Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Trouble with Search Engines

[Fixed] Hijackthis! Logs - Trouble with Search Engines posted in the Security & Safety forums; Hello, I seem to have been infected with some trojans and broswer hijackers. I've tried using Spybot, NOD32, Spy Eraser and a few others to remove the infections. All symptoms ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-15-2008
Bronze Member
  
Join Date: Jun 2008
Location: Chicago, IL U.S.A.
Posts: 7
PC Experience: Experienced
indierocker7 - See this Members User comments on their Profile page
Default Trouble with Search Engines
Hello, I seem to have been infected with some trojans and broswer hijackers. I've tried using Spybot, NOD32, Spy Eraser and a few others to remove the infections. All symptoms seem to have disappeared and my pc performance has returned to about normal but the main problem I am still experiencing is that search engines don't work anymore. They either won't load (ie yahoo) or don't search after you enter a query (ie google, ask jeeves).

Thank you in advance for your help.

Here is my log:


Deckard's System Scanner v20071014.68
Run by Andrew on 2008-06-15 14:18:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:28 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Andrew\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Andrew.exe

O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: (no name) - {2B3C4A73-DA24-4BFE-8692-E6F488008289} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
O2 - BHO: (no name) - {e6d50617-f2f6-49ad-91da-112a35dae5d4} - (no file)
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM251a25c3] Rundll32.exe "C:\WINDOWS\system32\hhuxoyeo.dll",s
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2018322775-2857422465-3585186845-1004\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (User '?')
O4 - HKUS\S-1-5-21-2018322775-2857422465-3585186845-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle.com/zg/addToKaboodle.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} -
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} -
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} -
O20 - Winlogon Notify: efcARjIY - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7169 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080328-231902-226 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080614-130337-146 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/serv...d&ltmplcache=2
backup-20080614-130337-122 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
backup-20080614-130337-902 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
backup-20080614-130337-297 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/serv...d&ltmplcache=2
backup-20080614-130337-112 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
backup-20080614-130337-934 O2 - BHO: (no name) - {2B3C4A73-DA24-4BFE-8692-E6F488008289} - C:\WINDOWS\system32\ssqNFWpp.dll (file missing)
backup-20080614-130337-201 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20080614-130337-400 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
backup-20080614-130337-757 O2 - BHO: (no name) - {BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
backup-20080614-130337-751 O2 - BHO: {4d5ead53-a211-ad19-da94-6f2f71605d6e} - {e6d50617-f2f6-49ad-91da-112a35dae5d4} - C:\WINDOWS\system32\tpddwwfg.dll
backup-20080614-130337-873 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080614-130337-174 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080614-130337-822 O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
backup-20080614-130338-272 O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
backup-20080614-130338-822 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
backup-20080614-130338-970 O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - RitzPix | Develop, Share, Order & Print Digital Photos Online | Ritz & Wolf Camera
backup-20080614-130339-506 O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
backup-20080614-130339-752 O20 - Winlogon Notify: efcARjIY - efcARjIY.dll (file missing)
backup-20080614-130339-394 O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
backup-20080615-094229-544 O20 - Winlogon Notify: efcARjIY - C:\WINDOWS\
backup-20080615-094316-205 O2 - BHO: (no name) - {2B3C4A73-DA24-4BFE-8692-E6F488008289} - (no file)
backup-20080615-094316-442 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20080615-094316-256 O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
backup-20080615-094316-346 O2 - BHO: (no name) - {BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
backup-20080615-094316-545 O2 - BHO: (no name) - {e6d50617-f2f6-49ad-91da-112a35dae5d4} - (no file)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
3 btaudio (Bluetooth Audio Device) - system32\drivers\btaudio.sys (file missing)
3 BTDriver (Bluetooth Virtual Communications Driver) - system32\drivers\btport.sys (file missing)
3 BTWDNDIS (Bluetooth LAN Access Server) - system32\drivers\btwdndis.sys (file missing)
3 BTWUSB (WIDCOMM USB Bluetooth Driver) - system32\drivers\btwusb.sys (file missing)
2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
3 PalmUSBD - system32\drivers\palmusbd.sys (file missing)
3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
0 PzWDM - c:\windows\system32\drivers\pzwdm.sys <Not Verified; Prassi Technology; PzWDM>
3 RDID1003 (EDIROL UM-2) - c:\windows\system32\drivers\rdwm1003.sys <Not Verified; Roland Corporation; >
2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
4 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
4 RoxLiveShare (LiveShare P2P Server) - c:\program files\common files\roxio shared\sharedcom8\roxliveshare.exe
4 RoxMediaDB - c:\program files\common files\roxio shared\sharedcom8\roxmediadb.exe
4 RoxWatch (Roxio Hard Drive Watcher) - c:\program files\common files\roxio shared\sharedcom8\roxwatch.exe
4 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
4 stniuptx6 (sqqkqresngkd) - c:\windows\system32\mbyogqyh6.exe (file missing)
2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 13:25:56 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-10 22:51:08 340 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-06-05 18:42:50 274 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY37H122SFD7.job
2007-06-05 07:48:56 296 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2006-02-28 20:47:26 350 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-14 10:58:38 0 d-------- C:\VundoFix Backups
2008-06-13 17:44:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 21:00:38 89600 --a------ C:\WINDOWS\system32\hhuxoyeo.dll
2008-06-10 21:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-10 21:52:40 0 d-------- C:\Documents and Settings\Andrew\Application Data\Uniblue
2008-06-10 21:52:29 0 d-------- C:\Program Files\Uniblue
2008-06-08 22:02:25 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-08 21:08:01 738408 --ahs---- C:\WINDOWS\system32\ppWFNqss.ini2


-- Find3M Report ---------------------------------------------------------------

2008-05-12 22:18:10 61280 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-06 22:12:34 21504 --a------ C:\WINDOWS\jestertb.dll
2008-05-06 15:26:56 0 d-------- C:\Program Files\Avi2Dvd
2008-05-06 11:04:00 0 d-------- C:\Documents and Settings\Andrew\Application Data\Talkback
2008-05-06 11:03:46 0 d-------- C:\Documents and Settings\Andrew\Application Data\Thunderbird
2008-05-06 11:03:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-27 19:32:10 4340 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-26 08:50:46 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-22 15:49:40 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3C4A73-DA24-4BFE-8692-E6F488008289}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d50617-f2f6-49ad-91da-112a35dae5d4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/23/2004 07:06 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/06/2004 04:48 PM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [08/06/2004 04:52 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [07/07/2005 10:55 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/09/2007 07:28 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [08/04/2004 02:56 AM]
"BM251a25c3"="C:\WINDOWS\system32\hhuxoyeo.dll " [06/11/2008 09:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [01/08/2008 09:14 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcARjIY]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 08/06/2004 04:48 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqNFWpp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\dvd\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"stniuptx6"=2 (0x2)
"iPodService"=3 (0x3)
"helpsvc"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"RoxWatch"=2 (0x2)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"BthServ"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 Command - Keeping Software Free
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-15 14:20:57 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1279.48 MiB / 751.03 MiB
Pagefile Memory (total/avail): 1902.2 MiB / 1512.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.7 MiB

C: is Fixed (FAT32) - 55.88 GiB total, 13.24 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrew\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AWE-ACER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrew
LOGONSERVER=\\AWE-ACER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\dvd\ulead;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_10\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Andrew\LOCALS~1\Temp
TMP=C:\DOCUME~1\Andrew\LOCALS~1\Temp
USERDOMAIN=AWE-ACER
USERNAME=Andrew
USERPROFILE=C:\Documents and Settings\Andrew
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andrew (admin)
Tricia (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /X{1359D6D8-B1F0-4335-AE79-49CD2AF8EA26}
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Agere Systems AC'97 Modem --> agrsmdel
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Aspire Series --> C:\Program Files\Aspire Series\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVIcodec (remove only) --> "C:\Program Files\dvd\AVIcodec\uninst.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitTorrent 6.0.2 --> C:\Program Files\BitTorrent\uninst.exe
Cakewalk VST Adapter 4 --> C:\PROGRA~1\CAKEWALK\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\CAKEWALK\CAKEWA~1\INSTALL.LOG
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Confidence Online(tm) Enterprise Edition --> C:\Documents and Settings\Andrew\Application Data\WholeSecurity\CAT\WSUIEE.exe
CRW Series Driver v1.17r019 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39AE0413-CEFC-4559-AC5F-855A1C006D2F}\SETUP.EXE" -l0x9
DataCastComponent --> C:\Program Files\InstallShield Installation Information\{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}\setup.exe -runfromtemp -l0x0009 -removeonly
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Decrypter (Remove Only) --> "C:\Program Files\dvd\DVD Decrypter\uninstall.exe"
DVDXCopy Xpress 3.0.0 --> "C:\Program Files\321Studios\Xpress\uninstall.exe"
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
FireBurner --> MsiExec.exe /X{850C4C12-57E2-43E4-B66B-B08B120C55F3}
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Garmin c320 City Navigator North America NT v8 --> MsiExec.exe /X{CD264503-9924-44CC-8FF9-DD7CB779EA1B}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
Java 2 Runtime Environment, SE v1.4.2_10 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142100}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JUNO-D Editor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{E2D7448D-87A8-45DF-8EF3-66B331866937} /l1033
Kaboodle IE Toolbar --> MsiExec.exe /X{40A2048E-3B70-41E1-8C0C-72A31679A0DB}
Launch Manager --> C:\WINDOWS\UnInst32.exe CPLFL32.UNI
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst .exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunins t.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BackItUp --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Palm Desktop --> MsiExec.exe /X{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}
Philips FunCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AB26994-E210-46FC-B831-06328F3AA7A1}\Setup.exe" -l0x9
Philips FunCam Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E793B230-D5E0-4500-8476-E0B94112C3A6}\Setup.exe" -l0x9
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
QuarkXPress 6.0 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Easy Media Creator 7 --> MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
Roxio MyDVD Premier 8 --> MsiExec.exe /I{8F0A7DCB-D605-4890-B842-D5480F3B9232}
SMSC IrCC Driver V5.1.2462.0 (WinXP) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\setup.exe"
SONAR LE --> C:\PROGRA~1\CAKEWALK\SONARL~1\UNWISE.EXE C:\PROGRA~1\CAKEWALK\SONARL~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead DVD MovieFactory 3 Disc Creator Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}\Setup.exe" -l0x9
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
WinAce Archiver 2.0 --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Clean-Up Pro --> C:\PROGRA~1\3BSOFT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\3BSOFT~1\WINDOW~1\INSTALL.LOG
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XoftSpy --> C:\Program Files\XoftSpy\uninstall.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-06-15 14:20:57 ------------
  #2  
Old 06-16-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,054
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Trouble with Search Engines
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 06-16-2008
Bronze Member
  
Join Date: Jun 2008
Location: Chicago, IL U.S.A.
Posts: 7
PC Experience: Experienced
indierocker7 - See this Members User comments on their Profile page
Default Re: Trouble with Search Engines
Thank you very much! That seemed to do the trick. Search engines and browsing appear to be back to normal. Also, microsoft updates came back. The only thing I could not get back is the windows security center. I tried to restart the service and it gives me an error code 1068.

Here are the Combo Fix, Hijack This and SDFix reports in that order:

ComboFix 08-06-12.2 - Andrew 2008-06-15 19:34:50.2 - FAT32x86

Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-15 14:18 . 2008-06-15 14:18 <DIR> d-------- C:\Deckard
2008-06-14 10:58 . 2008-06-14 10:58 <DIR> d-------- C:\VundoFix Backups
2008-06-13 17:44 . 2008-06-13 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-13 17:44 . 2008-06-13 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 21:52 . 2008-06-10 21:52 <DIR> d-------- C:\Program Files\Uniblue
2008-06-10 21:52 . 2008-06-10 21:52 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Uniblue
2008-06-10 21:52 . 2008-06-10 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-08 22:02 . 2008-06-08 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-07 03:12 21,504 ----a-w C:\WINDOWS\jestertb.dll
2008-05-06 20:26 --------- d-----w C:\Program Files\Avi2Dvd
2008-05-06 16:04 --------- d-----w C:\Documents and Settings\Andrew\Application Data\Talkback
2008-05-06 16:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-06 16:03 --------- d-----w C:\Documents and Settings\Andrew\Application Data\Thunderbird
2008-04-18 08:55 76,576 ----a-w C:\Documents and Settings\Tricia\Application Data\GDIPFONTCACHEV1.DAT
2008-03-28 00:32 4,340 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-26 13:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-22 20:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-09 19:03 76,576 ----a-w C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT
2007-09-03 21:21 92,064 ----a-w C:\Documents and Settings\Andrew\mqdmmdm.sys
2007-09-03 21:21 9,232 ----a-w C:\Documents and Settings\Andrew\mqdmmdfl.sys
2007-09-03 21:21 79,328 ----a-w C:\Documents and Settings\Andrew\mqdmserd.sys
2007-09-03 21:21 66,656 ----a-w C:\Documents and Settings\Andrew\mqdmbus.sys
2007-09-03 21:21 6,208 ----a-w C:\Documents and Settings\Andrew\mqdmcmnt.sys
2007-09-03 21:21 5,936 ----a-w C:\Documents and Settings\Andrew\mqdmwhnt.sys
2007-09-03 21:21 4,048 ----a-w C:\Documents and Settings\Andrew\mqdmcr.sys
2007-09-03 21:21 25,600 ----a-w C:\Documents and Settings\Andrew\usbsermptxp.sys
2007-09-03 21:21 22,768 ----a-w C:\Documents and Settings\Andrew\usbsermpt.sys
2003-01-21 10:00 13,942,408 ----a-r C:\WINDOWS\system32\config\systemprofile\MpSetup.e xe
2003-01-21 08:00 13,942,408 ----a-r C:\Documents and Settings\Tricia\MpSetup.exe
2003-01-21 08:00 13,942,408 ----a-r C:\Documents and Settings\Default User\MpSetup.exe
2003-01-21 08:00 13,942,408 ----a-r C:\Documents and Settings\Andrew\MpSetup.exe
2003-01-21 08:00 13,942,408 ------r C:\Documents and Settings\Administrator\MpSetup.exe
2005-10-14 02:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 22:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-05-17 15:30 318,976 --sha-w C:\WINDOWS\system32\avisynth.dll
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-04-27 15:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 16:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-12 12:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-12 12:14 499712]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 14:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 14:19 118784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 21:10 335872]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [2004-04-23 19:06 454656]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-06 16:48 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-06 16:52 356352]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2005-07-07 22:55 176128]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-09 19:28 950664]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 02:56 158208]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk.disabled [2004-12-10 21:10:58 1377]

C:\Documents and Settings\Tricia\Start Menu\Programs\Startup\
HotSync Manager.lnk.disabled [2004-12-10 22:02:54 1377]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcARjIY]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\dvd\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\Program Files\AIM95\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2005-07-07 22:55 491520 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2005-07-07 22:55 49152 C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-05-26 12:45 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-05-19 19:38 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-03-08 21:13 1695744 C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-12-07 01:24 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-11-10 20:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"stniuptx6"=2 (0x2)
"iPodService"=3 (0x3)
"helpsvc"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"RoxWatch"=2 (0x2)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"BthServ"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2006-03-01 01:47:26 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2007-06-05 12:48:56 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-06-05 23:42:50 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY37H122SFD7.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY37H122SFD7
"2008-06-11 03:51:08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-16 00:22:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:36:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-15 19:37:13
ComboFix-quarantined-files.txt 2008-06-16 00:37:12
ComboFix2.txt 2008-06-16 00:23:26

Pre-Run: 14,665,285,632 bytes free
Post-Run: 14,625,636,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

187 --- E O F --- 2008-05-21 12:14:25


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:12 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2018322775-2857422465-3585186845-1004\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (User '?')
O4 - HKUS\S-1-5-21-2018322775-2857422465-3585186845-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle.com/zg/addToKaboodle.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} -
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} -
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} -
O20 - Winlogon Notify: efcARjIY - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 6672 bytes



SDFix: Version 1.192
Run by Andrew on Sun 06/15/2008 at 07:50 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:57:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Thu 17 May 2007 318,976 A.SH. --- "C:\WINDOWS\system32\avisynth.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Fri 9 Apr 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri 9 Apr 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sun 16 Mar 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 21 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Tue 20 Mar 2007 20 A..H. --- "C:\Documents and Settings\Andrew\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 21 May 2005 4,348 ...H. --- "C:\Documents and Settings\Andrew\My Documents\My Music\License Backup\drmv1key.bak"
Wed 6 Sep 2006 9,921 A.SH. --- "C:\Documents and Settings\Andrew\My Documents\My Music\License Backup\drmv2key.bak"

Finished!
  #4  
Old 06-16-2008