Hi, welcome to TSF!

If you still need assistance,

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.

 

Sorry it has taken me so long to respond, I am having trouble getting to the needed websites. If it takes me awhile to respond it is probably because I am having trouble getting to my email. I hope this is what you need. Thanks.

P.S. The extra.txt was not created.


Deckard's System Scanner v20071014.68
Run by Scott M. Bantel on 2008-04-29 20:37:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).


-- HijackThis (run as Scott M. Bantel.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:46 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\crolirer\wnuzifmn.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\All Users\Application Data\Common\dgpunmpo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\uxkfelwh.exe
C:\DOCUME~1\SCOTTM~1.BAN\LOCALS~1\Temp\ie.exe
C:\Documents and Settings\Scott M. Bantel\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rkqyanc.exe
C:\DOCUME~1\SCOTTM~1.BAN\MYDOCU~1\SKS~1\lsass.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\Documents and Settings\Scott M. Bantel\My Documents\??pPatch\s?ool32.exe
C:\Documents and Settings\Scott M. Bantel\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Bat\X_Bat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Scott M. Bantel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SCOTTM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bengals.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\ryjwrizu.dll
O2 - BHO: {105b479b-5a68-d44a-b074-39ac8f206023} - {320602f8-ca93-470b-a44d-86a5b974b501} - C:\WINDOWS\system32\eegvqkht.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9C1AA705-7CC1-4BEF-A9C2-BD2D23098A4F} - C:\WINDOWS\system32\opnkiFvW.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - C:\WINDOWS\system32\hgGvuULD.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDD045DB-F337-FCE4-119A-A38F755773C5} - C:\WINDOWS\system32\bjlu.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [DIGServices] "C:\Program Files\ESPNRunTime\DIGServices.exe" /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ofofstwh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ofofstwh.dll"
O4 - HKLM\..\Run: [ComUtil] C:\Documents and Settings\All Users\Application Data\Common\dgpunmpo.exe
O4 - HKLM\..\Run: [BM1fae519a] Rundll32.exe "C:\WINDOWS\system32\wgaurhju.dll",s
O4 - HKLM\..\Run: [1c9d6206] rundll32.exe "C:\WINDOWS\system32\nxfhsgvf.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [urnusklf] C:\WINDOWS\system32\uxkfelwh.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\SCOTTM~1.BAN\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Scott M. Bantel\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rkqyanc.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\SCOTTM~1.BAN\MYDOCU~1\SKS~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Bdolyy] "C:\Documents and Settings\Scott M. Bantel\My Documents\??pPatch\s?ool32.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Scott M. Bantel\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [mcdjltwo] C:\WINDOWS\system32\ulepmpqt.exe
O4 - HKLM\..\Policies\Explorer\Run: [S3eJgr90qs] C:\Documents and Settings\All Users\Application Data\crolirer\wnuzifmn.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5282/mcfscan.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: hgGvuULD - C:\WINDOWS\SYSTEM32\hgGvuULD.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 14918 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 20:25:01 97856 --a------ C:\WINDOWS\system32\nxfhsgvf.dll
2008-04-29 20:21:27 107072 --a------ C:\WINDOWS\system32\eegvqkht.dll
2008-04-29 20:20:26 104512 --a------ C:\WINDOWS\system32\wgaurhju.dll
2008-04-28 22:25:23 0 d-------- C:\WINDOWS\system32\?asks
2008-04-28 22:25:05 60928 --a------ C:\WINDOWS\system32\bjlu.dll
2008-04-28 22:24:22 108608 --a------ C:\WINDOWS\system32\gfgwxuxj.dll
2008-04-28 12:16:15 95296 -----n--- C:\WINDOWS\system32\uyqsuqfk.dll
2008-04-28 12:12:58 104000 --a------ C:\WINDOWS\system32\qqppymkg.dll
2008-04-27 13:04:57 107072 --a------ C:\WINDOWS\system32\ibvpclvn.dll
2008-04-27 12:59:25 105024 --a------ C:\WINDOWS\system32\fvskugbd.dll
2008-04-26 20:28:38 0 d-------- C:\Program Files\Panda Security
2008-04-26 13:01:43 107072 --a------ C:\WINDOWS\system32\sgtucmgk.dll
2008-04-26 13:01:26 106048 --a------ C:\WINDOWS\system32\dsgfrdso.dll
2008-04-26 01:09:55 110592 --a------ C:\WINDOWS\system32\ulepmpqt.exe
2008-04-25 17:48:16 0 d-------- C:\Program Files\RcvSystem
2008-04-25 17:43:05 0 d-------- C:\WINDOWS\McAfee.com
2008-04-25 17:23:30 1260 --ah----- C:\aaw7boot.cmd
2008-04-25 13:01:17 107072 --a------ C:\WINDOWS\system32\oglcstox.dll
2008-04-25 12:58:18 105536 --a------ C:\WINDOWS\system32\hkioemfe.dll
2008-04-25 12:55:01 0 d-------- C:\Program Files\Lavasoft
2008-04-25 12:54:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 12:52:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 12:25:03 106048 --a------ C:\WINDOWS\system32\onhkovsy.dll
2008-04-22 22:50:14 0 d-------- C:\Program Files\Outerinfo
2008-04-21 17:07:28 0 d-------- C:\Program Files\QdrPack
2008-04-21 17:07:26 0 d-------- C:\Program Files\ISM
2008-04-21 13:25:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Common
2008-04-21 13:17:48 0 d-------- C:\Program Files\Common Files\uqkm
2008-04-21 13:17:47 0 d-------- C:\WINDOWS\uqkm
2008-04-21 13:12:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-04-21 13:12:30 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-04-21 13:12:30 0 d--hs---- C:\WINDOWS\U2NvdHQgTS4gQmFudGVs
2008-04-21 13:02:21 0 d-------- C:\Documents and Settings\Scott M. Bantel\Application Data\WinTouch
2008-04-21 13:02:15 0 d-------- C:\Program Files\Inet_Get_2
2008-04-21 12:57:11 0 d-------- C:\Documents and Settings\Scott M. Bantel\Application Data\SpeedRunner
2008-04-21 12:47:04 0 d-------- C:\Program Files\CPV
2008-04-21 12:42:02 0 d-------- C:\Program Files\Twain
2008-04-21 12:42:02 0 d-------- C:\Program Files\Temporary
2008-04-21 00:45:54 94272 --a------ C:\WINDOWS\system32\qnnmbueu.dll
2008-04-21 00:42:55 96320 --a------ C:\WINDOWS\system32\mnndihjr.dll
2008-04-20 12:49:59 18688 --a------ C:\WINDOWS\stcloader.exe
2008-04-20 12:49:58 14336 --a------ C:\WINDOWS\voiceip.dll
2008-04-20 12:49:58 12800 --a------ C:\WINDOWS\swin32.dll
2008-04-20 12:49:58 28928 --a------ C:\WINDOWS\cdsm32.dll
2008-04-20 12:49:57 11264 --a------ C:\WINDOWS\mssvr.exe
2008-04-20 12:49:57 12288 --a------ C:\WINDOWS\mspphe.dll
2008-04-20 12:49:57 22016 --a------ C:\WINDOWS\bokja.exe
2008-04-20 12:49:57 29440 --a------ C:\WINDOWS\bjam.dll
2008-04-20 12:49:56 30464 --a------ C:\WINDOWS\2020search2.dll
2008-04-20 12:49:56 9728 --a------ C:\WINDOWS\2020search.dll
2008-04-20 12:49:50 24576 --a------ C:\WINDOWS\saiemod.dll
2008-04-20 12:49:49 15616 --a------ C:\WINDOWS\msapasrc.dll
2008-04-20 12:49:49 12288 --a------ C:\WINDOWS\msa64chk.dll
2008-04-20 12:49:46 30720 --a------ C:\WINDOWS\shdocpl.dll
2008-04-20 12:49:44 22272 --a------ C:\WINDOWS\shdocpe.dll
2008-04-20 12:49:44 27392 --a------ C:\WINDOWS\ntnut.exe
2008-04-20 12:49:43 20992 --a------ C:\WINDOWS\winsb.dll
2008-04-20 12:49:42 29952 --a------ C:\WINDOWS\browserad.dll
2008-04-20 12:49:42 20992 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-20 12:49:41 32000 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-20 12:49:41 9984 --a------ C:\WINDOWS\avifile32.dll
2008-04-20 12:49:41 29440 --a------ C:\WINDOWS\autodisc32.dll
2008-04-20 12:49:40 31232 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-20 12:49:39 31488 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-20 12:49:38 28416 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-20 12:49:38 13568 --a------ C:\WINDOWS\athprxy32.dll
2008-04-20 12:49:38 11264 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-20 12:49:37 21760 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-20 12:49:37 22528 --a------ C:\WINDOWS\asferror32.dll
2008-04-20 12:49:37 25856 --a------ C:\WINDOWS\apphelp32.dll
2008-04-20 12:37:21 520366 --ahs---- C:\WINDOWS\system32\WvFiknpo.ini2
2008-04-20 12:37:09 274432 --a------ C:\WINDOWS\system32\opnkiFvW.dll
2008-04-20 12:35:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 12:33:53 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-20 12:33:53 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-20 12:33:53 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-20 12:33:53 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-20 12:33:52 4096 --a------ C:\WINDOWS\a.bat
2008-04-20 12:33:52 0 d-------- C:\Documents and Settings\Scott M. Bantel\Desktopvirii
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-20 12:33:51 0 d-------- C:\WINDOWS\system32smp
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-20 12:33:51 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-20 12:33:50 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-20 12:33:50 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-20 12:33:50 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-20 12:33:49 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-20 12:33:49 4096 --a------ C:\Documents and Settings\Scott M. Bantel\DesktopFWebdEditor.exe
2008-04-20 12:33:49 4096 --a------ C:\Documents and Settings\Scott M. Bantel\Desktopfwebd.exe
2008-04-20 12:33:49 4096 --a------ C:\Documents and Settings\Scott M. Bantel\Desktopfilemanagerclient.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-20 12:33:48 4096 --a------ C:\WINDOWS\bdn.com
2008-04-20 12:33:47 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-20 12:33:46 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-20 12:33:46 0 d-------- C:\WINDOWS\mslagent
2008-04-20 12:33:46 0 d-------- C:\Program Files\akl
2008-04-20 12:33:39 0 d-------- C:\Program Files\Common Files\S?mantec
2008-04-20 12:33:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 12:33:15 0 d-------- C:\Documents and Settings\All Users\Application Data\crolirer
2008-04-20 12:33:14 94208 --a------ C:\WINDOWS\system32\uxkfelwh.exe
2008-04-20 12:33:03 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-20 12:32:54 0 d-------- C:\WINDOWS\PerfInfo
2008-04-20 12:32:54 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 12:32:54 65024 --a------ C:\Documents and Settings\All Users\Application Data\ofofstwh.dll
2008-04-20 12:32:48 192512 --a------ C:\WINDOWS\lsfgjgvo.dll
2008-04-20 12:32:45 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-20 12:32:44 65024 --a------ C:\WINDOWS\ryjwrizu.dll
2008-04-20 12:32:27 89515 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-20 12:32:27 89515 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-20 12:32:23 0 d-------- C:\Program Files\webHancer
2008-04-20 12:32:23 0 d-------- C:\Program Files\QdrDrive
2008-04-20 12:32:23 0 d-------- C:\Program Files\Bat
2008-04-20 12:32:00 37376 -ra------ C:\WINDOWS\mrofinu72.exe
2008-04-20 12:31:55 28672 --a------ C:\WINDOWS\winself.exe
2008-04-20 12:31:29 36352 --a------ C:\WINDOWS\system32\hgGvuULD.dll
2008-04-17 14:49:38 273408 --a------ C:\WINDOWS\b148.exe
2008-04-11 14:44:58 229526 --a------ C:\WINDOWS\system32\000080.exe
2008-04-11 10:48:26 11264 --a------ C:\WINDOWS\b138.exe
2008-04-08 19:33:56 68096 --a------ C:\WINDOWS\b155.exe
2008-04-05 01:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-25 17:23:33 0 d-------- C:\Program Files\Common Files
2008-04-20 15:03:51 0 d-------- C:\Documents and Settings\Scott M. Bantel\Application Data\Real
2008-04-20 14:52:40 0 d-------- C:\Program Files\Common Files\S?mantec
2008-03-23 22:06:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-23 22:06:38 0 d-------- C:\Program Files\Google
2008-03-21 14:54:38 0 d-------- C:\Program Files\Safari
2008-02-29 19:38:17 0 d-------- C:\Program Files\iTunes
2008-02-29 19:37:58 0 d-------- C:\Program Files\iPod
2008-02-29 19:34:34 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]
04/20/2008 12:32 PM 65024 --a------ C:\WINDOWS\ryjwrizu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{320602f8-ca93-470b-a44d-86a5b974b501}]
04/29/2008 08:21 PM 107072 --a------ C:\WINDOWS\system32\eegvqkht.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{847B6838-BFB6-40a1-8888-736928099059}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C1AA705-7CC1-4BEF-A9C2-BD2D23098A4F}]
04/20/2008 12:37 PM 274432 --a------ C:\WINDOWS\system32\opnkiFvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8EEB996-62AA-4E48-995D-EADDCAC47476}]
04/20/2008 12:31 PM 36352 --a------ C:\WINDOWS\system32\hgGvuULD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD045DB-F337-FCE4-119A-A38F755773C5}]
04/11/2008 01:51 PM 60928 --a------ C:\WINDOWS\system32\bjlu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [01/31/2005 06:35 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/05/2005 10:05 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 12:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 12:44 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 03:02 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 09:20 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 06:30 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/08/2006 03:09 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 12:05 PM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 12:18 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2006 10:28 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 04:42 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"ofofstwh"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\ofofstwh.dll" []
"ComUtil"="C:\Documents and Settings\All Users\Application Data\Common\dgpunmpo.exe" [04/21/2008 01:25 PM]
"BM1fae519a"="C:\WINDOWS\system32\wgaurhju.dll" [04/29/2008 08:20 PM]
"1c9d6206"="C:\WINDOWS\system32\nxfhsgvf.dll" [04/29/2008 08:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 08:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [04/22/2003 05:43 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"urnusklf"="C:\WINDOWS\system32\uxkfelwh.exe" [04/20/2008 12:33 PM]
"Microsoft Windows Installer"="C:\DOCUME~1\SCOTTM~1.BAN\LOCALS~1\Temp\ie.exe" [04/20/2008 12:33 PM]
"SpeedRunner"="C:\Documents and Settings\Scott M. Bantel\Application Data\SpeedRunner\SpeedRunner.exe" [04/21/2008 12:57 PM]
"SfKg6wIP"="C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rkqyanc.exe" [04/21/2008 12:57 PM]
"Sen"="C:\DOCUME~1\SCOTTM~1.BAN\MYDOCU~1\SKS~1\lsass.exe" [04/21/2008 01:07 PM]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [04/04/2008 04:17 PM]
"Bdolyy"="C:\Documents and Settings\Scott M. Bantel\My Documents\??pPatch\s?ool32.exe" [04/11/2008 01:52 PM]
"WinTouch"="C:\Documents and Settings\Scott M. Bantel\Application Data\WinTouch\WinTouch.exe" [04/21/2008 01:02 PM]
"SfKg6w"="C:\Documents and Settings\Scott M. Bantel\Application Data\Microsoft\Windows\rayiou.exe" [04/21/2008 01:02 PM]
"mcdjltwo"="C:\WINDOWS\system32\ulepmpqt.exe" [04/26/2008 01:09 AM]

C:\Documents and Settings\Scott M. Bantel\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [4/20/2008 12:32:12 PM]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [10/13/2007 9:54:28 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2/8/2006 2:59:48 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/8/2006 2:55:11 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"S3eJgr90qs"=C:\Documents and Settings\All Users\Application Data\crolirer\wnuzifmn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A8EEB996-62AA-4E48-995D-EADDCAC47476}"= C:\WINDOWS\system32\hgGvuULD.dll [04/20/2008 12:31 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvuULD]
hgGvuULD.dll 04/20/2008 12:31 PM 36352 C:\WINDOWS\system32\hgGvuULD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnkiFvW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-29 20:44:16 ------------

 

Hi,

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
________


Make sure DSS is in your desktop.

Click start > run > copy and paste:

"%userprofile%\desktop\dss.exe" /config

When the DSS configuration window comes out, make sure everything under extra.txt is checked and all the ones under main.txt are unchecked

After that, click the "Scan!" button

On your next reply, please include a

• Fresh HijackThis log.
• extra.txt
• combofix log

 

Hi,

I did everything you requested in the last step and need to know what else I need to do to completely fix this problem. My computer is running MUCH better, but I am still having a pop-up come up saying that I have a Trojan virus and a yellow triangle on my toolbar (with an ! in the triangle) that keeps saying I have some problems. If you could advise that would be much appreciated. Thanks.

 

Hi,

Did you read all of my instructions?

I will need to see the logs that I asked for so we can continue cleaning your computer.

 

Sorry, I thought I had done the last step and posted my reply. The logs were too long to paste them both, so one is included as an attachment. Thanks.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 511.23 MiB / 135.68 MiB
Pagefile Memory (total/avail): 1247.66 MiB / 768.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1982.82 MiB

C: is Fixed (NTFS) - 34.08 GiB total, 14.89 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541040G9AT00 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 34.08 GiB - C:
\PARTITION2 - Unknown - 3.13 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1140131099\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140131099\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Scott M. Bantel\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SCOTT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Scott M. Bantel
LOGONSERVER=\\SCOTT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SCOTTM~1.BAN\LOCALS~1\Temp
TMP=C:\DOCUME~1\SCOTTM~1.BAN\LOCALS~1\Temp
USERDOMAIN=SCOTT
USERNAME=Scott M. Bantel
USERPROFILE=C:\Documents and Settings\Scott M. Bantel
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Scott M. Bantel (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Home Improvement 1-2-3 --> C:\WINDOWS\unvise32.exe C:\Program Files\Home Improvement\uninstal.log
HP DeskJet 710C Series (Remove only) --> C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iPod for Windows 2005-01-11 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3476E8FA-00F1-48AF-8771-236C84FC7CB8} /l1033
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3f1_3c61d8e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Scott M. Bantel\Application Data\Move Networks\ie_bin\Uninst.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Ohio Life and Health CompuCram --> C:\PROGRA~1\COMPUC~1\LIFEAN~1\UNWISE.EXE C:\PROGRA~1\COMPUC~1\LIFEAN~1\INSTALL.LOG
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
STC Series 66 Q&&A Final Exam v2.6.9 --> C:\PROGRA~1\STC\ILQA_6~1\UNWISE.EXE C:\PROGRA~1\STC\ILQA_6~1\INSTALL.LOG
STC Series 7 Q&&A Final 2006 --> C:\PROGRA~1\STC\QA_07_05\UNWISE.EXE C:\PROGRA~1\STC\QA_07_05\INSTALL.LOG
StudySmart Bar Review 4.0 --> "C:\Program Files\StudySmart Bar Review 4.0\Uninstall_StudySmart Bar Review 4.0\Uninstall StudySmart Bar Review 4.0.exe"
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Twain --> "C:\Program Files\Twain\Twain.exe" -uninstall
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type6520 / Warning
Event Submitted/Written: 05/14/2008 03:11:34 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type6519 / Warning
Event Submitted/Written: 05/14/2008 03:11:34 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Event Record #/Type6518 / Warning
Event Submitted/Written: 05/14/2008 03:11:34 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type6517 / Warning
Event Submitted/Written: 05/14/2008 03:11:34 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Event Record #/Type6516 / Warning
Event Submitted/Written: 05/14/2008 03:11:34 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type67870 / Warning
Event Submitted/Written: 05/19/2008 09:37:44 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type67867 / Warning
Event Submitted/Written: 05/17/2008 05:00:37 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type67866 / Warning
Event Submitted/Written: 05/17/2008 01:23:15 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type67842 / Error
Event Submitted/Written: 05/14/2008 03:09:52 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Real-time Service service hung on starting.

Event Record #/Type67839 / Error
Event Submitted/Written: 05/14/2008 03:08:25 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Trend Micro Central Control Component service failed to start due to the following error:
%%193



-- End of Deckard's System Scanner: finished at 2008-05-23 22:49:10 ------------

 

Hello skattyb,

Angelfire777 has asked me to step in and continue with you while he is away from the computer.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.

--------------------------------------------------------------------

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.

When the PC restarts, the Fixtool will run again and complete the removal process then display Finished.

• Press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

From Normal Mode....

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text inside the code box below into it:

http://www.techsupportforum.com/sec...kthis-log-help/243084-pop-ups-slow-moving-computer-post1500148.html#post1500148

Collect::
C:\WINDOWS\system32\ulepmpqt.exe
C:\WINDOWS\system32\uxkfelwh.exe
C:\WINDOWS\lsfgjgvo.dll
C:\WINDOWS\BM1fae519a.xml

File::
C:\WINDOWS\uninstall_nmon.vbs
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\WINDOWS\U2NvdHQgTS4gQmFudGVs\oZhSxJk0nmb0kAIRx3pP.vbs
C:\Documents and Settings\Scott M. Bantel\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Scott M. Bantel\DesktopFWebdEditor.exe
C:\Documents and Settings\Scott M. Bantel\Desktopfwebd.exe
C:\Documents and Settings\Scott M. Bantel\Desktopfkwp2.0.exe
C:\Documents and Settings\Scott M. Bantel\Desktopfkwp1.5.exe
C:\Documents and Settings\Scott M. Bantel\Desktopfilemanagerclient.exe
C:\Documents and Settings\Scott M. Bantel\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Scott M. Bantel\DesktopEditorFKWP1.5.exe


Folder::
C:\WINDOWS\uqkm
C:\Program Files\Common Files\uqkm
C:\WINDOWS\U2NvdHQgTS4gQmFudGVs
C:\Documents and Settings\All Users\Application Data\crolirer
C:\Program Files\Bat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"urnusklf"=-
"Bdolyy"=-
"mcdjltwo"=-

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Run a new scan with HijackThis.exe (not dss.exe) and save the log.

---------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
New HijackThis log
Update on system behavior

 

Ok, I must be doing something wrong. I downloaded SDFix and saved it to my desktop, but when I double clicked it, it did not extract the files to %systemdrive%, it only gave me the option to "Run" or "Cancel". So I moved on and restarted my computer in Safe Mode and opened the SDFix folder and again, it only gave me the option to "Run" or "Cancel", no option to "RunThis.bat" so I hit "Run". That did not take me to the next step, so let me know what I have done wrong and how to proceed from this point. I thought I would ask before I moved on and messed anything else up. Thanks.

 

Delete the SDFix.exe you downloaded.

Run the CFScript I gave you, then download SDFix again and follow the intstructions to run it. (if you still have problems with it, just return with the C:\ComboFix.txt)

After that, please run a new scan with dss.exe and post a new main.txt.

So, I'll need the following in your next reply:

C:\ComboFix.txt
C:\SDFix\Report.txt
main.txt

 

I'm sorry, I was out of town for the last week. I seem to no longer have the combofix icon (or program) on my computer in which to drag and drop the CFScript. Let me know if there is something I should/need to do in order to complete this process. Thanks.

 

Hi skattyb,

Simply download the latest version of ComboFix from any of the links below:

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Now please carry out the set of instructions in my last post. :smile: