954,173 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

Help please

I would be most appreciative of some help. Thank you in advance!

First symptom I saw was google searches redirected to go.google.com which returned spam results in a new tab. I also find that all of the sites I would access for assistance like mcafee.com are blocked, though I can access sites like USATODAY.com.

I have a new Lenovo computer, so I used the LenovoCare button and followed the Rescue and Recovery path. It claimed to fix a number of system files, but it reported that one file was unable to be fixed. It suggested a full hard drive wipe and restore, so I came here looking for other options.

I attempted to follow all of the steps in PhilliePhan's "Read me before posting a request for assistance" article. I was able to accomplish steps 1-7 (except 3 which is said to be unavailable now), though I had to use another computer to do all the downloads.

I also used HostsXpert.exe to insure a clean Hosts file. A review of the backup copy showed that it was the same as the clean version.

However, I was not able to run MalWareBytes nor HiJackThis because the install programs for these two programs will not run. In both instances the install program seems to start and asks for permission on the "Do you want to run this file" security screen. Then it seems to stop without having done any installation. I tried to install the in both normal and safe mode. When I bring up the Task Manager with Ctrl-Alt-Delete, I can see that the installer programs remain running without using any CPU.

Nor was I able to run any of the online virus scanners in Step 9. All of them report (via Firefox) that although the sites seem valid, the browser was unable to establish a connection.

Therefore, I do not have any of the requested log file available.

Any assistance would be highly appreciated!

DLBezaire
Newbie Poster
5 posts since Mar 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Is this vista or xp? If malwarebytes won't install try this

Could be similar to what's been happening with Antivirus 2009, you can check your device manager (right click on My Computer, then click Manage, then select Device Manager on the left). Click on view, show hidden devices and check under non-plug and play drivers for anything called TDSSERV or anything similar. If it's there, disable it. It's a rootkit that has been blocking MBAM and many other tools from loading. You may also try renaming the installer for MBAM as well as the executable for MBAM if you do get it installed so it can run.

edit: You may also want to refer to this post by AdvancedSetup, he's one of the experts here: http://www.malwarebytes.org/forums/index.php?s=&showtopic=7628&view=findpost&p=35680

freshfitz
Posting Pro in Training
436 posts since Sep 2008
Reputation Points: 12
Solved Threads: 36
 
3 Years Ago
0

Hello Freshfitz,

Thank you for your help! I've made some progress already which what you've given me.

I'm running XP SP3.

I was able to install both MBA-M and HJT by renaming the installers. I also had to rename the exe for MBA-M. I'm attaching logs below. MBA-M was blocked from doing an update, so it may not be the latest version.

I was not able to read the post by AdvancedSetup because the URL returns a Page Not Found error.

I was not able to use the Device Manager. When i tried, I got an error saying "The procedure entry point ?PickIconDlg@@YGHPAUHWND__@@PAGIPAH@Z could not be located in the dynamic link library mmcbase.DLL."

MBA-M found 10 items. Remove took out 5, and now it wants me to reboot. I'll post this much now, including the Uninstall Log from HJT and two log files from MBA-M (one from before the Remove, and one from after the Remove. After I restart the computer, I'll probably have another MBA-M log to post as well.

==

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/19/2009 12:28:41 AM
mbam-log-2009-01-19 (00-28-21).txt

Scan type: Full Scan (C:\|R:\|)
Objects scanned: 129564
Time elapsed: 24 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\DS\Local Settings\Temp\TDSS12ed.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSShrto.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSicen.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSiykj.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSucgr.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSiyvv.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSeckv.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSqxud.dll (Rootkit.Agent) -> No action taken.


==

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/19/2009 12:28:56 AM
mbam-log-2009-01-19 (00-28-56).txt

Scan type: Full Scan (C:\|R:\|)
Objects scanned: 129564
Time elapsed: 24 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\DS\Local Settings\Temp\TDSS12ed.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShrto.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSicen.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSiykj.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSucgr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSiyvv.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSeckv.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSqxud.dll (Rootkit.Agent) -> Delete on reboot.

Attachments uninstall_list.txt (5.15KB) mbam-log-2009-01-19_(00-28-21).txt (1.51KB) mbam-log-2009-01-19_(00-28-56).txt (1.58KB)
DLBezaire
Newbie Poster
5 posts since Mar 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Please do not attach files unless requested.

==

Please download ComboFix by sUBs from HERE or HERE You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Thank you for your help, crunchie.

(Sorry for attaching logs. I thought that was wanted based on the instructions in PhilliePhan's "Read me before posting a request for assistance" article. I'll wait for instructions in future.)

As I had reported in the last post, MBA-M was able to remove all the threats. I have since gotten clean scans with MBA-M, Avira AntiVir Personal, and ESET Online Scanner. So, hopefully I am clean of the malware. Therefore, I attached a copy of the HJT log as you requested, but I did not yet download ComboFix. Do you still want me to do that?

I find that I am still unable to use the Device Manager and instead get the error due to "mmcbase.DLL" as noted in the previous post. Do you think that possibly the Lenovo Rescue and Recovery tool can fix this?

Thank you again for all your assistance!

Dave


==============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:58 PM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SyncToy 2.0\SyncToy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\DS\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 15318 bytes

DLBezaire
Newbie Poster
5 posts since Mar 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Because of what was found by MBA-M, I would prefer that you run combofix :)

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Crunchie, This is what I got for ComboFix

ComboFix 09-04-22.02 - Poo 04/21/2009 16:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.475 [GMT -7:00]
Running from: c:\documents and settings\Poo\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\games.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\gamesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\moviesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Cache
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 05:14 . 2009-04-21 05:14 121 ----a-w c:\windows\bdagent.INI
2009-04-21 05:14 . 2009-04-21 05:14 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-21 05:04 . 2009-04-21 05:04 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-21 05:04 . 2009-04-21 05:04 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-21 04:59 . 2009-04-21 05:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\CCleaner
2009-04-19 23:02 . 2009-04-19 23:02 -------- d-----w c:\documents and settings\Briana.KIDS\Application Data\ESET
2009-04-19 22:39 . 2009-04-19 22:39 -------- d-----w c:\documents and settings\Erika\Application Data\ESET
2009-04-19 07:56 . 2009-04-19 07:56 32 ----a-w c:\windows\go
2009-04-19 07:11 . 2009-04-19 07:14 -------- d-----w c:\documents and settings\Poo\Application Data\HideIP
2009-04-19 04:31 . 2009-04-19 04:31 -------- d-----w c:\windows\system32\VIRepair
2009-04-18 23:16 . 2009-04-18 23:16 -------- d-----w c:\documents and settings\Briana.KIDS\Application Data\Apple Computer
2009-04-18 17:19 . 2009-04-18 17:21 -------- d-----w c:\documents and settings\Poo\Application Data\ViSplore
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\documents and settings\Poo\Application Data\ViStart
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\ViSplore
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\TrueTransparency
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\WinFlip
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\Vista Rainbar
2009-04-18 17:11 . 2009-04-18 17:11 78942 ----a-w c:\windows\Icon_1.ico
2009-04-18 17:11 . 2009-04-19 04:34 -------- d-----w c:\windows\system32\VITrans
2009-04-18 17:11 . 2006-12-04 00:15 111104 ----a-w c:\windows\system32\Uharc.exe
2009-04-18 17:11 . 2006-12-04 00:15 19968 ----a-w c:\windows\system32\reico.exe
2009-04-18 17:11 . 2006-12-04 00:15 69632 ----a-w c:\windows\system32\moveex.exe
2009-04-18 17:11 . 2006-12-04 00:14 8636 ----a-w c:\windows\system32\modifype.exe
2009-04-18 17:11 . 2004-11-28 02:00 94208 ----a-w c:\windows\system32\pskill.exe
2009-04-18 17:09 . 2008-11-12 06:22 20480 ----a-w c:\windows\system32\scrnrdr.exe
2009-04-18 06:44 . 2009-04-18 06:44 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-04-18 05:10 . 2009-04-18 05:10 -------- d-----w c:\program files\Tukero[X]Team
2009-04-17 23:58 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-17 04:00 . 2009-04-17 04:14 1765 ----a-w c:\documents and settings\Poo\Application Data\datawin.dat
2009-04-17 03:49 . 2009-04-17 03:49 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\windows\system32\XPSViewer
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\program files\MSBuild
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\program files\Reference Assemblies
2009-04-17 03:43 . 2009-04-17 03:59 -------- d-----w c:\windows\SxsCaPendDel
2009-04-17 02:08 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\scripting
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\l2schemas
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\en
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\bits
2009-04-17 01:18 . 2009-04-17 01:22 -------- d-----w c:\windows\ServicePackFiles
2009-04-17 00:56 . 2008-04-14 00:12 62464 ------w c:\windows\system32\qcliprov.dll
2009-04-17 00:55 . 2007-06-21 05:52 974 ------w c:\windows\system32\pid.inf
2009-04-16 15:32 . 2008-06-24 16:43 74240 ------w c:\windows\system32\dllcache\mscms.dll
2009-04-16 15:32 . 2008-12-16 12:30 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 10:14 . 2009-04-16 10:14 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-16 06:21 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:21 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:21 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:21 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 06:21 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:21 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:21 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:21 . 2009-02-06 11:08 2189056 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 06:21 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 06:01 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-04-16 06:01 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-04-16 06:00 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-04-16 05:47 . 2008-06-13 11:05 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-16 05:47 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-16 05:25 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-16 05:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 05:12 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 04:55 . 2008-10-16 21:07 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-16 04:54 . 2008-10-16 21:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-16 04:54 . 2008-10-16 21:09 31768 ----a-w c:\windows\system32\wucltui.dll.mui
2009-04-16 04:54 . 2008-10-16 21:07 23576 ----a-w c:\windows\system32\wuaucpl.cpl.mui
2009-04-16 04:54 . 2008-10-16 21:07 18456 ----a-w c:\windows\system32\wuaueng.dll.mui
2009-04-16 04:50 . 2009-04-16 04:50 -------- d-----w c:\documents and settings\Poo\Application Data\ESET
2009-04-15 04:21 . 2009-04-15 04:21 -------- d-----w c:\documents and settings\Erika\Local Settings\Application Data\Apple Computer
2009-04-15 04:12 . 2009-04-15 04:12 -------- d-----w c:\documents and settings\Erika\Local Settings\Application Data\Mozilla
2009-04-15 03:45 . 2009-04-18 23:16 -------- d-----w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\Apple Computer
2009-04-15 03:19 . 2009-04-15 03:19 -------- d-----w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\Mozilla
2009-04-15 00:34 . 2009-04-15 00:34 -------- d-sh--w C:\Diskeeper
2009-04-14 23:32 . 2001-08-17 21:56 66048 ----a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-14 23:24 . 2009-04-14 23:24 -------- d-----w c:\program files\Common Files\Diskeeper Corporation
2009-04-14 23:24 . 2009-04-14 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-04-14 23:23 . 2009-04-14 23:23 -------- d-----w c:\program files\Diskeeper Corporation
2009-04-14 23:14 . 2009-04-14 23:30 -------- d-----w c:\documents and settings\Poo\Application Data\GlarySoft
2009-04-14 23:07 . 2009-04-14 23:07 -------- d-----w c:\program files\Glary Utilities
2009-04-14 05:33 . 2009-04-14 05:33 -------- d-----w c:\documents and settings\Poo\Local Settings\Application Data\ESET
2009-04-14 03:51 . 2009-04-16 04:49 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-14 02:38 . 2009-04-19 04:30 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-14 02:21 . 2009-04-14 02:21 -------- d-----w c:\program files\CONEXANT
2009-04-14 02:19 . 2009-04-14 02:19 -------- d-----w c:\documents and settings\Poo\Application Data\Styler
2009-04-14 02:09 . 2004-08-10 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll.backup
2009-04-14 01:59 . 2009-04-14 01:59 -------- d-sh--w c:\documents and settings\All Users\Application Data\System Restore
2009-04-14 01:17 . 2009-04-14 01:17 -------- d-----w c:\program files\Software Remove Master
2009-04-14 01:13 . 2009-04-14 01:13 -------- d-----w c:\documents and settings\Poo\Local Settings\Application Data\Stardock
2009-04-14 01:11 . 2009-04-19 04:31 -------- d-----w c:\program files\Styler
2009-04-14 00:21 . 2009-04-14 00:21 -------- d-----w c:\program files\uTorrent
2009-04-14 00:21 . 2009-04-21 04:59 -------- d-----w c:\documents and settings\Poo\Application Data\uTorrent
2009-04-12 05:25 . 2009-04-12 05:25 2 ----a-w c:\windows\msoffice.ini
2009-04-11 16:52 . 2009-04-11 16:52 -------- d-----w c:\documents and settings\Poo\Application Data\FireShot
2009-04-10 23:58 . 2009-04-21 23:21 -------- d-----w c:\documents and settings\Poo\Application Data\mIRC
2009-04-10 23:58 . 2009-04-21 23:09 -------- d-----w c:\program files\mIRC
2009-03-27 22:20 . 2009-03-27 22:20 -------- d-----w c:\documents and settings\Poo\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 23:33 . 2005-08-31 12:01 92947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 23:32 . 2009-04-21 23:32 45056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-04-21 23:32 . 2009-04-21 23:32 61440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-04-21 23:32 . 2009-04-21 23:32 44032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-04-21 23:32 . 2009-04-21 23:32 40960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-04-21 23:32 . 2009-04-21 23:32 341048 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-04-21 23:32 . 2009-04-21 23:32 32768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-04-21 23:32 . 2009-04-21 23:32 32768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-04-21 23:32 . 2009-04-21 23:32 163840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-04-19 00:16 . 2005-11-12 16:21 -------- d-----w c:\program files\Microsoft Money 2005
2009-04-18 17:40 . 2006-12-19 21:02 -------- d-----w c:\program files\Diablo II
2009-04-18 17:19 . 2005-11-12 16:12 61520 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 05:19 . 2004-08-10 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-17 03:09 . 2008-11-23 01:26 -------- d-----w c:\documents and settings\Poo\Application Data\U3
2009-04-17 03:07 . 2007-02-02 05:21 14194 ----a-w c:\documents and settings\Poo\Application Data\wklnhst.dat
2009-04-17 01:13 . 2004-08-10 19:00 250048 --sh--r C:\ntldr
2009-04-14 23:22 . 2009-03-12 19:34 -------- d-----w c:\program files\QuickTime
2009-04-14 23:22 . 2008-06-20 04:30 -------- d-----w c:\program files\Kids Cam Sticker Factory
2009-04-14 23:22 . 2006-02-27 16:57 -------- d-----w c:\program files\Yahoo!
2009-04-14 23:22 . 2007-01-19 02:59 -------- d-----w c:\program files\Ahead
2009-04-14 23:22 . 2006-03-03 00:47 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-04-14 23:22 . 2005-11-12 15:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 23:21 . 2006-05-24 00:24 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-14 23:21 . 2006-03-18 10:09 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-14 23:14 . 2005-11-12 16:35 -------- d-----w c:\program files\PC-Doctor 5 for Windows
2009-04-14 04:26 . 2005-11-12 16:40 -------- d-----w c:\program files\Google
2009-04-14 02:18 . 2006-02-17 10:11 -------- d-----w c:\program files\Common Files\AOL
2009-04-14 00:19 . 2008-01-27 23:07 -------- d-----w c:\program files\Atari
2009-04-12 05:30 . 2005-11-12 16:21 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 05:26 . 2006-02-17 10:12 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-12 05:25 . 2006-12-29 19:15 -------- d-----w c:\documents and settings\Poo\Application Data\AOL
2009-03-27 04:30 . 2007-05-17 01:31 -------- d-----w c:\program files\GameSpy Arcade
2009-03-23 01:52 . 2009-03-21 04:38 -------- d-----w c:\documents and settings\Poo\Application Data\LimeWire
2009-03-21 14:06 . 2004-08-10 12:00 989696 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 04:32 . 2009-03-21 04:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 04:32 . 2005-11-12 15:48 -------- d-----w c:\program files\Java
2009-03-20 17:54 . 2007-04-04 03:07 600 ----a-w c:\documents and settings\Briana\Application Data\wklnhst.dat
2009-03-20 17:51 . 2007-04-04 00:32 62496 ----a-w c:\documents and settings\Briana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 05:55 . 2009-03-20 05:55 -------- d-----w c:\documents and settings\Briana\Application Data\2Wire
2009-03-19 05:47 . 2009-03-19 05:47 -------- d-----w c:\documents and settings\Poo\Application Data\MySpace
2009-03-18 04:46 . 2009-03-18 04:46 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-18 04:46 . 2009-03-18 04:46 -------- d-----w c:\program files\NETGEAR
2009-03-12 19:37 . 2009-03-12 19:36 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-12 19:37 . 2009-03-12 19:36 -------- d-----w c:\program files\iTunes
2009-03-12 19:36 . 2007-02-02 03:28 -------- d-----w c:\program files\iPod
2009-03-12 19:35 . 2009-03-12 19:35 -------- d-----w c:\program files\Bonjour
2009-03-12 19:33 . 2009-03-12 19:33 -------- d-----w c:\program files\Apple Software Update
2009-03-12 19:33 . 2009-03-12 19:33 -------- d-----w c:\program files\Common Files\Apple
2009-03-09 12:03 . 2009-03-09 12:03 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-03-06 14:22 . 2004-08-10 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 19:18 . 2009-03-03 19:18 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 01:39 . 2009-03-03 01:39 -------- d-----w c:\documents and settings\Poo\Application Data\2Wire
2009-03-03 01:34 . 2009-03-03 01:34 -------- d-----w c:\program files\2Wire
2009-03-03 01:34 . 2009-03-03 01:34 -------- d-----w c:\program files\Actiontec
2009-03-02 23:04 . 2009-03-02 23:04 1499136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2009-02-26 03:07 . 2006-03-03 00:45 -------- d-----w c:\program files\Lx_cats
2009-02-20 08:11 . 2009-02-20 08:11 3068416 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 08:10 . 2004-08-10 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 12:00 666112 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-02-20 08:10 . 2004-08-10 12:00 619520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-02-20 08:10 . 2009-02-20 08:10 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-02-20 08:10 . 2004-08-10 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 12:00 729088 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:10 . 2004-08-10 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-02-09 11:13 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-10 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-10 19:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2004-08-10 19:00 2145280 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2004-08-10 19:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-04-26 03:18 . 2007-04-26 03:18 87608 ----a-w c:\documents and settings\Poo\Application Data\ezpinst.exe
2007-04-26 03:18 . 2007-04-26 03:18 47360 ----a-w c:\documents and settings\Poo\Application Data\pcouffin.sys
2007-01-02 20:07 . 2006-12-29 19:14 126 ----a-w c:\documents and settings\Poo\Local Settings\Application Data\fusioncache.dat
2006-06-11 18:41 . 2006-06-11 18:41 2999213 ----a-w c:\program files\EXEtender.zip
2006-05-07 19:34 . 2006-05-07 19:34 774144 ----a-w c:\program files\RngInterstitial.dll
2006-03-29 04:20 . 2006-03-29 04:20 251 ----a-w c:\program files\wt3d.ini
2005-11-12 16:30 . 2009-04-15 04:09 50280 ----a-w c:\documents and settings\Erika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2009-04-15 03:17 50280 ----a-w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2006-12-29 19:14 50280 ----a-w c:\documents and settings\Poo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2006-06-20 00:23 50280 ----a-w c:\documents and settings\Patric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 15:42 . 2009-04-15 04:09 136 ----a-w c:\documents and settings\Erika\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2009-04-15 03:17 136 ----a-w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2007-04-04 00:32 136 ----a-w c:\documents and settings\Briana\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2006-06-20 00:23 136 ----a-w c:\documents and settings\Patric\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2005-11-12 15:42 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2003-08-21 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
R3 JL2005;JL2005A Camera; [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys [2007-01-23 105984]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe [2007-04-12 124488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26dbe2f-0eb9-11de-8fd7-0015f27aebe3}]
\Shell\Auto\command - Q:\autorun.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
\Shell\explore\Command - Q:\autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb34076f-b8fd-11dd-8f94-83d07237c9ba}]
\Shell\AutoRun\command - P:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 12:00]

2009-04-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-14 16:49]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Poo\Application Data\Mozilla\Firefox\Profiles\hkvjog4d.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.cityofdecay.com/login.php
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=CE2C1512-4EFC-4F42-94F4-455B0D286D58-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009040501&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll

And Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:54 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\VC9SecS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Poo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075861546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239857598234
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe

--
End of file - 7271 bytes


help me please!

ddr_master
Newbie Poster
6 posts since Apr 2009
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Are you the Original Poster? (I don't think you are, unless you have changed your ISP). If not, start your own thread please.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Done. Sorry...

ddr_master
Newbie Poster
6 posts since Apr 2009
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed