Thread: Very slow computer, pop-ups - Spybot not effective
View Single Post
Old 01-19-2008, 10:26 AM   #1 (permalink)
griffy
Registered User
 
Join Date: Jan 2008
Posts: 22
OS: windows XP


Very slow computer, pop-ups - Spybot not effective
My computer is extremely slow, both on an offline. When online I often get the same weather site pop-up. The computer continually blacks out and freezes for periods of about one minute.

I have run Spybot Seach and Destroy and it keeps saying that some items cannot be removed because they are running. cmdservice is continually mentioned. I would be very appreciative if you could help.

I have successfully been through your recommended 5 steps and have posted the following logs below:

DSS Scan
Hijackthis Scan

I have been unable paste the Panda Scan Log as I am apparentl limited to 100,000 characters in each posting. I will attach it in a follow-up thread response.

For some reason I cannot find & attach the extra.txt file from the DSS scan.

Here are the requested logs:

DSS:

Deckard's System Scanner v20071014.68
Run by User on 2008-01-19 15:24:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as User.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-19 15:27:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SG9tZQ\command.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray .exe
C:\WINDOWS\system32\igfxtray .exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Router\Router.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy .exe
C:\Program Files\Words\Words.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\kernel\kernel .exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Words\Words .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Router\Router .exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Z5J06TWD\dss[1].exe
C:\Program Files\Trend Micro\HijackThis\User.exe
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\s?curity\mmc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - win.ini: load=C:\WINDOWS\system32\awtqr.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\byxuvss.dll
O2 - BHO: (no name) - {2BBC3B13-C0E3-4517-9769-2D454B4E8371} - C:\Program Files\Outlook Express\hokesotuhC:\WINDOWS\system32\vmi4\parreo83122.exe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67881D2D-AA89-4781-9F78-4CC7E9CDC3DD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {9a3888ca-3b7b-b41b-0184-9f3880d08ef7} - {7fe80d08-83f9-4810-b14b-b7b3ac8883a9} - C:\WINDOWS\system32\rsumkvhq.dll
O2 - BHO: (no name) - {90C4CC1B-B2C0-4296-BD07-097ED3C02ADB} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\adpvuvfe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BFFFA93A-44DB-3B23-8B27-3CE602880A9A} - C:\WINDOWS\system32\weej.dll
O2 - BHO: (no name) - {C1C4AB2E-C331-4011-9A32-634F345EBEA2} - (no file)
O2 - BHO: (no name) - {F8B53648-C576-4B01-B66C-6EB716249DBD} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [a0131fc2] rundll32.exe "C:\WINDOWS\system32\foyskita.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Tsue] "C:\WINDOWS\system32\SCURIT~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = ?
O8 - Extra context menu item: &Search - ?p=zuzed004YYGB_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: adpvuvfe - C:\WINDOWS\system32\adpvuvfe.dll
O20 - Winlogon Notify: byxuvss - C:\WINDOWS\system32\byxuvss.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9tZQ\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: - C:\Program Files\ComPlus Applications\profsyb.html

--
End of file - 12798 bytes

-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 11:45:43 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-19 10:51:59 8576 --a------ C:\WINDOWS\system32\drivers\uydvpvblrknu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-17 16:03:30 323072 --a------ C:\WINDOWS\system32\awtqr.dll
2008-01-17 08:41:13 338432 --a------ C:\WINDOWS\system32\awtsr.exe
2008-01-17 08:41:01 334848 -----n--- C:\WINDOWS\system32\awtsr.dll
2008-01-15 23:03:22 8576 --a------ C:\WINDOWS\system32\drivers\sersjuqvkujg.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-15 23:01:49 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2008-01-15 21:47:49 0 d-------- C:\Program Files\Enigma Software Group
2008-01-13 19:05:06 0 d-------- C:\Program Files\Trend Micro
2008-01-12 22:28:23 0 d-------- C:\ie-spyad_zo
2008-01-12 21:29:29 0 d-------- C:\Program Files\SpywareBlaster
2008-01-12 20:51:56 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-11 20:43:25 90176 --a------ C:\WINDOWS\system32\foyskita.dll
2008-01-11 20:40:54 163904 -----n--- C:\WINDOWS\system32\adpvuvfe.dll
2008-01-11 20:40:52 163904 --a------ C:\WINDOWS\system32\huvotvka.dll
2008-01-11 20:40:48 76864 --a------ C:\WINDOWS\system32\rsumkvhq.dll
2008-01-10 20:50:08 0 d-------- C:\Program Files\AML Products
2008-01-10 08:25:17 337408 --a------ C:\WINDOWS\system32\ssttq.exe
2008-01-08 19:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 08:18:35 37888 --a------ C:\WINDOWS\system32\byxvvvv.dll
2008-01-07 23:32:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-01-07 22:10:31 0 d-------- C:\Program Files\Words
2008-01-07 08:24:14 40960 --a------ C:\WINDOWS\system32\khfdbba.dll
2008-01-06 15:30:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-01-06 15:30:10 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-01-06 11:22:34 0 d-------- C:\Program Files\Router
2008-01-06 11:17:35 0 d--hs---- C:\WINDOWS\SG9tZQ
2008-01-06 11:12:43 0 d-------- C:\Documents and Settings\User\Application Data\??stem32
2008-01-06 11:12:42 60928 --a------ C:\WINDOWS\system32\weej.dll
2008-01-06 11:12:33 0 d-------- C:\WINDOWS\system32\s?curity
2008-01-05 10:59:18 0 d-------- C:\Program Files\Temporary
2008-01-05 10:59:18 0 d-------- C:\Program Files\kernel
2008-01-05 10:55:46 40960 --a------ C:\WINDOWS\system32\gebbxwu.dll
2008-01-05 09:44:52 1814 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-04 12:22:20 5446681 --a------ C:\WINDOWS\system32\SBSP.dat
2008-01-04 12:22:12 443765 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-01 16:16:33 0 d-------- C:\Documents and Settings\User\Application Data\Sunbelt Software
2008-01-01 16:16:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-01-01 08:46:01 40960 --a------ C:\WINDOWS\system32\fccbyxv.dll
2007-12-31 10:54:24 40960 --a------ C:\WINDOWS\system32\jkklmji.dll
2007-12-30 19:33:50 69632 --a------ C:\WINDOWS\b143.exe
2007-12-30 09:02:19 35328 --a------ C:\WINDOWS\system32\jkkhedb.dll
2007-12-29 00:04:04 77888 --a------ C:\WINDOWS\system32\yykwotei.dll
2007-12-28 12:03:15 35328 --a------ C:\WINDOWS\system32\vtursqp.dll
2007-12-27 14:45:22 35328 --a------ C:\WINDOWS\system32\vtutsqr.dll
2007-12-26 11:22:50 35328 --a------ C:\WINDOWS\system32\opnllki.dll
2007-12-25 16:22:55 326656 --a------ C:\WINDOWS\system32\awtqr.exe
2007-12-25 16:22:50 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-25 16:22:36 21893 --ahs---- C:\WINDOWS\system32\rqtwa.ini2
2007-12-25 16:12:02 0 d-------- C:\WINDOWS\system32\vmi4
2007-12-25 16:12:00 0 d-------- C:\WINDOWS\system32\jab2
2007-12-25 16:11:50 0 d-------- C:\WINDOWS\system32\elmo1
2007-12-25 16:11:48 172032 --a------ C:\winlogon.exe
2007-12-25 16:11:46 0 d-------- C:\WINDOWS\system32\ardCo18
2007-12-25 16:11:33 35328 --a------ C:\WINDOWS\system32\byxuvss.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-19 13:57:19 0 d-------- C:\Program Files\iTunes
2008-01-19 13:55:24 0 d-------- C:\Program Files\Google
2008-01-19 09:33:23 0 d-------- C:\Program Files\QuickTime
2008-01-19 09:32:45 454144 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-19 09:32:43 417280 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-19 09:32:42 433664 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-16 07:26:13 0 d-------- C:\Documents and Settings\User\Application Data\??stem32
2008-01-08 22:00:53 0 d-------- C:\Program Files\Common Files
2008-01-05 10:51:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 16:25:51 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2007-12-11 12:11:43 96256 --a------ C:\WINDOWS\b151.exe
2007-12-09 01:27:06 0 d-------- C:\Documents and Settings\User\Application Data\Skype
2007-12-02 18:09:23 0 d-------- C:\Documents and Settings\User\Application Data\Snapfish
2007-11-19 10:37:18 173568 --a------ C:\WINDOWS\b149.exe
2007-10-27 07:07:42 44632 --a------ C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
25/12/2007 16:11 35328 --a------ C:\WINDOWS\system32\byxuvss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBC3B13-C0E3-4517-9769-2D454B4E8371}]
C:\Program Files\Outlook Express\hokesotuhC:\WINDOWS\system32\vmi4\parreo83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67881D2D-AA89-4781-9F78-4CC7E9CDC3DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7fe80d08-83f9-4810-b14b-b7b3ac8883a9}]
11/01/2008 20:40 76864 --a------ C:\WINDOWS\system32\rsumkvhq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90C4CC1B-B2C0-4296-BD07-097ED3C02ADB}]
17/01/2008 16:03 323072 --a------ C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
16/01/2008 21:16 163904 --------- C:\WINDOWS\system32\adpvuvfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFFFA93A-44DB-3B23-8B27-3CE602880A9A}]
01/11/2007 13:44 60928 --a------ C:\WINDOWS\system32\weej.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C4AB2E-C331-4011-9A32-634F345EBEA2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8B53648-C576-4B01-B66C-6EB716249DBD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [19/01/2008 09:32]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [19/01/2008 09:32]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [19/01/2008 09:32]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [19/01/2008 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [19/01/2008 09:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [19/01/2008 09:32]
"WD Button Manager"="WDBtnMgr.exe" [11/08/2007 08:59 C:\WINDOWS\system32\WDBtnMgr.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [19/01/2008 09:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [19/01/2008 09:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/01/2008 09:32]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [19/01/2008 09:32]
"RegistryMechanic"="" []
"a0131fc2"="C:\WINDOWS\system32\foyskita.dll" [11/01/2008 20:43]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [19/01/2008 09:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/01/2008 09:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [19/01/2008 09:32]
"Tsue"="C:\WINDOWS\system32\SCURIT~1\mmc.exe" [07/01/2008 16:51]
"Router"="C:\Program Files\Router\Router.exe" [19/01/2008 09:32]
"Words"="C:\Program Files\Words\Words.exe" [19/01/2008 09:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [19/01/2008 09:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [07/12/2006 19:26:34]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [11/08/2007 09:00:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\ComPlus Applications\profsyb.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\byxuvss.dll [25/12/2007 16:11 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\adpvuvfe]
adpvuvfe.dll 16/01/2008 21:16 163904 C:\WINDOWS\system32\adpvuvfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuvss]
byxuvss.dll 25/12/2007 16:11 35328 C:\WINDOWS\system32\byxuvss.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqr

*Newly Created Service* - SDTHOOK
*Newly Created Service* - UYDVPVBLRKNU



-- End of Deckard's System Scanner: finished at 2008-01-19 15:38:26 ------------

Here is the Highjackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:22, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SG9tZQ\command.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray .exe
C:\WINDOWS\system32\igfxtray .exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Router\Router.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy .exe
C:\Program Files\Words\Words.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\kernel\kernel .exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Words\Words .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Router\Router .exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\SCURIT~1\mmc.exe
C:\WINDOWS\system32\SCURIT~1\mmc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqr.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [a0131fc2] rundll32.exe "C:\WINDOWS\system32\foyskita.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Tsue] "C:\WINDOWS\system32\SCURIT~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Search - ?p=zuzed004YYGB_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9tZQ\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\profsyb.html

--
End of file - 9835 bytes
griffy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here