde Spyware No 1 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[keygen.exe]

;===============================================================================

=================================================================================

===================

SUSPECTS

Location

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:32:30 PM, on 25/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 6488 bytes

Thank you for your time and patience with this, I hope we are getting somewhere...

Something has happened and I can only start my laptop in safe mode, it keeps doing a dump of physical memory every time I start it normally. :(

Edited by Jared

Share this post


Link to post
Share on other sites

Hello again,

Vista has a real good system auto repair on their CDs.

Vista's Repair Console

First, Boot from your Vista installation CD.

Select your Vista Install from the list in “Windows Boot Manager”

· Microsoft Vista Setup (x86)

· Microsoft Vista Setup (x64)

Press enter.

You will then see “Windows is Loading Files”.

Next, the “Language Screen” will come up. Since you have already selected this option when you installed Vista, just click on “Next”.

Now you will see the “Vista Installation Screen”

DO NOT CHOOSE “Install Now”

Instead, towards the bottom left of the window you will see.

· “What to know before installing Windows”

· “Repair your Computer”

Choose and click on “Repair your Computer”

You will then come to the “System Recovery Options”. Choose “Microsoft Windows Vista” from the list. Then click “ Next”.

You will now have the option to choose which “Recovery Tools” you wish to use.

1. “Startup Repair”

Automatically fix problems that are preventing Windows from starting

2. “System Restore”

Restore Windows to an earlier point in time

3. “Windows Complete PC Restore”

Restore your entire computer from a backup

4. “Windows Memory Diagnostic Tool”

Check your computer for memory hardware errors

5. “Command Prompt”

Opens the Command Prompt window

Please select #4 and let me know how that goes.

Share this post


Link to post
Share on other sites

The option wasn't on the CD for some reason, but I was able to load my computer's last good settings and its seemed to work, so now we can work on getting rid of the viruses again.

What do you need from me for us to begin this again?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now