Thread: Warning! Spyware detected on your computer!
View Single Post
Old 06-10-2008, 10:10 PM   #1 (permalink)
mredraye82
Registered User
 
Join Date: Jun 2008
Posts: 30
OS: WinXP SP2


Warning! Spyware detected on your computer!
Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer

Then the bugs start crawling everywhere! I seen this posted in a few other threads, but the 5 step instructions said to create a new thread...

Attached and C&P'd the requested log files.... TIA for any help!!!




Deckard's System Scanner v20071014.68
Run by misty on 2008-06-10 21:30:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-11 02:30:29 UTC - RP4 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 21:32:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Elantech\KTP.EXE
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\lphc7v8j0ep10.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\misty\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc7v8j0ep10] C:\WINDOWS\system32\lphc7v8j0ep10.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O4 - Global Startup: Orbit.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210215948906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--
End of file - 8692 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 21:25:48 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 20:48:36 0 d-------- C:\WINDOWS\LastGood
2008-06-10 20:46:58 0 d-------- C:\Program Files\Panda Security
2008-06-10 14:31:30 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-10 13:35:18 0 d-------- C:\Documents and Settings\misty\Application Data\shc1v8j0ep10
2008-06-10 13:33:45 52736 --a------ C:\WINDOWS\system32\blphc7v8j0ep10.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-10 13:33:42 92160 --a------ C:\WINDOWS\system32\lphc7v8j0ep10.exe
2008-06-06 15:57:43 802816 --a------ C:\WINDOWS\FeedingFrenzy.scr <Not Verified; Sprout Games, LLC; Feeding Frenzy>
2008-06-04 18:37:04 0 d-------- C:\Documents and Settings\misty\Application Data\Pogo Games
2008-06-03 08:56:50 0 d-------- C:\PSP Stuff
2008-06-03 08:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-27 00:51:05 90112 --a------ C:\WINDOWS\RSetupCE.exe
2008-05-27 00:51:00 0 d-------- C:\Program Files\Resco
2008-05-26 17:44:15 0 d-------- C:\Dump
2008-05-19 21:20:37 0 d-------- C:\Documents and Settings\misty\Application Data\Help
2008-05-18 09:59:30 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-14 23:30:37 0 d-------- C:\Documents and Settings\misty\Application Data\gtk-2.0
2008-05-12 23:11:34 0 d-------- C:\Documents and Settings\misty\Application Data\hIq Inc
2008-05-12 23:09:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-12 23:09:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 03:10:58 0 d-------- C:\Downloads
2008-05-12 03:10:50 0 d-------- C:\Documents and Settings\misty\Application Data\Orbit
2008-05-12 03:10:49 0 d-------- C:\Program Files\Orbitdownloader
2008-05-11 22:45:10 0 d-------- C:\Documents and Settings\misty\Application Data\Move Networks
2008-05-10 23:29:34 0 d-------- C:\Program Files\PPCkitchen.org
2008-05-10 22:40:36 0 d-------- C:\Documents and Settings\misty\Application Data\WinRAR
2008-05-10 21:29:17 0 d-------- C:\PPC Stuff
2008-05-10 19:18:27 0 d-------- C:\Program Files\InterActual
2008-05-10 19:08:01 0 d-------- C:\WINDOWS\Sun
2008-05-10 19:08:01 0 d-------- C:\Documents and Settings\misty\Application Data\Sun


-- Find3M Report ---------------------------------------------------------------

2008-06-09 00:13:16 0 d-------- C:\Documents and Settings\misty\Application Data\dvdcss
2008-06-06 23:22:29 0 d-------- C:\Documents and Settings\misty\Application Data\GameHouse
2008-06-06 15:57:42 0 d-------- C:\Program Files\GameHouse
2008-06-05 08:36:10 0 d-------- C:\Documents and Settings\misty\Application Data\.purple
2008-05-27 00:17:51 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-13 20:08:50 0 d-------- C:\Documents and Settings\misty\Application Data\Adobe
2008-05-12 23:09:05 0 d-------- C:\Program Files\Common Files
2008-05-12 01:55:36 0 d-------- C:\Documents and Settings\misty\Application Data\LimeWire
2008-05-08 23:58:08 0 d-------- C:\Program Files\Java
2008-05-08 23:53:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-08 23:50:17 0 d-------- C:\Program Files\LimeWire
2008-05-08 23:07:22 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-08 20:25:26 0 d-------- C:\Program Files\Google
2008-05-08 19:13:03 0 d-------- C:\Program Files\Oberon Media
2008-05-08 13:59:19 0 d-------- C:\Documents and Settings\misty\Application Data\ImgBurn
2008-05-08 12:52:26 0 d-------- C:\Program Files\YPOPs
2008-05-08 00:27:43 0 d-------- C:\Program Files\MSXML 6.0
2008-05-07 23:52:17 0 d-------- C:\Program Files\Microsoft.NET
2008-05-07 22:47:29 0 d-------- C:\Program Files\Pidgin
2008-05-07 22:47:19 0 d-------- C:\Program Files\Common Files\GTK
2008-05-07 22:03:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 22:03:52 0 d-------- C:\Program Files\CyberLink
2008-05-07 22:03:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 09:46:45 0 d-------- C:\Documents and Settings\misty\Application Data\Macromedia
2008-05-07 01:23:35 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2008-05-06 15:53:09 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-06 15:44:43 0 d-------- C:\Program Files\Netflix
2008-05-06 15:42:11 0 d-------- C:\Documents and Settings\misty\Application Data\vlc
2008-05-06 15:31:00 0 d-------- C:\Program Files\VideoLAN
2008-05-06 14:36:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 14:36:14 0 d-------- C:\Documents and Settings\misty\Application Data\Mozilla
2008-05-06 14:28:59 0 d-------- C:\Program Files\ImgBurn
2008-05-06 14:24:05 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-05-06 14:19:47 0 d-------- C:\Program Files\DVD Shrink
2008-05-06 13:53:24 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-06 13:17:09 2528 --a------ C:\Documents and Settings\misty\Application Data\$_hpcst$.hpc
2008-05-06 12:46:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-01 08:17:30 0 d-------- C:\Program Files\WIDCOMM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/10/2007 05:08 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/22/2006 04:31 AM]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [02/13/2007 03:11 PM]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [12/29/2006 02:48 PM]
"WLSS"="C:\Program Files\Wireless Select Switch\WLSS.exe" [10/17/2007 02:40 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [06/01/2007 01:51 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [06/01/2007 01:49 PM]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [05/03/2007 08:51 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [03/28/2007 10:23 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/26/2007 07:06 AM]
"nwiz"="nwiz.exe" [06/26/2007 07:06 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [06/26/2007 07:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"lphc7v8j0ep10"="C:\WINDOWS\system32\lphc7v8j0ep10.exe" [06/10/2008 01:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 04:06 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/11/2006 6:35:34 PM]
Fantastic Flame Agent.lnk - C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe [4/24/2007 3:33:26 PM]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [5/12/2008 3:10:49 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 03/28/2007 10:46 PM 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54ee2c94-da25-11dc-8831-806d6172696f}]
AutoRun\command- D:\StartCD.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-10 21:32:25 ------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:08 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\lphc7v8j0ep10.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\misty\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc7v8j0ep10] C:\WINDOWS\system32\lphc7v8j0ep10.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210215948906
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7999 bytes
Attached Files
File Type: txt ActiveScan.txt (42.1 KB, 1 views)
File Type: txt extra.txt (13.5 KB, 1 views)
mredraye82 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here