0

I recently started having big problems. When I start my computer, I get 2 messages almost immediately

"services.exe - Bad Image" and "lmass.exe - Bad Image"

Both including the same message...

"The application or DLL C:\WINNT\system32\append.dll is not a valid Windows image. Please check this against your installation diskette."

I get several other of the same messages as the start up continues. Anytime I try to run a program after startup, I get the same message regarding that program..."iexplore.exe - Bad Image," "Hijack This.exe - Bad Image," etc...

I've tried running some virus and spyware sweepers, but no luck. Can anyone help me? Thanks in advance. :?:

Here are my AVG scan report and Hijack This log...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:27 2007-12-03

+ Scan result:

C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002087.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002088.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001182.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001183.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001184.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001185.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001178.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001179.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002016.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7C0DD2B1-9103-4BE1-8F47-16467C\29D4D50C-312D-4006-90AF-DDB274 -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002086.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~239064.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~248483.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249205.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249245.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~280090.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~325454.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~330030.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339105.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339255.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339381.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339506.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339571.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339631.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~345747.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~346342.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~355863.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~362447.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~363453.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372354.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372430.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372496.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372554.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372606.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372646.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372818.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~374586.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375663.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375921.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375984.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376035.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376076.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376277.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383472.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383828.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419325.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~423436.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489196.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489241.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489942.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~633062.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~774260.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~779693.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~873761.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~926839.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~928950.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\7072AE43-5D2E-4D36-97AB-6080D7 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\9FF387BD-4071-41D1-A564-B37101 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\A16D4060-0D29-46FA-B157-8D5B1C -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\C4415EA3-6C55-4BB4-80E2-AEE61A -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\50791341-753E-490A-B0F4-3B9CAE -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\5F3D3C00-E5FB-4BB8-87AE-C4EF51 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\76A7F209-79CC-434D-B55F-5B7CBC -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\4480DFD0-4F70-4122-8B7E-891B92 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\EDC02DA4-E8E9-4F4C-B6F7-FA8768 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9F8D8D3-4F32-4807-8F7D-81958B\F5CDC9FB-BE66-4CB9-BA72-674CF6 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002089.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002090.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002091.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002028.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\Program Files\WinAble\winable.exe -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002022.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002079.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\printer.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000006.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000007.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000008.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000009.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001021.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001022.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001023.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001024.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002018.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002019.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002020.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002031.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002036.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002037.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002038.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002080.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002101.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002104.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZYG03OD\l3[1] -> Downloader.Agent.fv : Cleaned with backup (quarantined).
C:\2C.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\4.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002027.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002023.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002024.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002029.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002103.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\agh.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat4444.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat83122.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\TTC.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002092.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\_dGhyZXc2YXJfbWEz__a2V5aW4_.exe -> Not-A-Virus.Hoax.Win32.Renos.pf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001180.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@onetoone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@web.info[1].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002081.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002082.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002083.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002084.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002085.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002025.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002026.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2007-12-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\rundll32.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\NOTEDAD.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\System32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49B424C9-D1D9-4858-BD8C-C88136551AFD} - C:\Program Files\Outlook Express\wodejat83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {935FCB4E-7A37-44F4-953A-962E8F027214} - C:\Program Files\Outlook Express\wodejat4444.dll (file missing)
O2 - BHO: 0 - {AC44819F-AC10-4316-248B-825D839B35A9} - C:\Program Files\WindowsUpdate\bapucoven112.dll (file missing)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINNT\system32\qomllmm.dll (file missing)
O2 - BHO: (no name) - {E4AEF346-17F8-367C-D227-4BE603840EC7} - C:\WINNT\system32\ckqbg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [rundll32app] C:\WINNT\rundll32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Laxkmbd] "C:\Program Files\Common Files\F?nts\logonui.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\System32\spoolvs.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://hq-notesmail05.ita.doc.gov/iNotes6W.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINNT\system32\append.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomllmm - qomllmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\fsoxyqiprum.html

--
End of file - 7663 bytes

3
Contributors
4
Replies
5
Views
10 Years
Discussion Span
Last Post by sbarron2000
0

I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.

0

sbarron2000. Hi and welcome to Daniweb forums :).

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
0

I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.

Hi and welcome to Daniweb forums :).

Please start your own thread stating the problems you are having. Read through the sticky threads at the top of this forum and follow the instructions found there.

0

Thanks, crunchie. I was a little surprised that I couldn't find more people with the same problem on the web. Usually when I hit a snag, I can find 50 threads and websites explaining how to resolve the issue. Anyway, yesterday I finally just I gave up and reformatted.

Hopefully richardtate starts his own thread and there can be a record of this issue being resolved.

Thanks again,
sbarron2000

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.