 |  |  |  |  |  |  |  |
Viruses and Spyware Help Needed
Thread Solved |
I recently started having big problems. When I start my computer, I get 2 messages almost immediately
"services.exe - Bad Image" and "lmass.exe - Bad Image"
Both including the same message...
"The application or DLL C:\WINNT\system32\append.dll is not a valid Windows image. Please check this against your installation diskette."
I get several other of the same messages as the start up continues. Anytime I try to run a program after startup, I get the same message regarding that program..."iexplore.exe - Bad Image," "Hijack This.exe - Bad Image," etc...
I've tried running some virus and spyware sweepers, but no luck. Can anyone help me? Thanks in advance.
Here are my AVG scan report and Hijack This log...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:27 2007-12-03
+ Scan result:
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002087.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002088.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001182.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001183.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001184.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001185.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001178.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001179.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002016.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7C0DD2B1-9103-4BE1-8F47-16467C\29D4D50C-312D-4006-90AF-DDB274 -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002086.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~239064.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~248483.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249205.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249245.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~280090.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~325454.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~330030.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339105.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339255.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339381.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339506.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339571.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339631.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~345747.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~346342.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~355863.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~362447.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~363453.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372354.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372430.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372496.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372554.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372606.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372646.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372818.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~374586.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375663.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375921.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375984.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376035.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376076.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376277.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383472.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383828.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419325.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~423436.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489196.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489241.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489942.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~633062.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~774260.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~779693.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~873761.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~926839.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~928950.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\7072AE43-5D2E-4D36-97AB-6080D7 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\9FF387BD-4071-41D1-A564-B37101 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\A16D4060-0D29-46FA-B157-8D5B1C -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\C4415EA3-6C55-4BB4-80E2-AEE61A -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\50791341-753E-490A-B0F4-3B9CAE -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\5F3D3C00-E5FB-4BB8-87AE-C4EF51 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\76A7F209-79CC-434D-B55F-5B7CBC -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\4480DFD0-4F70-4122-8B7E-891B92 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\EDC02DA4-E8E9-4F4C-B6F7-FA8768 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9F8D8D3-4F32-4807-8F7D-81958B\F5CDC9FB-BE66-4CB9-BA72-674CF6 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002089.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002090.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002091.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002028.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\Program Files\WinAble\winable.exe -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002022.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002079.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\printer.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000006.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000007.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000008.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000009.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001021.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001022.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001023.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001024.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002018.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002019.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002020.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002031.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002036.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002037.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002038.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002080.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002101.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002104.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZYG03OD\l3[1] -> Downloader.Agent.fv : Cleaned with backup (quarantined).
C:\2C.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\4.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002027.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002023.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002024.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002029.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002103.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\agh.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat4444.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat83122.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\TTC.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002092.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\_dGhyZXc2YXJfbWEz__a2V5aW4_.exe -> Not-A-Virus.Hoax.Win32.Renos.pf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001180.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@onetoone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@web.info[1].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002081.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002082.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002083.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002084.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002085.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002025.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002026.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2007-12-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\rundll32.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\NOTEDAD.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\System32\MsiExec.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49B424C9-D1D9-4858-BD8C-C88136551AFD} - C:\Program Files\Outlook Express\wodejat83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {935FCB4E-7A37-44F4-953A-962E8F027214} - C:\Program Files\Outlook Express\wodejat4444.dll (file missing)
O2 - BHO: 0 - {AC44819F-AC10-4316-248B-825D839B35A9} - C:\Program Files\WindowsUpdate\bapucoven112.dll (file missing)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINNT\system32\qomllmm.dll (file missing)
O2 - BHO: (no name) - {E4AEF346-17F8-367C-D227-4BE603840EC7} - C:\WINNT\system32\ckqbg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [rundll32app] C:\WINNT\rundll32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Laxkmbd] "C:\Program Files\Common Files\F?nts\logonui.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\System32\spoolvs.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://hq-notesmail05.ita.doc.gov/iNotes6W.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINNT\system32\append.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomllmm - qomllmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\fsoxyqiprum.html
--
End of file - 7663 bytes
"services.exe - Bad Image" and "lmass.exe - Bad Image"
Both including the same message...
"The application or DLL C:\WINNT\system32\append.dll is not a valid Windows image. Please check this against your installation diskette."
I get several other of the same messages as the start up continues. Anytime I try to run a program after startup, I get the same message regarding that program..."iexplore.exe - Bad Image," "Hijack This.exe - Bad Image," etc...
I've tried running some virus and spyware sweepers, but no luck. Can anyone help me? Thanks in advance.
Here are my AVG scan report and Hijack This log...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:27 2007-12-03
+ Scan result:
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002087.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002088.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001182.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001183.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001184.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001185.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001178.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001179.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002016.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7C0DD2B1-9103-4BE1-8F47-16467C\29D4D50C-312D-4006-90AF-DDB274 -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002086.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~239064.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~248483.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249205.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249245.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~280090.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~325454.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~330030.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339105.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339255.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339381.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339506.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339571.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339631.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~345747.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~346342.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~355863.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~362447.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~363453.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372354.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372430.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372496.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372554.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372606.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372646.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372818.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~374586.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375663.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375921.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375984.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376035.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376076.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376277.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383472.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383828.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419325.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~423436.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489196.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489241.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489942.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~633062.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~774260.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~779693.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~873761.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~926839.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~928950.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\7072AE43-5D2E-4D36-97AB-6080D7 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\9FF387BD-4071-41D1-A564-B37101 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\A16D4060-0D29-46FA-B157-8D5B1C -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\C4415EA3-6C55-4BB4-80E2-AEE61A -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\50791341-753E-490A-B0F4-3B9CAE -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\5F3D3C00-E5FB-4BB8-87AE-C4EF51 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\76A7F209-79CC-434D-B55F-5B7CBC -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\4480DFD0-4F70-4122-8B7E-891B92 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\EDC02DA4-E8E9-4F4C-B6F7-FA8768 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9F8D8D3-4F32-4807-8F7D-81958B\F5CDC9FB-BE66-4CB9-BA72-674CF6 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002089.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002090.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002091.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002028.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\Program Files\WinAble\winable.exe -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002022.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002079.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\printer.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000006.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000007.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000008.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000009.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001021.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001022.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001023.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001024.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002018.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002019.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002020.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002031.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002036.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002037.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002038.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002080.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002101.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002104.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZYG03OD\l3[1] -> Downloader.Agent.fv : Cleaned with backup (quarantined).
C:\2C.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\4.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002027.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002023.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002024.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002029.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002103.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\agh.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat4444.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat83122.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\TTC.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002092.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\_dGhyZXc2YXJfbWEz__a2V5aW4_.exe -> Not-A-Virus.Hoax.Win32.Renos.pf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001180.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@onetoone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@web.info[1].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002081.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002082.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002083.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002084.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002085.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002025.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002026.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2007-12-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\rundll32.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\NOTEDAD.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\System32\MsiExec.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49B424C9-D1D9-4858-BD8C-C88136551AFD} - C:\Program Files\Outlook Express\wodejat83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {935FCB4E-7A37-44F4-953A-962E8F027214} - C:\Program Files\Outlook Express\wodejat4444.dll (file missing)
O2 - BHO: 0 - {AC44819F-AC10-4316-248B-825D839B35A9} - C:\Program Files\WindowsUpdate\bapucoven112.dll (file missing)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINNT\system32\qomllmm.dll (file missing)
O2 - BHO: (no name) - {E4AEF346-17F8-367C-D227-4BE603840EC7} - C:\WINNT\system32\ckqbg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [rundll32app] C:\WINNT\rundll32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Laxkmbd] "C:\Program Files\Common Files\F?nts\logonui.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\System32\spoolvs.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://hq-notesmail05.ita.doc.gov/iNotes6W.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINNT\system32\append.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomllmm - qomllmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\fsoxyqiprum.html
--
End of file - 7663 bytes
I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.
•
•
Join Date: Feb 2004
Posts: 9,987
Reputation: 
Solved Threads: 754
sbarron2000. Hi and welcome to Daniweb forums 
.
Download
SDFix
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the
following :
.Download
SDFix
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the
following :
- Restart your computer
- After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually; - Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract
All, - Open the extracted folder and double click RunThis.bat to
start the script. - Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot. - Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool
will be running and removing files. - When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons. - Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 9,987
Reputation:
Solved Threads: 754
•
•
•
•
Originally Posted by richardtate 
I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.
.Please start your own thread stating the problems you are having. Read through the sticky threads at the top of this forum and follow the instructions found there.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Thanks, crunchie. I was a little surprised that I couldn't find more people with the same problem on the web. Usually when I hit a snag, I can find 50 threads and websites explaining how to resolve the issue. Anyway, yesterday I finally just I gave up and reformatted.
Hopefully richardtate starts his own thread and there can be a record of this issue being resolved.
Thanks again,
sbarron2000
Hopefully richardtate starts his own thread and there can be a record of this issue being resolved.
Thanks again,
sbarron2000
 |
Similar Threads
- Antisource.com (Viruses, Spyware, Spam) (Website Reviews)
- Some Support needed please - Seakros (Viruses, Spyware and other Nasties)
- error -- Generic Host Process for Win 32 Services (Windows NT / 2000 / XP)
- Viruses/Spyware on my PC :-( (Viruses, Spyware and other Nasties)
- Aurora Help Badly needed! Thank you! (Viruses, Spyware and other Nasties)
- Needed help - HJT Log (Viruses, Spyware and other Nasties)
- IE takes 10 or so seconds to load (first start up and new window) (Web Browsers)
- Viruses, Spyware and other nasties. (DaniWeb Community Feedback)
- help! can someone look at my hijack log? (Viruses, Spyware and other Nasties)
- Help needed Freshbar + trojan nasties (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Message: "...Restrictions in effect..."
- Next Thread: C:\windows\system32\append.dll is not a valid Windows image
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
