Thread: Attempted epxonwo toolbar removal - 5 Steps: Posting of Logs
View Single Post
Old 01-12-2008, 01:36 PM   #1 (permalink)
Jono21
Registered User
 
Join Date: Jan 2008
Posts: 4
OS: Windows XP Service Pack 2


Attempted epxonwo toolbar removal - 5 Steps: Posting of Logs
Hi all. It seems i have the epxonwo toolbar infection on my computer (pretty sure I got it after installing a video codec I obviously shouldn't have installed).

I've followed the 5 steps and here are my logs.

Deckard's System Scanner v20071014.68
Run by Jono on 2008-01-13 04:13:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2008-01-12 20:13:45 UTC - RP343 - Deckard's System Scanner Restore Point
65: 2008-01-12 19:18:40 UTC - RP342 - Software Distribution Service 3.0
64: 2008-01-12 13:24:12 UTC - RP341 - System Checkpoint
63: 2008-01-10 02:20:20 UTC - RP340 - Restore Operation
62: 2008-01-10 02:13:44 UTC - RP339 - Restore Operation


-- First Restore Point --
1: 2007-10-15 18:25:34 UTC - RP278 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jono.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:46 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lexmvservice.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\lexwebservice.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Documents and Settings\Jono\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jono.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.unimelb.edu.au/cgi-bin/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XTN Monitor - {D7A1D78A-8423-4660-AE43-01F15E11AD7E} - C:\WINDOWS\dnqdlpmmwv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: The epxonwo - {BFAA078B-58E2-4E6C-BD54-BA2A5C6DA153} - C:\WINDOWS\epxonwo.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=pavilion&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\WINDOWS\system32\lexmvservice.exe
O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\WINDOWS\system32\lexwebservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15236 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 RTCore32 - c:\program files\rmclock\rtcore32.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MvServer (MarkVision Server) - c:\windows\system32\lexmvservice.exe
R2 MvWebServer (MarkVision Web Server) - c:\windows\system32\lexwebservice.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-13 0426 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-13 03:45:13 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-01-12 22:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-10 09:10:17 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Jono.job
2008-01-10 09:09:47 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jono.job
2008-01-04 17:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User.job


-- Files created between 2007-12-13 and 2008-01-13 -----------------------------

2008-01-13 04:00:03 6062 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-13 03:59:07 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-13 03:59:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-13 03:59:07 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-13 03:59:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-13 03:59:07 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-13 03:59:07 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-13 03:45:11 0 d-------- C:\Program Files\XoftSpySE
2008-01-12 18:37:59 8576 --a------ C:\WINDOWS\system32\drivers\ltpqtkrimcfr.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-12 16:55:02 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-12 16:53:45 8576 --a------ C:\WINDOWS\system32\drivers\vjcaeyqadmlh.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-12 16:49:40 0 d-------- C:\Program Files\SpywareBlaster
2008-01-12 05:00:24 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-10 1735 0 d-------- C:\Program Files\Trend Micro
2008-01-10 00:14:21 81920 --a------ C:\WINDOWS\fqwmwdn.exe
2008-01-10 00:14:21 176128 --a------ C:\WINDOWS\epxonwo.dll <Not Verified; ; epxonwo Module>
2008-01-10 00:14:21 253952 --a------ C:\WINDOWS\dnqdlpmmwv.dll <Not Verified; ; dnqdlpmmwv>
2008-01-10 00:12:44 0 d-------- C:\Program Files\MediaStarCodec
2008-01-08 19:33:15 0 d-------- C:\Program Files\Norton Security Scan
2007-12-23 01:47:33 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-23 01:47:33 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-23 00:24:10 0 d-------- C:\Program Files\PKR
2007-12-22 14:20:16 0 d-------- C:\Program Files\WMV9_VCM
2007-12-21 08:36:59 0 d-------- C:\Documents and Settings\Jono\Application Data\InstallShield
2007-12-20 18:55:02 0 d-------- C:\Program Files\Ares
2007-12-20 16:39:08 0 d-------- C:\Program Files\QuickTime
2007-12-15 11:59:55 0 d-------- C:\Program Files\LimeWire


-- Find3M Report ---------------------------------------------------------------

2008-01-13 04:15:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-12 20:17:46 0 d-------- C:\Program Files\Symantec
2008-01-12 20:14:49 0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-12 20:11:39 0 d-------- C:\Program Files\MSN Messenger
2008-01-12 20:08:59 0 d-------- C:\Program Files\Messenger
2008-01-12 19:53:07 0 d-------- C:\Program Files\Google
2008-01-12 19:33:26 0 d-------- C:\Program Files\Common Files\LightScribe
2008-01-12 18:55:10 0 d-------- C:\Documents and Settings\Jono\Application Data\Symantec
2008-01-12 17:41:40 0 d-------- C:\Program Files\DIGStream
2008-01-10 10:40:58 0 d-------- C:\Program Files\Oberon Media
2008-01-09 1851 0 d-------- C:\Program Files\Common Files
2008-01-04 15:07:58 0 d-------- C:\Program Files\Norton Internet Security
2008-01-03 23:49:19 0 d-------- C:\Documents and Settings\Jono\Application Data\DivX
2007-12-23 01:52:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-11 20:57:15 0 d-------- C:\Documents and Settings\Jono\Application Data\Ventrilo
2007-12-11 20:37:00 0 d-------- C:\Program Files\Ventrilo
2007-12-11 20:36:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 07:33:50 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-08 07:33:10 0 d-------- C:\Program Files\ffdshow
2007-12-08 07:32:57 0 d-------- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7A1D78A-8423-4660-AE43-01F15E11AD7E}]
01/09/2008 05:35 PM 253952 --a------ C:\WINDOWS\dnqdlpmmwv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/24/2007 10:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2006 01:58 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2006 01:58 PM]
"nwiz"="nwiz.exe" [07/20/2006 01:58 PM C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 11:02 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 07:19 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 03:14 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 11:33 AM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [06/19/2006 10:50 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 09:52 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03/16/2006 04:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03/16/2006 04:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/16/2006 04:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/16/2006 04:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/26/2006 12:22 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 08:50 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 11:20 AM]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 04:30 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 02:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 07:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/23/2007 01:39 PM]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [12/26/2006 12:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/16/2006 12:00 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 05:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Jono\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [8/4/2007 7:38:55 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 7:05:26 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/12/2006 1:33:22 PM]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [12/21/2006 10:33:41 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/25/2005 12:39:30 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/18/1999 4:05:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c8658c9-874a-11dc-ba63-001641d5fb5e}]
Auto\command- F:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37d4a97-eb30-11db-b38b-001636b95763}]
AutoRun\command- F:\setupSNK.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-01-13 04:16:29 ------------

[/code]

[code]
Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jono\Application Data\Mozilla\Firefox\Profiles\yrl1v3hv.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jono\Application Data\Mozilla\Firefox\Profiles\yrl1v3hv.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jono\Cookies\jono@112.2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jono\Cookies\jono@ad.yieldmanager[1].txt
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Jono\Cookies\jono@advancedcleaner[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jono\Cookies\jono@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jono\Cookies\jono@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jono\Cookies\jono@bluestreak[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jono\Cookies\jono@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jono\Cookies\jono@doubleclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jono\Cookies\jono@go[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jono\Cookies\jono@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jono\Cookies\jono@serving-sys[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jono\Cookies\jono@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jono\Cookies\jono@tribalfusion[1].txt
Spyware:Cookie/PrivacyGuard Not disinfected C:\Documents and Settings\Jono\Cookies\jono@yourprivacyguard[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@112.2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@ad.yieldmanager[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@adtech[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@doubleclick[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\Cookies\jono@serving-sys[1].txt
Potentially unwanted tool:Application/ImeshMediaBar Not disinfected C:\Documents and Settings\Jono\Local Settings\Temp\MediaBar.exe
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Jono\My Documents\Downloads\BearShareV6.exe
Attached Files
File Type: txt extra.txt (31.6 KB, 1 views)
Last edited by Ried; 01-12-2008 at 10:13 PM. Reason: removed code tags for easier review of logs
Jono21 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here