Firstly, hello to all you guys who seem to be resident in the 'last resort' hotel
I've been on PCs / Internet & e-mail for 12 years and have
never had a real infection! Perhaps this is due to being careful, as it isn't through any degree of knowledge.
I don't surf much, I don't use the PC for 'on-line entertainment' and I don't open dodgy e-mails. HOWEVER, I (stupidly) stuck an SD card into my machine recently which was from a 'friend' with MP3s on it and............ BANG
Even worse, I put it on SWMBOs PC and my Laptop too before noticing the error
Remedial action has seen Adaware, Spybot, HijackThis & Kill being employed to little or no avail. I've shelled-out ($) for Spysweeper with Antivirus and this has only identified the problem but not killed it.
Prior to this post I have read your 5 steps and done all that was asked - except the Panda thing which failed to start.
I found a similar thread on this forum (185621-help-trojan-pws-onlinegames-gen-es-4), where
sUBs sorted the problem
However, apart from finding most of the instructions to be beyond my non-expert understanding, I'm quite sure that the solution was probably specific to the poster.
Anyway, here is my DSS text and extra text attached:
Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-12 12:51:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
63: 2007-10-12 11:51:44 UTC - RP307 - Deckard's System Scanner Restore Point
62: 2007-10-12 11:02:27 UTC - RP306 - Removed Ad-Aware 2007
61: 2007-10-11 19:53:05 UTC - RP305 - System Checkpoint
60: 2007-10-10 19:44:47 UTC - RP304 - Removed Microsoft .NET Framework 1.1
59: 2007-10-10 17:31:49 UTC - RP303 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-07-15 20:33:18 UTC - RP245 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:23, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\gmiuud.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O20 - AppInit_DLLs: winforms.dll
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 2752 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071010-195424-177 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195424-263 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-195424-295 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-195424-423 O20 - AppInit_DLLs: winforms.dll
backup-20071010-195424-430 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-195424-472 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-195424-483 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-195424-562 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-195424-566 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-195424-658 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-195424-761 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-195705-876 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195705-959 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-195718-358 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195801-134 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-204047-419 O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
backup-20071010-204047-639 O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
backup-20071010-204047-868 O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
backup-20071010-204048-111 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-204048-117 O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
backup-20071010-204048-133 O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
backup-20071010-204048-160 O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe
backup-20071010-204048-247 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-204048-249 O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
backup-20071010-204048-311 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-204048-328 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-204048-346 O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
backup-20071010-204048-389 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-204048-396 O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
backup-20071010-204048-448 O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
backup-20071010-204048-582 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-204048-603 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-204048-656 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-204048-659 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204048-887 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-204048-982 O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
backup-20071010-204056-621 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204934-118 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\
backup-20071010-204934-203 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-204934-235 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-204934-363 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204934-370 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-204934-413 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-204934-423 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-204934-502 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-204934-506 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-204934-598 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-204934-701 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-205009-236 O20 - Winlogon Notify: sysfldr- - sysfldr.dll (file missing)
backup-20071010-205009-712 O20 - AppInit_DLLs: winforms.dll
backup-20071010-205038-296 O20 - AppInit_DLLs: winforms.dll
backup-20071010-205843-926 O20 - AppInit_DLLs: winforms.dll
backup-20071011-092435-258 O20 - AppInit_DLLs: C:\WINDOWS\system32\winforms.dll
backup-20071011-092447-571 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-112613-132 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-112613-229 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-112613-331 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-112613-649 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-112613-865 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-112613-870 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-112613-952 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-112613-994 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-112824-416 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-112824-679 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-130038-419 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-130038-579 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-130038-643 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-130038-661 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-130038-722 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-130038-914 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-130038-936 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-130038-989 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-132704-197 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-132704-255 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-132704-298 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-132704-529 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-132704-567 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-132704-635 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-132704-642 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-132704-902 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-133755-146 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-133755-174 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-133755-313 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-133755-355 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-133755-445 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-133755-450 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-133755-511 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-133755-545 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-133755-673 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-133755-733 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-150424-186 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-150424-301 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-150424-449 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-150424-566 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-150424-682 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-150424-695 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-150424-701 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-150424-709 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-150424-833 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-150424-843 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-163621-182 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-163621-390 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-163621-420 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-163622-141 O20 - AppInit_DLLs: C:\WINDOWS\system32\winforms.dll
backup-20071011-163622-383 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-163622-518 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-163622-560 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-163622-573 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-163622-650 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-163622-849 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 CommSBEP - c:\windows\system32\drivers\commsbep.sys <Not Verified; Motorola; ADK>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 1E3F603C - c:\windows\system32\80fee47e.exe -k <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 AClient (Altiris Client Service) - c:\program files\aclient\aclient.exe -service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-09-12 and 2007-10-12 -----------------------------
2007-10-12 12:11:53 64817 --a------ C:\Program Files\provie.exe
2007-10-12 11:49:15 36864 --a------ C:\WINDOWS\system32\35D3D2F8.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 11:48:32 17974 --a------ C:\auto.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 11:48:26 17974 --a------ C:\WINDOWS\system32\80FEE47E.EXE <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 09:41:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Program Files\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:35:04 164 --a------ C:\install.dat
2007-10-11 13:25:43 24064 --a------ C:\WINDOWS\system32\lagcgu.dll
2007-10-11 13:25:41 23552 --a------ C:\WINDOWS\system32\oxelei.dll
2007-10-11 11:20:45 24064 --a------ C:\WINDOWS\system32\gkyrog.dll
2007-10-11 11:20:44 23552 --a------ C:\WINDOWS\system32\wgzvvu.dll
2007-10-11 09:21:38 28672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-10 19:41:43 11344 --a------ C:\WINDOWS\system32\k11920414171.exe
2007-10-10 19:41:09 24064 --a------ C:\WINDOWS\system32\btawwx.dll
2007-10-10 19:09:00 0 d-------- C:\Program Files\Trend Micro
2007-10-10 14:59:00 23552 --a------ C:\WINDOWS\system32\adsygz.dll
2007-10-10 14:25:17 24064 --a------ C:\WINDOWS\system32\mhkdwk.dll
2007-10-10 14:25:12 125440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54:47 24064 --a------ C:\WINDOWS\system32\jmwxdh.dll
2007-10-10 13:54:45 24064 --a------ C:\WINDOWS\system32\eoruyj.dll
2007-10-10 13:54:42 23552 --a------ C:\WINDOWS\system32\jaadnu.dll
2007-10-10 13:54:41 23040 --a------ C:\WINDOWS\system32\bogfyc.dll
2007-10-10 13:54:40 125440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50:25 23040 --a------ C:\WINDOWS\system32\rfivfn.dll
2007-10-10 13:50:25 24064 --a------ C:\WINDOWS\system32\jpwnek.dll
2007-10-10 13:50:23 23552 --a------ C:\WINDOWS\system32\rwbmav.dll
2007-10-10 13:50:22 15598 --a------ C:\WINDOWS\system32\k11920203816.exe
2007-10-10 13:50:22 125440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:32:15 5672 --a------ C:\WINDOWS\system32\k11920192913.exe
2007-10-10 13:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:27:28 23552 --a------ C:\WINDOWS\system32\znoovu.dll
2007-10-10 11:23:09 125440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19:46 24576 --a------ C:\WINDOWS\system32\wshylk.dll
2007-10-10 11:19:46 24064 --a------ C:\WINDOWS\system32\ttytbi.dll
2007-10-10 11:19:45 5406 --a------ C:\WINDOWS\system32\k11920113437.exe
2007-10-10 11:19:44 23552 --a------ C:\WINDOWS\system32\rbymmv.dll
2007-10-10 11:19:43 23040 --a------ C:\WINDOWS\system32\wkxspg.dll
2007-10-10 11:19:41 125440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25:14 0 d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:11:46 26624 --a------ C:\WINDOWS\system32\vxvdxk.dll
2007-10-10 10:11:45 19456 --a------ C:\WINDOWS\system32\xpldcu.dll
2007-10-10 10:11:42 19456 --a------ C:\WINDOWS\system32\vpatcu.dll
2007-10-10 10:10:42 24576 --a------ C:\WINDOWS\system32\xtjjla.dll
2007-10-10 10:10:41 24064 --a------ C:\WINDOWS\system32\avbezt.dll
2007-10-10 10:10:37 125440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:10:37 23040 --a------ C:\WINDOWS\system32\fdoxtz.dll
2007-10-10 10:10:37 23552 --a------ C:\WINDOWS\system32\axcsfs.dll
2007-10-10 10
04 24064 --a------ C:\WINDOWS\system32\vijfxw.dll
2007-10-10 10
03 23552 --a------ C:\WINDOWS\system32\gtqctc.dll
2007-10-10 10
02 24576 --a------ C:\WINDOWS\system32\gwsjim.dll
2007-10-10 10:05:59 23040 --a------ C:\WINDOWS\system32\wlrnnm.dll
2007-10-10 10:05:58 125440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-10 09:00:50 24576 --a------ C:\WINDOWS\system32\uyyulq.dll
2007-10-09 13:48:56 19456 --a------ C:\WINDOWS\system32\owgesd.dll
2007-10-09 13:48:53 26624 --a------ C:\WINDOWS\system32\gunnnf.dll
2007-10-09 13:48:48 24576 --a------ C:\WINDOWS\system32\oidgyi.dll
2007-10-09 13:48:47 19456 --a------ C:\WINDOWS\system32\mvzysi.dll
2007-10-09 13:47:43 23552 --a------ C:\WINDOWS\system32\gtzrbn.dll
2007-10-09 13:47:42 24064 --a------ C:\WINDOWS\system32\tnhjcx.dll
2007-10-09 13:47:42 23040 --a------ C:\WINDOWS\system32\jdsrig.dll
2007-10-09 13:47:42 24576 --a------ C:\WINDOWS\system32\bowldj.dll
2007-10-09 13:47:37 124416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43:16 24064 --a------ C:\WINDOWS\system32\xhvald.dll
2007-10-09 13:43:14 23552 --a------ C:\WINDOWS\system32\kyfoyh.dll
2007-10-09 13:43:12 24576 --a------ C:\WINDOWS\system32\zndvak.dll
2007-10-09 13:43:10 23040 --a------ C:\WINDOWS\system32\uhxmcm.dll
2007-10-09 13:43:09 124416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:43:58 26624 --a------ C:\WINDOWS\system32\ydrlew.dll
2007-10-09 12:43:55 19456 --a------ C:\WINDOWS\system32\twmcrs.dll
2007-10-09 12:43:54 24576 --a------ C:\WINDOWS\system32\zqlozn.dll
2007-10-09 12:43:54 19456 --a------ C:\WINDOWS\system32\btomea.dll
2007-10-09 12:42:58 23552 --a------ C:\WINDOWS\system32\dqsyfz.dll
2007-10-09 12:42:50 24064 --a------ C:\WINDOWS\system32\jmfvtj.dll
2007-10-09 12:42:48 24576 --a------ C:\WINDOWS\system32\jtkuwn.dll
2007-10-09 12:42:46 124416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 12:42:46 23040 --a------ C:\WINDOWS\system32\ecdwbn.dll
2007-10-09 11:43:35 19456 --a------ C:\WINDOWS\system32\qvjxav.dll
2007-10-09 11:43:33 26624 --a------ C:\WINDOWS\system32\ddcuyr.dll
2007-10-09 11:43:29 19456 --a------ C:\WINDOWS\system32\isfcfz.dll
2007-10-09 11:42:23 23552 --a------ C:\WINDOWS\system32\nbxidp.dll
2007-10-09 11:38:11 124416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 11:38:11 23552 --a------ C:\WINDOWS\system32\odlfdk.dll
2007-10-09 11:38:07 24064 --a------ C:\WINDOWS\system32\iuhtzf.dll
2007-10-09 11:38:06 24576 --a------ C:\WINDOWS\system32\gyvltf.dll
2007-10-09 11:38:02 23040 --a------ C:\WINDOWS\system32\dyrozf.dll
2007-10-09 10:39:05 19456 --a------ C:\WINDOWS\system32\sxycos.dll
2007-10-09 10:38:53 26624 --a------ C:\WINDOWS\system32\nsutsl.dll
2007-10-09 10:38:50 19456 --a------ C:\WINDOWS\system32\iqzqer.dll
2007-10-09 10:38:50 24576 --a------ C:\WINDOWS\system32\cegafc.dll
2007-10-09 10:37:48 24064 --a------ C:\WINDOWS\system32\xcuufh.dll
2007-10-09 10:37:48 24576 --a------ C:\WINDOWS\system32\aqimbm.dll
2007-10-09 10:37:44 23040 --a------ C:\WINDOWS\system32\aimdnn.dll
2007-10-09 10:37:40 124416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33:28 24576 --a------ C:\WINDOWS\system32\scngxz.dll
2007-10-09 10:33:28 124416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-09 10:33:27 23040 --a------ C:\WINDOWS\system32\kiddrq.dll
2007-10-09 10:33:25 13915 --a------ C:\WINDOWS\system32\k11919221644.exe
2007-10-09 09:28:53 2570 --a------ C:\WINDOWS\system32\k11919182917.exe
2007-10-08 15:11:39 23040 --a------ C:\WINDOWS\system32\wgqibk.dll
2007-10-08 15:11:33 124416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 13:05:29 23552 --a------ C:\WINDOWS\system32\waezma.dll
2007-10-08 10:19:47 34304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19:46 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13:51 24576 --a------ C:\WINDOWS\system32\unacfh.dll
2007-10-05 16:13:51 23040 --a------ C:\WINDOWS\system32\pahdmf.dll
2007-10-05 16:13:47 124416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-10-05 16:05:39 23040 --a------ C:\WINDOWS\system32\ptmike.dll
2007-10-05 15
35 28672 --a------ C:\WINDOWS\system32\zinforms.dll
2007-10-05 15
24 19456 --a------ C:\WINDOWS\system32\upxdnd.dll
2007-10-05 15
24 26624 --a------ C:\WINDOWS\system32\msccrt.dll
2007-10-05 15
24 23552 --a------ C:\WINDOWS\system32\DbgHlp32.dll
2007-10-05 15
23 42496 --ahs---- C:\WINDOWS\a
2007-10-05 15
23 42496 ---hs---- C:\WINDOWS\371662MM.DLL
2007-10-05 15
19 19456 --a------ C:\WINDOWS\system32\MsPrint32D.dll
2007-10-05 15
19 24064 --a------ C:\WINDOWS\system32\cmdbcs.dll
2007-10-05 15:05:20 24064 --a------ C:\WINDOWS\system32\MsIMMs32.dll
2007-10-05 15:05:16 23552 --a------ C:\WINDOWS\system32\AVPSrv.dll
2007-10-05 15:05:14 125440 --a------ C:\WINDOWS\system32\GenProtect.dll
2007-10-05 15:05:13 24064 --a------ C:\WINDOWS\system32\mppds.dll
2007-10-05 15:05:12 23040 --a------ C:\WINDOWS\system32\Kvsc3.dll
2007-09-17 17:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03:07 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01:55 0 d-------- C:\1bcb0232290cfe07501b89e7
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-15 15:01:22 0 d-------- C:\9073532e81ced276c0
-- Find3M Report ---------------------------------------------------------------
2007-10-12 12:03:01 0 d-------- C:\Program Files\Common Files
2007-10-03 14:46:30 0 d-------- C:\Program Files\DesignPro
2007-10-01 09:35:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 12:44:32 0 d--h----- C:\Program Files\InstallShield Installation Information
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 15:19]
"RTHDCPL"="RTHDCPL.EXE" [08/03/2005 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [04/10/2005 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/2003 11:38]
"Logitech Utility"="Logi_MwX.Exe" [07/11/2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"AVPSrv"="C:\WINDOWS\AVPSrv.exe" []
"Kvsc3"="C:\WINDOWS\Kvsc3.exe" []
"mppds"="C:\WINDOWS\gmiuud.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [19/07/2007 22:54]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 09:44]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [30/08/2006 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"MSDEG32"=LYLoader.exe
"MSDWG32"=LYLoadbr.exe
"MSDCG32 "=LYLeador.exe
"MSDOG32"=LYLoador.exe
"MSDSG32"=LYLoadar.exe
"MSDMG32"=LYLoadmr.exe
"MSDHG32"=LYLoadhr.exe
"MSDQG32"=LYLoadqr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974}"= winforms.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91975}"= zinforms.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
-- Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1
www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1
www.008k.com
127.0.0.1 00hq.com
127.0.0.1
www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1
www.032439.com
6775 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-10-12 12:55:20 ------------
Many thanks in advance for any assistance supplied in resolving this.........