|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Security and Firewalls Protecting you against unwanted people and programs |
 |
|
|
Thread Tools |
07-02-2008, 06:08 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 1
OS: windows xp
|
Blue Wallpaper Warning at Startup! Help Please!
hello I have been having this problem since Sunday and have tried all in my arsenal, which isn't very great. But I would love some help with this problem. Thanks Wanita....Here is a Deckards System Scanner of my computer this morning.
Deckard's System Scanner v20071014.68 Run by HP_Owner on 2008-07-02 09:54:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 125: 2008-07-02 12:24:42 UTC - RP242 - Deckard's System Scanner Restore Point 124: 2008-07-02 12:20:57 UTC - RP241 - Software Distribution Service 3.0 123: 2008-07-02 10:13:13 UTC - RP240 - Software Distribution Service 3.0 122: 2008-07-02 10:09:10 UTC - RP239 - Software Distribution Service 3.0 121: 2008-07-01 20:39:48 UTC - RP238 - System Checkpoint -- First Restore Point -- 1: 2008-06-30 16:22:17 UTC - RP118 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as HP_Owner.exe) -------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-02 09:56:28 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\All Users\Application Data\rstovcbo\fwjqjyzk.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Updater.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\orktwlyt.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\ijplmsvc.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\hp\KBD\KBD.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\1X82GNDR\dss[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: (no name) - {016D9745-8A6B-6F38-C91F-03B3B309C7AB} - C:\WINDOWS\system32\appsh.dll O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - C:\WINDOWS\system32\fccdabBR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {714BB634-CB9B-473F-3156-017F90B7680D} - C:\WINDOWS\system32\ComDb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [xgnixczy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xgnixczy.dll" O4 - HKLM\..\Run: [lkrqvkxw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lkrqvkxw.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bpbbtqzb] C:\WINDOWS\system32\orktwlyt.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [lcnzqlie] C:\WINDOWS\system32\rmpklcvc.exe O4 - HKLM\..\Policies\Explorer\Run: [ICsun6joY9] C:\Documents and Settings\All Users\Application Data\rstovcbo\fwjqjyzk.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://avsystemcare.com (HKCU) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...8f/wvc1dmo.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: fccdabBR - C:\WINDOWS\system32\fccdabBR.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\ijplmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 14195 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 IFP700 (iRiver Internet Audio Player IFP-700) - c:\windows\system32\drivers\ifp700.sys <Not Verified; iRiver, Inc.; IFP-100> R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys S3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing) S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC> R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework> R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator> S2 SessionLauncher - -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-02 09:43:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-06-26 23:27:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-02 and 2008-07-02 ----------------------------- 2008-07-02 09:51:01 0 d-------- C:\WINDOWS\LastGood 2008-07-01 23:07:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2008-07-01 11:09:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-01 11:09:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-01 11:09:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-01 11:09:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-01 11:09:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-01 11:09:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-07-01 11:09:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-01 11:09:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-01 11:04:54 110592 --a------ C:\Documents and Settings\All Users\Application Data\lkrqvkxw.dll 2008-07-01 11:04:46 110592 --a------ C:\WINDOWS\system32\appsh.dll 2008-07-01 11:04:45 73728 --a------ C:\WINDOWS\system32\rmpklcvc.exe 2008-07-01 08:45:14 0 d-------- C:\Program Files\Common Files\Webroot Shared 2008-07-01 08:45:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-07-01 08:43:57 0 d-------- C:\Program Files\Webroot 2008-07-01 08:43:57 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Webroot 2008-07-01 08:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-06-30 21:50:44 0 d------c- C:\20083006_214854_Wanita Back up June 30th 2008 2008-06-30 21:08:53 0 d------c- C:\20083006_210710_HP_Owner 2008-06-30 20:31:28 0 --a------ C:\WINDOWS\system32\abiktk.dll 2008-06-30 20:31:26 103424 --a------ C:\WINDOWS\system32\chofueja.dll 2008-06-30 20:28:36 81920 --a------ C:\WINDOWS\system32\fksfooma.dll 2008-06-30 20:28:26 91136 --a------ C:\WINDOWS\system32\xoqiecjq.dll 2008-06-30 20:26:24 122880 --a------ C:\Documents and Settings\All Users\Application Data\xgnixczy.dll 2008-06-30 20:26:10 122880 --a------ C:\WINDOWS\system32\ComDb.dll 2008-06-30 20:26:06 81920 --a------ C:\WINDOWS\system32\orktwlyt.exe 2008-06-30 20:04:25 530439 --ahs---- C:\WINDOWS\system32\feghknmp.ini2 2008-06-30 19:39:05 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6 2008-06-30 15:19:55 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WaveMax Sound Editor 2008-06-30 15:15:27 81920 --a------ C:\WINDOWS\system32\amaniwxw.dll 2008-06-30 15:14:18 348160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL> 2008-06-30 15:14:18 417792 --a------ C:\WINDOWS\system32\NCTTextToAudio2.dll <Not Verified; Online Media Technologies Ltd.; NCTTextToAudio2 ActiveX DLL> 2008-06-30 15:14:18 602112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL> 2008-06-30 15:14:18 880640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL> 2008-06-30 15:14:18 835584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll <Not Verified; NCT; NCTAudioCDGrabber2 ActiveX DLL> 2008-06-30 15:14:17 475136 --a------ C:\WINDOWS\system32\NCTAudioVisualizationEx2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualizationEx2 ActiveX DLL> 2008-06-30 15:14:17 479232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualization2 ActiveX DLL> 2008-06-30 15:14:17 458752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL> 2008-06-30 15:14:17 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL> 2008-06-30 15:14:16 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL> 2008-06-30 15:14:16 1212416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL> 2008-06-30 15:14:16 2084864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDesign2 ActiveX DLL> 2008-06-30 15:14:15 237568 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-06-30 15:14:13 0 d-------- C:\Program Files\WaveMax Sound Editor 2008-06-30 15:13:23 103424 --a------ C:\WINDOWS\system32\gdmemr.dll 2008-06-30 15:13:21 103424 --a------ C:\WINDOWS\system32\pxgoxcdu.dll 2008-06-30 15:13:12 91136 --a------ C:\WINDOWS\system32\oxwqenuj.dll 2008-06-30 15:12:25 542432 --ahs---- C:\WINDOWS\system32\srqtBcfe.ini2 2008-06-30 13:59:09 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent 2008-06-30 13:58:08 103424 --a------ C:\WINDOWS\system32\cllouk.dll 2008-06-30 13:58:06 103424 --a------ C:\WINDOWS\system32\vttxmysp.dll 2008-06-30 13:54:37 91136 --a------ C:\WINDOWS\system32\eidcmiaf.dll 2008-06-30 13:52:05 530395 --ahs---- C:\WINDOWS\system32\QYyaHkkj.ini2 2008-06-30 13:48:41 114688 --a------ C:\Documents and Settings\All Users\Application Data\jwbclsvq.dll 2008-06-30 13:48:37 114688 --a------ C:\WINDOWS\system32\procutilapp.dll 2008-06-30 13:48:37 0 d-------- C:\Documents and Settings\All Users\Application Data\rstovcbo 2008-06-30 13:48:26 94208 --a------ C:\WINDOWS\system32\zqfezkfg.exe 2008-06-30 13:48:12 0 d-------- C:\WINDOWS\system32\371186 2008-06-30 13:46:53 25088 -----n--- C:\WINDOWS\system32\fccdabBR.dll 2008-06-28 08:22:52 0 d-------- C:\Program Files\Conduit 2008-06-28 08:22:43 0 d-------- C:\Program Files\Mininova 2008-06-22 07:34:44 940304 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-06-05 11:43:54 0 d------c- C:\DVDVideoSoft 2008-06-05 11:43:43 0 d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-06-05 11:43:34 0 d-------- C:\Program Files\DVDVideoSoft 2008-06-05 11:16:51 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-05 11:16:46 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla -- Find3M Report --------------------------------------------------------------- 2008-07-02 09:20:11 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Spyware Terminator 2008-07-01 18:29:14 0 d-------- C:\Program Files\Done 2008-07-01 11:05:36 0 d-------- C:\Program Files\Spyware Terminator 2008-07-01 11:04:18 0 d-------- C:\Program Files\Enigma Software Group 2008-07-01 08:51:09 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus 2008-07-01 08:45:14 0 d-------- C:\Program Files\Common Files 2008-06-30 19:36:31 0 d-------- C:\Program Files\SpywareBlaster 2008-06-30 17:16:46 0 d-------- C:\Program Files\Lavasoft 2008-06-30 17:15:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-30 14:02:50 0 d-------- C:\Program Files\NCH Swift Sound 2008-06-30 14:02:26 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\NCH Swift Sound 2008-06-29 20:23:08 0 d-------- C:\Program Files\FinePixViewer 2008-06-17 20:42:37 0 d-------- C:\Program Files\Azureus 2008-06-15 12:45:55 6696 --a----c- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2008-06-14 09:52:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Canon 2008-06-13 16:14:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2008-06-13 13:24:11 0 d-------- C:\Program Files\Common Files\Sonic Shared 2008-06-09 09:51:29 0 d-------- C:\Program Files\DivX 2008-06-07 10:03:50 0 d-------- C:\Program Files\VSO 2008-06-07 10:03:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Vso 2008-06-07 10:03:37 33 --a----c- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.log 2008-06-07 10:03:35 7887 --a----c- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.cat 2008-06-07 10:03:34 47360 --a----c- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-07 10:03:34 1144 --a----c- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.inf 2008-06-05 10:55:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM 2008-05-30 20:52:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-30 20:52:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 20:52:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 20:52:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 20:52:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-27 20:49:39 0 d-------- C:\Program Files\Apple Software Update 2008-05-27 09:37:05 0 d-------- C:\Program Files\iTunes 2008-05-27 09:36:56 0 d-------- C:\Program Files\iPod 2008-05-27 09:35:31 0 d-------- C:\Program Files\QuickTime 2008-05-22 19:52:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 19:49:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-22 19:49:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-22 19:48:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-20 07:01:52 0 d-------- C:\Program Files\Sun 2008-05-20 07:01:17 0 d-------- C:\Program Files\Java 2008-05-15 17:23:53 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\ScanSoft 2008-05-15 17:23:31 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-05-15 17:22:54 0 d-------- C:\Program Files\ScanSoft 2008-05-15 17:18:56 0 d-------- C:\Program Files\Canon 2008-05-15 17:15:18 0 d--h----- C:\Program Files\CanonBJ 2008-05-15 10:40:28 0 d-------- C:\Program Files\Hewlett-Packard 2008-05-15 10:40:18 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-12 17:27:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Web Page Maker 2008-04-25 22:16:20 280 --a------ C:\WINDOWS\system32\PDBootState 2008-04-17 09:58:44 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{016D9745-8A6B-6F38-C91F-03B3B309C7AB}] 07/01/2008 11:04 110592 --a------ C:\WINDOWS\system32\appsh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{714BB634-CB9B-473F-3156-017F90B7680D}] 06/30/2008 20:26 122880 --a------ C:\WINDOWS\system32\ComDb.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [02/19/2008 09:50 262144] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 03:04] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/01/2005 13:08] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 20:20] "iRiver Updater"="\Updater.exe" [07/01/2004 18:50] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 13:35] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 17:50] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 07:20] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [05/14/2008 09:26] "WMC_AutoUpdate"="" [] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 13:31] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 14:20] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 20:49] "xgnixczy"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\xgnixczy.dll" [] "lkrqvkxw"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\lkrqvkxw.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:30] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/03/2007 15:47] "bpbbtqzb"="C:\WINDOWS\system32\orktwlyt.exe" [06/30/2008 20:26] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 14:47] "lcnzqlie"="C:\WINDOWS\system32\rmpklcvc.exe" [07/01/2008 11:04] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM] Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [10/19/2007 7:56:30 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "ICsun6joY9"=C:\Documents and Settings\All Users\Application Data\rstovcbo\fwjqjyzk.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{427B37EF-B6C5-4823-A97C-10B88977E398}"= C:\WINDOWS\system32\fccdabBR.dll [06/30/2008 13:46 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdabBR] fccdabBR.dll 06/30/2008 13:46 25088 C:\WINDOWS\system32\fccdabBR.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnkhgef [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RABCO - Auto Update.lnk] path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RABCO - Auto Update.lnk backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed57936-dcd7-11dc-9174-0013d30c1d49}] AutoRun\command- K:\LaunchU3.exe -a -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8756 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-02 10:00:46 ------------ |
|
     |
|
07-02-2008, 05:42 PM
|
#2 (permalink) |
|
Moderator Networking Team
Join Date: Aug 2006
Location: Canada
Posts: 2,627
OS: Windows Vista Business SP1, Windows XP Professional SP3
|
Re: Blue Wallpaper Warning at Startup! Help Please!
Please follow our HijackThis 5 Step Process and post in our HijackThis Help board. A member of our security team will reply as soon as possible. Please note our security team is very busy, so expect a delay in response.
|
|
|
|
|
| Thread Tools | |
|
|
