Zlob has got me
Download ComboFix by sUBs from here, saving the file to your desktop.
Close all open programs and windows
- Double click combofix.exe and follow the prompts.
- When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Combofix is downloading but when run states that it is out of date and uninstalls itself
-
Download Deckard's System Scanner (dss.exe) and save it to your desktop.
-
Close all applications and windows.
- Double click on dss.exe to run it and follow the prompts.
- When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post the contents of main.txt only for now.
0 -
-
Download Deckard's System Scanner (dss.exe) and save it to your desktop.-
Close all applications and windows.
- Double click on dss.exe to run it and follow the prompts.
- When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post the contents of main.txt only for now.
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-19 10:55:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-11-18 23:55:32 UTC - RP648 - Deckard's System Scanner Restore Point
2: 2007-11-18 23:49:03 UTC - RP647 - Last known good configuration
1: 2007-11-18 23:48:40 UTC - RP646 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:57:46 AM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\fdhaoohi.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fpktuukr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fpktuukr.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
O20 - Winlogon Notify: fpktuukr - C:\WINDOWS\SYSTEM32\fpktuukr.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: tuvwwxy - C:\WINDOWS\SYSTEM32\tuvwwxy.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\fdhaoohi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
-- HijackThis Fixed Entries (C:\DOCUME~1\Dad\Desktop\backups\) -----------------
backup-20071117-224612-508 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-224612-736 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071117-224612-957 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
backup-20071117-224613-360 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071117-224613-732 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yykgwquj.exe (file missing)
backup-20071117-225611-345 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-232507-408 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-232523-543 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-235154-656 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-235210-352 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-235853-186 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071117-235853-313 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20071117-235853-790 O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
backup-20071118-000440-504 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071118-002640-825 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
backup-20071118-002640-908 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20071118-031523-396 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 uscbs108 - c:\windows\system32\drivers\uscbs108.sys
R3 uscsc108 - c:\windows\system32\drivers\uscsc108.sys
S3 catchme - c:\docume~1\dad\locals~1\temp\catchme.sys (file missing)
S3 StkMini (Syntek DC-112X) - c:\windows\system32\drivers\stkmini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver>
S3 StkScan (Syntek DC-112X Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R2 DomainService - c:\windows\system32\fdhaoohi.exe /service <Not Verified; ; DDC>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe
R2 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>
S2 CS Fire Monitor - "c:\program files\cs fire monitor\csfiremonservice.exe" -service <Not Verified; Crofts Software; CS Fire Monitor Service>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\71402320ED
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\71402320ED
Service: NIC1394
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD00
Manufacturer: Nokia
Name: Princess Nokia N70
PNP Device ID: ROOT\WPD00
Service: WUDFRd
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Antons Nokia N70
Device ID: ROOT\WPD01
Manufacturer: Nokia
Name: Antons Nokia N70
PNP Device ID: ROOT\WPD01
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2007-11-19 10:29:24 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-14 20:02:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-08-21 12:11:04 338 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125623360.job
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-19 09:55:46 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll
2007-11-19 09:55:17 145984 --a------ C:\WINDOWS\system32\rjfppvrf.dll
2007-11-19 06:37:18 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll
2007-11-19 06:34:29 85056 --a------ C:\WINDOWS\system32\utmojxcc.dll
2007-11-19 06:28:22 71232 --a------ C:\WINDOWS\system32\fdhaoohi.exe <Not Verified; ; DDC>
2007-11-19 06:25:18 10816 --a------ C:\WINDOWS\system32\__c00A6484.dat
2007-11-19 06:25:16 10816 --a------ C:\WINDOWS\system32\okxlwala.dll
2007-11-19 06:24:44 10816 --a------ C:\WINDOWS\system32\fqjdksao.dll
2007-11-18 16:51:42 152642 --ahs---- C:\WINDOWS\system32\ggjlm.ini2
2007-11-18 16:51:28 320608 --a------ C:\WINDOWS\system32\mljgg.dll
2007-11-18 10:04:14 82496 --a------ C:\WINDOWS\system32\rwnyclfe.dll
2007-11-18 09:57:26 10816 -----n--- C:\WINDOWS\system32\__c00DB3BE.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe
2007-11-16 21:42:12 35840 --a------ C:\WINDOWS\17PHolmes1188.exe
2007-11-16 21:41:59 36352 --a------ C:\WINDOWS\system32\ddcyvww.dll
2007-11-16 20:44:42 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll
2007-11-16 17:03:24 71232 --a------ C:\WINDOWS\system32\brepqytj.exe <Not Verified; ; DDC>
2007-11-16 16:54:48 40960 --a------ C:\Documents and Settings\Mum\f.exe
2007-11-16 16:54:35 0 --a------ C:\Documents and Settings\Mum\x.dat
2007-11-16 16:54:23 36352 --a------ C:\WINDOWS\system32\yaywxuv.dll
2007-11-16 16:54:19 1017 --a------ C:\Documents and Settings\Mum\z.dat
2007-11-16 16:54:01 36352 --a------ C:\WINDOWS\system32\pmnopnk.dll
2007-11-15 11:03:37 40960 --a------ C:\Documents and Settings\Dad\f.exe
2007-11-15 11:03:24 1204 --a------ C:\Documents and Settings\Dad\x.dat
2007-11-15 11:03:16 36352 --a------ C:\WINDOWS\system32\byxuvvu.dll
2007-11-15 11:03:07 4840 --a------ C:\Documents and Settings\Dad\z.dat
2007-11-15 11:02:54 36352 --a------ C:\WINDOWS\system32\vtuvsqr.dll
2007-11-15 10:36:10 35840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-15 10:35:01 40960 --a------ C:\Documents and Settings\Anton\f.exe
2007-11-15 10:34:54 299 --a------ C:\Documents and Settings\Anton\x.dat
2007-11-15 10:34:30 40341 --a------ C:\Documents and Settings\Anton\z.dat
2007-11-15 10:34:17 36352 --a------ C:\WINDOWS\system32\iifffde.dll
2007-11-15 10:34:00 0 d-------- C:\WINDOWS\system32\rMa18yy
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-19 23:05:01 0 d-------- C:\the hedgehog
-- Find3M Report ---------------------------------------------------------------
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games
2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows>
2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1
2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}]
18/11/2007 04:51 PM 320608 --a------ C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}]
19/11/2007 06:37 AM 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
19/11/2007 09:55 AM 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
16/11/2007 08:44 PM 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}]
C:\WINDOWS\system32\vtstt.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fpktuukr.dll [19/11/2007 09:55 AM 145984]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" [19/11/2007 06:34 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fpktuukr]
fpktuukr.dll 19/11/2007 09:55 AM 145984 C:\WINDOWS\system32\fpktuukr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxy]
tuvwwxy.dll 16/11/2007 08:44 PM 36352 C:\WINDOWS\system32\tuvwwxy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-19 10:59:47 ------------
0 -
-
Highlight and copy the bolded command below.sc stop DomainService
Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command.
sc delete DomainService
Delete the following folder.
C:\WINDOWS\system32\rMa18yy
Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;
Filename: vundofix.vft
Save As Type: All Files (*.*)
C:\WINDOWS\system32\fpktuukr.dll
C:\WINDOWS\system32\rjfppvrf.dll
C:\WINDOWS\system32\uimnlulf.dll
C:\WINDOWS\system32\utmojxcc.dll
C:\WINDOWS\system32\fdhaoohi.exe
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\okxlwala.dll
C:\WINDOWS\system32\fqjdksao.dll
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rwnyclfe.dll
C:\WINDOWS\system32\__c00DB3BE.dat
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\ddcyvww.dll
C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\brepqytj.exe
C:\Documents and Settings\Mum\f.exe
C:\WINDOWS\system32\yaywxuv.dll
C:\WINDOWS\system32\pmnopnk.dll
C:\Documents and Settings\Dad\f.exe
C:\WINDOWS\system32\byxuvvu.dll
C:\WINDOWS\system32\vtuvsqr.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Documents and Settings\Anton\f.exe
C:\WINDOWS\system32\iifffde.dll
-
Close all other windows and programs.
- Double-click VundoFix.exe to run it.
- Drag vundofix.vft onto the listbox (white box) of VundoFix.
- Click the "Remove Vundo" button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new dss log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting
Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as;
C:\passwords\Mum
C:\passwords\Dad
C:\passwords\Anton
C:\Documents and Settings\Mum\x.dat
C:\Documents and Settings\Mum\z.dat
C:\Documents and Settings\Dad\x.dat
C:\Documents and Settings\Dad\z.dat
C:\Documents and Settings\Anton\x.dat
C:\Documents and Settings\Anton\z.dat
Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt
Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own
Vundofix is unable to delete C:\windows\system32\c00A6484.dat
0 -
-
Highlight and copy the bolded command below.
sc stop DomainService
Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command.
sc delete DomainService
Delete the following folder.
C:\WINDOWS\system32\rMa18yy
Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;
Filename: vundofix.vft
Save As Type: All Files (*.*)
C:\WINDOWS\system32\fpktuukr.dll
C:\WINDOWS\system32\rjfppvrf.dll
C:\WINDOWS\system32\uimnlulf.dll
C:\WINDOWS\system32\utmojxcc.dll
C:\WINDOWS\system32\fdhaoohi.exe
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\okxlwala.dll
C:\WINDOWS\system32\fqjdksao.dll
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rwnyclfe.dll
C:\WINDOWS\system32\__c00DB3BE.dat
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\ddcyvww.dll
C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\brepqytj.exe
C:\Documents and Settings\Mum\f.exe
C:\WINDOWS\system32\yaywxuv.dll
C:\WINDOWS\system32\pmnopnk.dll
C:\Documents and Settings\Dad\f.exe
C:\WINDOWS\system32\byxuvvu.dll
C:\WINDOWS\system32\vtuvsqr.dll
C:\WINDOWS\mrofinu1000106.exe
C:\Documents and Settings\Anton\f.exe
C:\WINDOWS\system32\iifffde.dll
-
Close all other windows and programs.
- Double-click VundoFix.exe to run it.
- Drag vundofix.vft onto the listbox (white box) of VundoFix.
- Click the "Remove Vundo" button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new dss log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting
Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as;
C:\passwords\Mum
C:\passwords\Dad
C:\passwords\Anton
C:\Documents and Settings\Mum\x.dat
C:\Documents and Settings\Mum\z.dat
C:\Documents and Settings\Dad\x.dat
C:\Documents and Settings\Dad\z.dat
C:\Documents and Settings\Anton\x.dat
C:\Documents and Settings\Anton\z.dat
Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt
Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own
0 -
-
Please post the logs.
0 -
Please post the logs.
Logs as requested
VundoFix V6.6.2
Checking Java version...
Scan started at 4:28:50 PM 18/11/2007
Listing files found while scanning....
C:\windows\system32\__c00DB3BE.dat
C:\WINDOWS\system32\adkfjpjc.dll
C:\windows\system32\adkfjpjc.dllbox
C:\windows\system32\efcywvw.dll
C:\windows\system32\kxsxwyxs.dll
C:\windows\system32\ojslqoow.dll
C:\windows\system32\ttstv.ini
C:\windows\system32\ttstv.ini2
C:\windows\system32\vtstt.dll
Beginning removal...
Attempting to delete C:\windows\system32\__c00DB3BE.dat
C:\windows\system32\__c00DB3BE.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\adkfjpjc.dll
C:\WINDOWS\system32\adkfjpjc.dll Has been deleted!
Attempting to delete C:\windows\system32\adkfjpjc.dllbox
C:\windows\system32\adkfjpjc.dllbox Has been deleted!
Attempting to delete C:\windows\system32\efcywvw.dll
C:\windows\system32\efcywvw.dll Has been deleted!
Attempting to delete C:\windows\system32\kxsxwyxs.dll
C:\windows\system32\kxsxwyxs.dll Has been deleted!
Attempting to delete C:\windows\system32\ojslqoow.dll
C:\windows\system32\ojslqoow.dll Has been deleted!
Attempting to delete C:\windows\system32\ttstv.ini
C:\windows\system32\ttstv.ini Has been deleted!
Attempting to delete C:\windows\system32\ttstv.ini2
C:\windows\system32\ttstv.ini2 Has been deleted!
Attempting to delete C:\windows\system32\vtstt.dll
C:\windows\system32\vtstt.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\__c00DB3BE.dat
C:\windows\system32\__c00DB3BE.dat Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Scan started at 4:46:53 PM 18/11/2007
Listing files found while scanning....
C:\windows\system32\__c00DB3BE.dat
Beginning removal...
Attempting to delete C:\windows\system32\__c00DB3BE.dat
C:\windows\system32\__c00DB3BE.dat Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\__c00DB3BE.dat
C:\windows\system32\__c00DB3BE.dat Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Scan started at 5:06:55 PM 18/11/2007
Listing files found while scanning....
C:\windows\system32\__c00DB3BE.dat
Beginning removal...
Attempting to delete C:\windows\system32\__c00DB3BE.dat
C:\windows\system32\__c00DB3BE.dat Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Scan started at 11:39:20 AM 19/11/2007
Listing files found while scanning....
Beginning removal...
Attempting to delete C:\Documents and Settings\Anton\f.exe
C:\Documents and Settings\Anton\f.exe Has been deleted!
Attempting to delete C:\Documents and Settings\Dad\f.exe
C:\Documents and Settings\Dad\f.exe Has been deleted!
Attempting to delete C:\Documents and Settings\Mum\f.exe
C:\Documents and Settings\Mum\f.exe Has been deleted!
Attempting to delete C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\17PHolmes1188.exe Has been deleted!
Attempting to delete C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000106.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\__c00A6484.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\__c00DB3BE.dat
C:\WINDOWS\system32\__c00DB3BE.dat Has been deleted!
Attempting to delete C:\WINDOWS\system32\brepqytj.exe
C:\WINDOWS\system32\brepqytj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxuvvu.dll
C:\WINDOWS\system32\byxuvvu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyvww.dll
C:\WINDOWS\system32\ddcyvww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fdhaoohi.exe
C:\WINDOWS\system32\fdhaoohi.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\fpktuukr.dll
C:\WINDOWS\system32\fpktuukr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fqjdksao.dll
C:\WINDOWS\system32\fqjdksao.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ggjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifffde.dll
C:\WINDOWS\system32\iifffde.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\okxlwala.dll
C:\WINDOWS\system32\okxlwala.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnopnk.dll
C:\WINDOWS\system32\pmnopnk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rjfppvrf.dll
C:\WINDOWS\system32\rjfppvrf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rwnyclfe.dll
C:\WINDOWS\system32\rwnyclfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\tuvwwxy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\uimnlulf.dll
C:\WINDOWS\system32\uimnlulf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utmojxcc.dll
C:\WINDOWS\system32\utmojxcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuvsqr.dll
C:\WINDOWS\system32\vtuvsqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywxuv.dll
C:\WINDOWS\system32\yaywxuv.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Scan started at 11:47:06 AM 19/11/2007
Listing files found while scanning....
C:\windows\system32\__c00A6484.dat
C:\windows\system32\fpktuukr.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\__c00A6484.dat
C:\windows\system32\__c00A6484.dat Could not be deleted.
Attempting to delete C:\windows\system32\fpktuukr.dllbox
C:\windows\system32\fpktuukr.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\__c00A6484.dat
C:\windows\system32\__c00A6484.dat Could not be deleted.
Performing Repairs to the registry.
Done!
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-19 12:20:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:20:31 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-19 11:51:31 6948 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2007-11-19 11:51:14 320608 --a------ C:\WINDOWS\system32\pmkjh.dll
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe
2007-11-16 20:44:42 36352 -----n--- C:\WINDOWS\system32\tuvwwxy.dll
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-19 23:05:01 0 d-------- C:\the hedgehog
-- Find3M Report ---------------------------------------------------------------
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games
2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows>
2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1
2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}]
C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}]
C:\WINDOWS\system32\uimnlulf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B13CD278-8708-412A-A1D5-12DC54BCF488}]
19/11/2007 11:51 AM 320608 --a------ C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
16/11/2007 08:44 PM 36352 --------- C:\WINDOWS\system32\tuvwwxy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}]
C:\WINDOWS\system32\vtstt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-19 12:21:14 ------------
0 -
Please post your logs right into the topic rather than attaching them. Thanks!
Copy the contents of the code box below to a blank notepad. Save it to the desktop as;
Filename: fix.reg
Save as type: All Files (*.*)
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Don't do anything with it just yet.
Please download OTMoveIt by OldTimer, saving it to your desktop.
Scan again with HijackThis and place a check next to the following entries then click Fix Checked.
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
Close HijackThis
Double click fix.reg and allow it to merge with the registry.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\tmp.reg
C:\Documents and Settings\Dad\services.exe
C:\WINDOWS\system32\tuvwwxy.dll
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
- Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Now reboot into Safe Mode and logon to your user account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Post the contents of the Report.txt along with a new dss log.
0 - Please double-click OTMoveIt.exe to run it.
-
Please post your logs right into the topic rather than attaching them. Thanks!Copy the contents of the code box below to a blank notepad. Save it to the desktop as;
Filename: fix.reg
Save as type: All Files (*.*)
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Don't do anything with it just yet.
Please download OTMoveIt by OldTimer, saving it to your desktop.
Scan again with HijackThis and place a check next to the following entries then click Fix Checked.
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
Close HijackThis
Double click fix.reg and allow it to merge with the registry.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\tmp.reg
C:\Documents and Settings\Dad\services.exe
C:\WINDOWS\system32\tuvwwxy.dll
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
- Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop.before downloading and running
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Now reboot into Safe Mode and logon to your user account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Post the contents of the Report.txt along with a new dss log.
I'm on a different computer because...
I forgot to the post OT_MoveIt log before downlading & extracting SDFix.
when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....
0 - Please double-click OTMoveIt.exe to run it.
-
-->
I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix.
when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....
my keyboard has gone haywire 3 acts as delete..nothing else seems to work
0 -
-->
I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix.
when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....
Latest....now able to logon to my user (DAD)
requested log
C:\WINDOWS\system32\hjkmp.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\pmkjh.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\__c00A6484.dat scheduled to be moved on reboot.
C:\WINDOWS\system32\tmp.reg moved successfully.
C:\Documents and Settings\Dad\services.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvwwxy.dll
C:\WINDOWS\system32\tuvwwxy.dll NOT unregistered.
C:\WINDOWS\system32\tuvwwxy.dll moved successfully.
Created on 11/19/2007 13:13:25
0 -
Seems you got the keyboard issue worked out. I'll await your next post.
0 -
-->
I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix.
when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon....
I have been waiting for SDFix to complete it job. Has been approx 20 mins..have blank SDFix screen..HDD LED is constantly lit.
0 -
Give it a bit longer if you would please, and if it doesn't complete after 45 min or so, exit out and back to normal mode. Then post a new dss log and see if there is a report.txt in the C:\SDFix folder (post it too if there is).
0 -
Give it a bit longer if you would please, and if it doesn't complete after 45 min or so, exit out and back to normal mode. Then post a new dss log and see if there is a report.txt in the C:\SDFix folder (post it too if there is).
Boy this had me sweating..but here tis
SDFix: Version 1.114
Run by Dad on Mon 19/11/2007 at 03:01 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-19 15:47:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-19 15:47:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97CC1FB6-83A6-41DB-ACAE-4D687978EF63} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: CS Fire Monitor - Crofts Software - C:\Program Files\CS Fire Monitor\CSFireMonService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 11602 bytes
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-19 14:58:15 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 13:14:19 12784 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2007-11-19 11:51:14 320608 --a------ C:\WINDOWS\system32\pmkjh.dll
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-19 23:05:01 0 d-------- C:\the hedgehog
-- Find3M Report ---------------------------------------------------------------
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games
2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1
2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}]
C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}]
C:\WINDOWS\system32\uimnlulf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97CC1FB6-83A6-41DB-ACAE-4D687978EF63}]
19/11/2007 11:51 AM 320608 --a------ C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
C:\WINDOWS\system32\tuvwwxy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}]
C:\WINDOWS\system32\vtstt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-19 15:48:53 ------------
0 -
Please download the Killbox by Option^Explicit.
- Double-click the KillBox icon on your desktop to open it
- Select the box Replace on Reboot
- Select the box Use Dummy
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\hjkmp.ini2
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Select the box Use Dummy again
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\pmkjh.dll
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Select the box Use Dummy again
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\__c00A6484.dat
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Exit the Killbox
Scan again with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {97CC1FB6-83A6-41DB-ACAE-4D687978EF63} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll (file missing)
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
Close HijackThis and restart your computer. Create and post a fresh HijackThis log.
0 - Double-click the KillBox icon on your desktop to open it
-
Please download the Killbox by Option^Explicit.- Double-click the KillBox icon on your desktop to open it
- Select the box Replace on Reboot
- Select the box Use Dummy
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\hjkmp.ini2
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Select the box Use Dummy again
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\pmkjh.dll
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Select the box Use Dummy again
- Copy the bolded filepath below and paste it into the 'Full path of File to Delete' window.
C:\WINDOWS\system32\__c00A6484.dat
- Click the red circle with a white X [Delete File] button.
- Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.
- Exit the Killbox
Scan again with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file)
O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {97CC1FB6-83A6-41DB-ACAE-4D687978EF63} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll (file missing)
O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing)
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan
Close HijackThis and restart your computer. Create and post a fresh HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 5:25:25 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\Desktop\Dad.exe
Sorry about the delay...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {794AC956-1DE3-4459-AF33-7F09726BF9F7} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
0 - Double-click the KillBox icon on your desktop to open it
-
Scan again with HijackThis and fix the following.
O2 - BHO: (no name) - {794AC956-1DE3-4459-AF33-7F09726BF9F7} - C:\WINDOWS\system32\pmkjh.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
Restart the computer, then run dss again and post the main.txt log
0 -
Scan again with HijackThis and fix the following.O2 - BHO: (no name) - {794AC956-1DE3-4459-AF33-7F09726BF9F7} - C:\WINDOWS\system32\pmkjh.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
Restart the computer, then run dss again and post the main.txt log
As requested....
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-19 17:48:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-19 17:48:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EDABCE70-0995-4F2E-929D-4769B0ADA488} - C:\WINDOWS\system32\pmkjh.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: CS Fire Monitor - Crofts Software - C:\Program Files\CS Fire Monitor\CSFireMonService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 10750 bytes
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-19 16:43:11 0 d-------- C:\!KillBox
2007-11-19 14:58:15 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 13:14:19 19566 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2007-11-19 11:51:14 320608 -----n--- C:\WINDOWS\system32\pmkjh.dll
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-19 23:05:01 0 d-------- C:\the hedgehog
-- Find3M Report ---------------------------------------------------------------
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games
2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1
2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDABCE70-0995-4F2E-929D-4769B0ADA488}]
19/11/2007 11:51 AM 320608 --------- C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-19 17:49:55 ------------
0 -
I'm gonna have to sleep Anton. Way past my bedtime and I need a clear head for what I propose next. I'll be back tomorrow evening. Try to keep that PC offline as much as you can.
0 -
I'm gonna have to sleep Anton. Way past my bedtime and I need a clear head for what I propose next. I'll be back tomorrow evening. Try to keep that PC offline as much as you can.
you definitly deserve your rest...god bless...
0 -
-->
you definitly deserve your rest...god bless...
Latest DSS log:
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-20 11:18:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:18:24 AM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\chipiswo.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E38E3AF-883C-446E-B0D2-1145E319FE89} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tayyujhz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tayyujhz.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002F2B8.dat
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: tayyujhz - C:\WINDOWS\SYSTEM32\tayyujhz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\chipiswo.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 10:21:19 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-20 09:37:03 71232 --a------ C:\WINDOWS\system32\chipiswo.exe <Not Verified; ; DDC>
2007-11-20 09:36:55 10816 --a------ C:\WINDOWS\system32\__c002F2B8.dat
2007-11-20 09:36:54 10816 --a------ C:\WINDOWS\system32\jrhdmima.dll
2007-11-20 09:34:17 145984 --a------ C:\WINDOWS\system32\tayyujhz.dll
2007-11-20 09:33:48 145984 --a------ C:\WINDOWS\system32\yfeqgtie.dll
2007-11-20 09:31:51 10816 --a------ C:\WINDOWS\system32\tmdhrbhf.dll
2007-11-19 21:38:38 0 d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2007-11-19 21:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-19 21:34:15 0 d-------- C:\Program Files\Comodo
2007-11-19 16:43:11 0 d-------- C:\!KillBox
2007-11-19 14:58:15 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 13:14:19 143777 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2007-11-19 11:51:14 320608 -----n--- C:\WINDOWS\system32\pmkjh.dll
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2007-11-20 11:06:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-20 10:40:18 0 d-------- C:\Program Files\Activision
2007-11-20 10:39:00 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-20 10:32:59 0 d-------- C:\Documents and Settings\Dad\Application Data\Macromedia
2007-11-20 10:26:26 0 d-------- C:\Program Files\Free Window Registry Repair
2007-11-20 10:25:50 0 d-------- C:\Program Files\Google
2007-11-20 10:23:44 0 d-------- C:\Program Files\Microsoft Games
2007-11-20 10:19:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 10:10:36 0 d-------- C:\Program Files\Common Files
2007-11-20 10:01:27 0 d-------- C:\Program Files\AimGames
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E38E3AF-883C-446E-B0D2-1145E319FE89}]
19/11/2007 11:51 AM 320608 --------- C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
20/11/2007 09:34 AM 145984 --a------ C:\WINDOWS\system32\tayyujhz.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tayyujhz.dll [20/11/2007 09:34 AM 145984]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [19/11/2007 09:34 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tayyujhz]
tayyujhz.dll 20/11/2007 09:34 AM 145984 C:\WINDOWS\system32\tayyujhz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c002F2B8.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-20 11:19:54 ------------
0 -
Hmmm ........ looks like maybe the Killbox>Use dummy method may have worked, but we got a new dat file now. Let's see what happens here. First, delete the VundoFix.exe you currently have and download a fresh copy from here. Delete the C:\VundoFix.txt file.
Now, highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;
Filename: vundofix.vft
Save As Type: All Files (*.*)
C:\WINDOWS\system32\__c002F2B8.dat
C:\WINDOWS\system32\jrhdmima.dll
C:\WINDOWS\system32\tayyujhz.dll
C:\WINDOWS\system32\yfeqgtie.dll
C:\WINDOWS\system32\tmdhrbhf.dll
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\__c00A6484.dat
-
Close all other windows and programs.
- Double-click VundoFix.exe to run it.
- Drag vundofix.vft onto the listbox (white box) of VundoFix.
- Click the "Remove Vundo" button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new dss log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting
Do you have an XP cd? Not a recovery cd, but an operating system disc. If not, do you have a blank cd and a cd burner? Know how to burn an iso image to cd and make it bootable?
0 -
-
Hmmm ........ looks like maybe the Killbox>Use dummy method may have worked, but we got a new dat file now. Let's see what happens here. First, delete the VundoFix.exe you currently have and download a fresh copy from here. Delete the C:\VundoFix.txt file.Now, highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;
Filename: vundofix.vft
Save As Type: All Files (*.*)
C:\WINDOWS\system32\__c002F2B8.dat
C:\WINDOWS\system32\jrhdmima.dll
C:\WINDOWS\system32\tayyujhz.dll
C:\WINDOWS\system32\yfeqgtie.dll
C:\WINDOWS\system32\tmdhrbhf.dll
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\__c00A6484.dat
-
Close all other windows and programs.
- Double-click VundoFix.exe to run it.
- Drag vundofix.vft onto the listbox (white box) of VundoFix.
- Click the "Remove Vundo" button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new dss log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting
Do you have an XP cd? Not a recovery cd, but an operating system disc. If not, do you have a blank cd and a cd burner? Know how to burn an iso image to cd and make it bootable?
G'day Noahdfear, have burner & disc at the ready if you can instruct me I shall do.
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-20 15:13:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:13:25 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\chipiswo.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9E801EF7-ED23-497F-A5AB-F51E56F82C2C} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tayyujhz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tayyujhz.dll
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002F2B8.dat
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: tayyujhz - C:\WINDOWS\SYSTEM32\tayyujhz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\chipiswo.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 10:21:19 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-20 09:37:03 71232 --a------ C:\WINDOWS\system32\chipiswo.exe <Not Verified; ; DDC>
2007-11-20 09:36:55 10816 --a------ C:\WINDOWS\system32\__c002F2B8.dat
2007-11-20 09:36:54 10816 --a------ C:\WINDOWS\system32\jrhdmima.dll
2007-11-20 09:34:17 145984 --a------ C:\WINDOWS\system32\tayyujhz.dll
2007-11-20 09:33:48 145984 --a------ C:\WINDOWS\system32\yfeqgtie.dll
2007-11-20 09:31:51 10816 --a------ C:\WINDOWS\system32\tmdhrbhf.dll
2007-11-19 21:38:38 0 d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2007-11-19 21:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-19 21:34:15 0 d-------- C:\Program Files\Comodo
2007-11-19 16:43:11 0 d-------- C:\!KillBox
2007-11-19 14:58:15 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 13:14:19 145357 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2007-11-19 11:51:14 320608 -----n--- C:\WINDOWS\system32\pmkjh.dll
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2007-11-20 11:06:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-20 10:40:18 0 d-------- C:\Program Files\Activision
2007-11-20 10:39:00 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-20 10:32:59 0 d-------- C:\Documents and Settings\Dad\Application Data\Macromedia
2007-11-20 10:26:26 0 d-------- C:\Program Files\Free Window Registry Repair
2007-11-20 10:25:50 0 d-------- C:\Program Files\Google
2007-11-20 10:23:44 0 d-------- C:\Program Files\Microsoft Games
2007-11-20 10:19:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 10:10:36 0 d-------- C:\Program Files\Common Files
2007-11-20 10:01:27 0 d-------- C:\Program Files\AimGames
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E801EF7-ED23-497F-A5AB-F51E56F82C2C}]
19/11/2007 11:51 AM 320608 --------- C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
20/11/2007 09:34 AM 145984 --a------ C:\WINDOWS\system32\tayyujhz.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tayyujhz.dll [20/11/2007 09:34 AM 145984]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [19/11/2007 09:34 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tayyujhz]
tayyujhz.dll 20/11/2007 09:34 AM 145984 C:\WINDOWS\system32\tayyujhz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c002F2B8.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-20 15:14:29 ------------
0 -
-
Howdy!Post the C:\Vundofix log please.
I'll incorrectly gace the vundo file a txt extension....re doing the exercise!!!!
0 -
Howdy!
Post the C:\Vundofix log please.
0 -
If you haven't run it yet, add this file to the list.
C:\WINDOWS\system32\chipiswo.exe
0 -
If you haven't run it yet, add this file to the list.C:\WINDOWS\system32\chipiswo.exe
Latest logs:
Beginning removal...
Attempting to delete C:\Documents and Settings\Dad\Desktop\VundoFix.txt
C:\Documents and Settings\Dad\Desktop\VundoFix.txt Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\__c002F2B8.dat
C:\WINDOWS\system32\__c002F2B8.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\__c00A6484.dat
C:\WINDOWS\system32\__c00A6484.dat Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jrhdmima.dll
C:\WINDOWS\system32\jrhdmima.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tayyujhz.dll
C:\WINDOWS\system32\tayyujhz.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tmdhrbhf.dll
C:\WINDOWS\system32\tmdhrbhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfeqgtie.dll
C:\WINDOWS\system32\yfeqgtie.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\__c002F2B8.dat
C:\WINDOWS\system32\__c002F2B8.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\chipiswo.exe
C:\WINDOWS\system32\chipiswo.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Deckard's System Scanner v20071014.68
Run by Dad on 2007-11-20 16:01:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:01:55 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\chipiswo.exe
C:\Program Files\CS Fire Monitor\CSFireMon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9E801EF7-ED23-497F-A5AB-F51E56F82C2C} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002F2B8.dat
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\chipiswo.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 10:21:19 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-20 09:37:03 71232 -----n--- C:\WINDOWS\system32\chipiswo.exe <Not Verified; ; DDC>
2007-11-20 09:36:55 10816 -----n--- C:\WINDOWS\system32\__c002F2B8.dat
2007-11-19 21:38:38 0 d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2007-11-19 21:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-19 21:34:15 0 d-------- C:\Program Files\Comodo
2007-11-19 16:43:11 0 d-------- C:\!KillBox
2007-11-19 14:58:15 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups
2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat
2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss
2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5
2007-10-30 12:22:51 0 d-------- C:\Racing
2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod
2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes
2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2007-11-20 11:06:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-20 10:40:18 0 d-------- C:\Program Files\Activision
2007-11-20 10:39:00 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-20 10:32:59 0 d-------- C:\Documents and Settings\Dad\Application Data\Macromedia
2007-11-20 10:26:26 0 d-------- C:\Program Files\Free Window Registry Repair
2007-11-20 10:25:50 0 d-------- C:\Program Files\Google
2007-11-20 10:23:44 0 d-------- C:\Program Files\Microsoft Games
2007-11-20 10:19:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 10:10:36 0 d-------- C:\Program Files\Common Files
2007-11-20 10:01:27 0 d-------- C:\Program Files\AimGames
2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft
2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 17:36:23 0 d-------- C:\Program Files\Java
2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3
2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor
2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM
2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro
2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn
2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame
2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity
2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update
2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce
2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E801EF7-ED23-497F-A5AB-F51E56F82C2C}]
C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM]
"atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [19/11/2007 09:34 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c002F2B8.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-20 16:02:21 ------------
0 -
Click Start>Run and paste the following command then hit enter.
sc stop DomainService
then do this one.
sc delete DomainService
Add the following two files to Killbox using the same method as before; Delete on Reboot and Use Dummy, Yes to the Delete on Reboot prompt, No to the Pending Operations prompt, add next file.
C:\WINDOWS\system32\chipiswo.exe
C:\WINDOWS\system32\__c002F2B8.dat
Reboot
Scan again with HijackThis and fix the following entries.
O2 - BHO: (no name) - {9E801EF7-ED23-497F-A5AB-F51E56F82C2C} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002F2B8.dat
See if you can manually delete the following files.
C:\WINDOWS\system32\chipiswo.exe
C:\WINDOWS\system32\__c002F2B8.dat
Create a new dss log and post it here.
0 -
WooHooo! We finally killed that nasty dude!!
Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;
Filename: fix.reg
Save as type: All Files (*.*)
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Double click fix.reg and allow it to merge with the registry.
Download ATF Cleaner by Atribune and save it to your Desktop.
- Double click ATF-Cleaner.exe to run the program.
- Check the boxes to the left of:
-
Windows Temp
-
Current User Temp
-
All Users Temp
-
Temporary Internet Files
-
Prefetch
-
Java Cache
-
Recycle bin
[*]The rest are optional - if you want it to remove everything check "Select All".
[*]Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
-
Reboot
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC now button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Select the appropriate Yes or No to receiving marketing information
- Click the Free Online Scan button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report along with a fresh HijackThis log.
I'll check on ya tomorrow.
0 - Double click ATF-Cleaner.exe to run the program.
Please sign in to leave a comment.
Comments
47 comments