|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
06-10-2008, 03:13 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 9
OS: xp
|
Command.exe and other problems Please help
Hello - I have been trying to fix my sister's computer for the last 3 weeks. As you can imagine, I am at my wit's end. I posted my log on another forum, but after almost three weeks with no responses, I closed it. I am hoping and praying that someone here might be able to help. Basically, the computer was infected with a ton of spyware and other goodies. When all of his started, the desktop background had been changed, there were tons of warnings and popups, and an error that said there was a "buffer overrun." I have used a combination of Adaware, Spybot S+D, and AVG Free. A lot of my problems have been fixed using those programs and other research, but it appears that there is still work to be done. Basically, when I restart the computer a couple of black DOS looking screens quickly flash and go away. They appear to say "command.exe" and "cmd.exe." I am still getting popups whenever I am online, and both the computer and internet are ridiculously slow. After three long weeks and a nagging sister, I am beyond desperate. If anyone out there could take the time to help, I would greatly appreciate it. I realize that everyone here is a volunteer with valuable time, so I appreciate this more than you will ever know. Thanks.
Logfile of HijackThis v1.97.7 Scan saved at 5:58:27 PM, on 6/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe D:\bryon\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe, O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7A7AEF0F-D0EA-46C3-8360-CBEC0FF49C0A} - C:\WINDOWS\system32\jkkHWQIX.dll (file missing) O2 - BHO: (no name) - {8A12F6E7-94A9-4B2F-923C-C18A9AF765EB} - C:\WINDOWS\system32\cbXOExVM.dll (file missing) O2 - BHO: (no name) - {9F8439F4-D24B-A5C1-1195-A08F02547A94} - C:\WINDOWS\system32\cfzxt.dll (file missing) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\tuvTjKCr.dll (file missing) O2 - BHO: {6ee35544-ee2e-312b-1284-10e8a0769eed} - {dee9670a-8e01-4821-b213-e2ee44553ee6} - C:\WINDOWS\system32\vjftetfu.dll O2 - BHO: (no name) - {EFC79B80-1CCE-4C1B-913C-C58870718B29} - C:\WINDOWS\system32\urqoPjIc.dll (file missing) O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot O4 - HKLM\..\Run: [kxshstjm] C:\WINDOWS\System32\clvdwcp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [1871ccc1] rundll32.exe "C:\WINDOWS\system32\mlkbxkwq.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [BM1b42ff5d] Rundll32.exe "C:\WINDOWS\system32\gqcklxci.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [rasmxs] C:\WINDOWS\System32\rasmxs.exe O4 - HKCU\..\Run: [homwanco] C:\WINDOWS\system32\lmxihufa.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\28775.exe O4 - HKCU\..\Run: [A00FF3E38.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FF3E38.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [A00FE1FD8.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FE1FD8.exe O4 - HKCU\..\Run: [A00F52D7A82.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F52D7A82.exe O4 - HKCU\..\Run: [A00FA832A2B.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FA832A2B.exe O4 - HKCU\..\Run: [A00F6C68AF.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F6C68AF.exe O4 - HKCU\..\Run: [A00F82717E.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F82717E.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096151892750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138753354218 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...052.6777199074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
|
     
|
|
06-13-2008, 03:43 PM
|
#2 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Command.exe and other problems Please help
Hi, welcome to tsf!
You're using a very old version of hijackthis. Please uninstall it via control panel > add/remove programs. Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges. 1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized. 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply. 6. Please copy and paste the contents of main.txt and extra.txt to your post.
__________________
Proud member of UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-14-2008, 11:13 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 9
OS: xp
|
Re: Command.exe and other problems Please help
Hello Angelfire777 - THANKYOU SO MUCH FOR REPLYING!! My sister has been without a computer for almost a month now, so you have no idea how much I appeciate this.
MAIN: Deckard's System Scanner v20071014.68 Run by Me on 2008-06-14 14:02:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 52: 2008-06-14 18:02:36 UTC - RP554 - Deckard's System Scanner Restore Point 51: 2008-06-14 00:31:40 UTC - RP553 - System Checkpoint 50: 2008-06-12 23:33:14 UTC - RP552 - System Checkpoint 49: 2008-06-11 23:31:36 UTC - RP551 - System Checkpoint 48: 2008-06-10 23:29:03 UTC - RP550 - System Checkpoint -- First Restore Point -- 1: 2008-05-25 23:37:11 UTC - RP503 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-14 14:04:36 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG8\avgwdsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\AVG\AVG8\aAvgApi.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Me\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe, O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7A7AEF0F-D0EA-46C3-8360-CBEC0FF49C0A} - C:\WINDOWS\system32\jkkHWQIX.dll (file missing) O2 - BHO: (no name) - {8A12F6E7-94A9-4B2F-923C-C18A9AF765EB} - C:\WINDOWS\system32\cbXOExVM.dll (file missing) O2 - BHO: (no name) - {9F8439F4-D24B-A5C1-1195-A08F02547A94} - C:\WINDOWS\system32\cfzxt.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\tuvTjKCr.dll (file missing) O2 - BHO: {6ee35544-ee2e-312b-1284-10e8a0769eed} - {dee9670a-8e01-4821-b213-e2ee44553ee6} - C:\WINDOWS\system32\vjftetfu.dll (file missing) O2 - BHO: (no name) - {EFC79B80-1CCE-4C1B-913C-C58870718B29} - C:\WINDOWS\system32\urqoPjIc.dll (file missing) O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot O4 - HKLM\..\Run: [kxshstjm] C:\WINDOWS\System32\clvdwcp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [1871ccc1] rundll32.exe "C:\WINDOWS\system32\mlkbxkwq.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [BM1b42ff5d] Rundll32.exe "C:\WINDOWS\system32\gqcklxci.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [rasmxs] C:\WINDOWS\System32\rasmxs.exe O4 - HKCU\..\Run: [homwanco] C:\WINDOWS\system32\lmxihufa.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\28775.exe O4 - HKCU\..\Run: [A00FF3E38.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FF3E38.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [A00FE1FD8.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FE1FD8.exe O4 - HKCU\..\Run: [A00F52D7A82.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F52D7A82.exe O4 - HKCU\..\Run: [A00FA832A2B.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FA832A2B.exe O4 - HKCU\..\Run: [A00F6C68AF.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F6C68AF.exe O4 - HKCU\..\Run: [A00F82717E.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F82717E.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096151892750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138753354218 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...052.6777199074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: rtutrxy - C:\WINDOWS\system32\rtutrxy.dll (file missing) O20 - Winlogon Notify: tuvTjKCr - C:\WINDOWS\system32\tuvTjKCr.dll (file missing) O20 - Winlogon Notify: __c0017490 - C:\WINDOWS\system32\__c0017490.dat O20 - Winlogon Notify: __c005C7FC - C:\WINDOWS\system32\__c005C7FC.dat (file missing) O20 - Winlogon Notify: __c007328E - C:\WINDOWS\system32\__c007328E.dat O20 - Winlogon Notify: __c008EFAE - C:\WINDOWS\system32\__c008EFAE.dat (file missing) O20 - Winlogon Notify: __c00A8DC6 - C:\WINDOWS\system32\__c00A8DC6.dat O21 - SSODL: SrvHlpEn - {74484990-E3F3-C5B3-053E-0606278A4A73} - C:\Program Files\uqyfkdd\SrvHlpEn.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe service O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10723 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe> R2 V7 - c:\windows\system32\drivers\v7.sys <Not Verified; IBM Corporation; IBM V7 Driver for Windows NT/2000> S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing) S3 NAVAP - c:\program files\navnt\navap.sys (file missing) S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20080521.003\naveng.sys (file missing) S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20080521.003\navex15.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Parallel Device Device ID: ROOT\LEGACY_HPFECP20\0000 Manufacturer: Name: Parallel Device PNP Device ID: ROOT\LEGACY_HPFECP20\0000 Service: HPFECP20 -- Scheduled Tasks ------------------------------------------------------------- 2008-06-13 11:46:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-14 and 2008-06-14 ----------------------------- 2008-06-10 17:28:34 24576 --a------ C:\WINDOWS\system32\__c00D6C4E.dat 2008-06-10 17:28:34 24576 --a------ C:\WINDOWS\system32\__c00CD3E9.dat 2008-06-10 17:28:26 24576 --a------ C:\WINDOWS\system32\__c0017490.dat 2008-06-10 17:28:23 24576 --a------ C:\WINDOWS\system32\__c00A8DC6.dat 2008-06-10 17:28:23 24576 --a------ C:\WINDOWS\system32\__c007328E.dat 2008-06-10 15:31:40 0 d--hs---- C:\FOUND.000 2008-06-09 19:23:33 0 d--h----- C:\$AVG8.VAULT$ 2008-06-09 19:13:27 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-09 19:13:24 0 d-------- C:\Documents and Settings\Me\Application Data\AVGTOOLBAR 2008-06-09 19:13:00 0 d-------- C:\Program Files\AVG 2008-06-09 19:13:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-09 18:28:08 37888 --a------ C:\WINDOWS\system32\eqicnnyl.exe 2008-06-09 18:22:20 84704 --a------ C:\WINDOWS\system32\mlkbxkwq.dll 2008-06-09 18:22:16 90288 --a------ C:\WINDOWS\system32\jegmxofx.dll 2008-06-09 18:10:04 98544 --a------ C:\WINDOWS\system32\yasqkoci.dll 2008-06-09 18:04:06 37888 --a------ C:\WINDOWS\system32\tnbkqgfp.exe 2008-06-09 17:58:09 90336 --a------ C:\WINDOWS\system32\aqaswtfu.dll 2008-06-07 16:54:50 98528 --a------ C:\WINDOWS\system32\qbhrodcy.dll 2008-06-07 16:45:50 37888 --a------ C:\WINDOWS\system32\nkdpkgtu.exe 2008-06-07 16:44:25 90336 --a------ C:\WINDOWS\system32\gqcklxci.dll 2008-06-06 15:54:04 37888 --a------ C:\WINDOWS\system32\nitbotts.exe 2008-06-06 15:51:03 98528 --a------ C:\WINDOWS\system32\ikeuytcc.dll 2008-06-06 15:48:03 84688 --a------ C:\WINDOWS\system32\odhtasqn.dll 2008-06-06 15:46:00 90336 --a------ C:\WINDOWS\system32\hvvlekfd.dll 2008-06-06 15:45:02 701690 --ahs---- C:\WINDOWS\system32\XIQWHkkj.ini2 2008-06-05 18:01:41 47 --a------ C:\xcrashdump.dat 2008-06-04 19:07:38 98224 --a------ C:\WINDOWS\system32\fvknwdkh.dll 2008-06-04 18:38:55 37888 --a------ C:\WINDOWS\system32\pvildlem.exe 2008-06-04 18:29:55 728646 --ahs---- C:\WINDOWS\system32\qXEOVvut.ini2 2008-06-04 17:44:48 0 d-------- C:\WINDOWS\network diagnostic 2008-06-04 16:54:47 37888 --a------ C:\WINDOWS\system32\vtefbxoi.exe 2008-06-04 16:54:38 98224 --a------ C:\WINDOWS\system32\fitbwkoe.dll 2008-06-04 16:41:26 0 d-------- C:\Program Files\Common Files\??curity 2008-05-29 18:55:43 98208 --a------ C:\WINDOWS\system32\bkwrjkth.dll 2008-05-29 18:53:12 84896 --a------ C:\WINDOWS\system32\kfjcjqyr.dll 2008-05-29 18:46:44 729643 --ahs---- C:\WINDOWS\system32\cIjPoqru.ini2 2008-05-29 18:42:52 0 d-------- C:\Documents and Settings\All Users\Application Data\setapicom 2008-05-29 18:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\AplMsg 2008-05-29 14:48:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-29 14:41:10 98208 --a------ C:\WINDOWS\system32\fwkeugxg.dll 2008-05-29 14:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\dscgen 2008-05-29 14:31:28 0 d-------- C:\Documents and Settings\All Users\Application Data\comwincfg 2008-05-27 13:22:56 0 d-------- C:\Program Files\Common Files\?dobe 2008-05-25 22:37:07 0 d-------- C:\Documents and Settings\Me\Application Data\uTorrent 2008-05-25 19:50:45 22528 --a------ C:\WINDOWS\time.exe 2008-05-25 19:50:43 28416 --a------ C:\WINDOWS\svcinit.exe 2008-05-25 19:50:42 31744 --a------ C:\WINDOWS\svchost32.exe 2008-05-25 19:50:41 22784 --a------ C:\WINDOWS\sistem.exe 2008-05-25 19:50:40 17152 --a------ C:\WINDOWS\searchword.dll 2008-05-25 19:50:39 31232 --a------ C:\WINDOWS\rundll16.exe 2008-05-25 19:50:38 14592 --a------ C:\WINDOWS\quicken.exe 2008-05-25 19:50:37 27904 --a------ C:\WINDOWS\qttasks.exe 2008-05-25 19:50:34 14848 --a------ C:\WINDOWS\mswsc20.dll 2008-05-25 19:50:34 10496 --a------ C:\WINDOWS\mswsc10.dll 2008-05-25 19:50:32 15616 --a------ C:\WINDOWS\msspi.dll 2008-05-25 19:50:31 13312 --a------ C:\WINDOWS\msconfd.dll 2008-05-25 19:50:30 15104 --a------ C:\WINDOWS\internet.exe 2008-05-25 19:50:30 23808 --a------ C:\WINDOWS\inetinf.exe 2008-05-25 19:50:29 20736 --a------ C:\WINDOWS\helpcvs.exe 2008-05-25 19:50:28 8704 --a------ C:\WINDOWS\gfmnaaa.dll 2008-05-25 19:50:28 9216 --a------ C:\WINDOWS\funny.exe 2008-05-25 19:50:28 25600 --a------ C:\WINDOWS\funniest.exe 2008-05-25 19:50:27 28160 --a------ C:\WINDOWS\explorer32.exe 2008-05-25 19:50:26 21248 --a------ C:\WINDOWS\explore.exe 2008-05-25 19:50:25 30464 --a------ C:\WINDOWS\editpad.exe 2008-05-25 19:50:24 14336 --a------ C:\WINDOWS\dnsrelay.dll 2008-05-25 19:50:24 11264 --a------ C:\WINDOWS\directx32.exe 2008-05-25 19:50:24 28928 --a------ C:\WINDOWS\ctrlpan.dll 2008-05-25 19:50:23 29184 --a------ C:\WINDOWS\ctfmon32.exe 2008-05-25 19:50:22 11520 --a------ C:\WINDOWS\cpan.dll 2008-05-25 19:36:57 808574 --ahs---- C:\WINDOWS\system32\MVxEOXbc.ini2 2008-05-25 19:34:18 0 d-------- C:\Program Files\uqyfkdd 2008-05-25 19:33:42 0 d-------- C:\Documents and Settings\All Users\Application Data\lmnqbyjk 2008-05-25 19:33:37 0 d-------- C:\Documents and Settings\All Users\Application Data\enutil 2008-05-25 19:33:35 0 d-------- C:\Documents and Settings\All Users\Application Data\admshcmd 2008-05-25 19:33:18 0 d-------- C:\WINDOWS\system32\vntiho06 2008-05-25 19:32:55 0 d-------- C:\Program Files\uTorrent 2008-05-25 19:32:45 0 d-------- C:\Program Files\QdrPack 2008-05-25 19:32:29 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-05-25 19:32:18 4 --a------ C:\WINDOWS\system32\hljwugsf.bin -- Find3M Report --------------------------------------------------------------- 2008-06-04 16:41:28 0 d-------- C:\Program Files\Common Files\??curity 2008-05-27 13:22:58 0 d-------- C:\Program Files\Common Files\?dobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7AEF0F-D0EA-46C3-8360-CBEC0FF49C0A}] C:\WINDOWS\system32\jkkHWQIX.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A12F6E7-94A9-4B2F-923C-C18A9AF765EB}] C:\WINDOWS\system32\cbXOExVM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8439F4-D24B-A5C1-1195-A08F02547A94}] C:\WINDOWS\system32\cfzxt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 06/09/2008 07:13 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1A64443-6FCA-41CE-8D51-5F8991257555}] C:\WINDOWS\system32\tuvTjKCr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dee9670a-8e01-4821-b213-e2ee44553ee6}] C:\WINDOWS\system32\vjftetfu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFC79B80-1CCE-4C1B-913C-C58870718B29}] C:\WINDOWS\system32\urqoPjIc.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/09/2008 07:13 PM 2050816] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpinstantsupport"="C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" [02/22/2003 12:47 PM] "kxshstjm"="C:\WINDOWS\System32\clvdwcp.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [02/05/2003 12:38 PM] "1871ccc1"="C:\WINDOWS\system32\mlkbxkwq.dll" [06/09/2008 06:22 PM] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/09/2008 07:13 PM] "BM1b42ff5d"="C:\WINDOWS\system32\gqcklxci.dll" [06/07/2008 04:44 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "rasmxs"="C:\WINDOWS\System32\rasmxs.exe" [] "homwanco"="C:\WINDOWS\system32\lmxihufa.exe" [] "Microsoft Windows Installer"="C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\28775.exe" [] "A00FF3E38.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FF3E38.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "A00FE1FD8.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FE1FD8.exe" [] "A00F52D7A82.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F52D7A82.exe" [] "A00FA832A2B.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00FA832A2B.exe" [] "A00F6C68AF.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F6C68AF.exe" [] "A00F82717E.exe"="C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F82717E.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [9/11/2001 8:05:59 AM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B1A64443-6FCA-41CE-8D51-5F8991257555}"= C:\WINDOWS\system32\tuvTjKCr.dll [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SrvHlpEn"= {74484990-E3F3-C5B3-053E-0606278A4A73} - C:\Program Files\uqyfkdd\SrvHlpEn.dll [05/25/2008 07:34 PM 126976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rtutrxy] rtutrxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjKCr] tuvTjKCr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0017490] C:\WINDOWS\system32\__c0017490.dat 06/14/2008 01:55 PM 24576 C:\WINDOWS\system32\__c0017490.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005C7FC] C:\WINDOWS\system32\__c005C7FC.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007328E] C:\WINDOWS\system32\__c007328E.dat 08/16/1980 08:00 PM 24576 C:\WINDOWS\system32\__c007328E.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008EFAE] C:\WINDOWS\system32\__c008EFAE.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00A8DC6] C:\WINDOWS\system32\__c00A8DC6.dat 08/16/1980 08:00 PM 24576 C:\WINDOWS\system32\__c00A8DC6.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHWQIX [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-14 14:07:16 ------------ EXTRA: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(TM) CPU 1200MHz Percentage of Memory in Use: 77% Physical Memory (total/avail): 254.53 MiB / 57.35 MiB Pagefile Memory (total/avail): 625.94 MiB / 299.65 MiB Virtual Memory (total/avail): 2047.88 MiB / 1928.45 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 15.97 GiB total, 2.84 GiB free. D: is Fixed (NTFS) - 41.25 GiB total, 38.25 GiB free. E: is CDROM (No Media) F: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - Maxtor 4D060H3 - 57.25 GiB - 2 partitions \PARTITION0 (bootable) - Unknown - 16 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 41.25 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: AVG Anti-Virus Free v8.0 (AVG Technologies) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Me\Application Data CLASSPATH=C:\Program Files\PhotoDeluxe BE 1.0\AdobeConnectables; CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MELISSA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Me LOGONSERVER=\\MELISSA NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\pcdce32\bin;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0b01 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Me\LOCALS~1\Temp TMP=C:\DOCUME~1\Me\LOCALS~1\Temp USERDOMAIN=MELISSA USERNAME=Me USERPROFILE=C:\Documents and Settings\Me windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Me (admin) Administrator.MELISSA (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.0\DeIsL1.isu" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7E9980-3652-29D4-8908-006097A470FC}\setup.exe" /Uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21313051-BEA2-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CAF07A2-BEA4-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7052066D-7016-11D5-B89E-00B0D0D26B88}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D942}\setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D969}\setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B960F4A0-BEEF-4170-86CD-57CABE6237E6}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D54AAC0A-BE99-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL" AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu" AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM= Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AT&T Connection Services Manager --> C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager" AT&T WorldNet Setup 2.5 --> C:\PROGRA~1\WORLDNET\wnun25.exe C:\PROGRA~1\WORLDNET AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe DelFin Media Viewer --> C:\WINDOWS\unvise32.exe C:\Program Files\DelFin\PromulGate\uninstal.log DigitalPrint 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2069DE3-5924-4766-A385-CDA273885A31}\setup.exe" /Uninstall DVDExpress --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" -c"C:\Program Files\Mediamatics\DVDExpress\mydll.dll" DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe" GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4} hp deskjet 3820 series --> rundll32 hpzcon05.dll,VendorJettison hp deskjet 3820 series hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=3820 -huninstall HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe CeS HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} KaZaA Media Desktop --> RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{7D50E972-F2C4-4327-AA79-88FA868A4507}" Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Media Bar 3.2.11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}\SETUP.EXE" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Moraff's Maximum MahJongg --> C:\Program Files\Moraff's Maximum MahJongg\uninstall.exe Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu" MovieShaker 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe" Music Visualizer Library 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe OpenMG Secure Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}\setup.exe" UNINSTALL Paint Shop Pro 5.01 --> C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG Panicware Pop-Up Stopper --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG PicoPlayer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8139011A-4039-46C7-8614-A3F8948121AD}\setup.exe" PictureGear 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FF58521-5E44-11D4-A433-00105A8547C6}\setup.exe" Quicken 2002 New User Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll" QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5 Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Shrooms 5.0 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Shrooms 5.0\ST5UNST.LOG" Smart Capture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B6F4C00-E935-11D3-A98A-0080986030D9}\setup.exe" SonicStage CD-R Writing Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}\setup.exe" Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe" Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe" Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Support Actions Win2K,WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe" truball --> c:\program files\Uninstal.exe Ulead PhotoImpact 4.2 --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\IS32Inst.dll" VAIO Action Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\setup.exe" VAIO Grid Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe" VAIO Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}\setup.exe" VAIO Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}\setup.exe" VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq Vaio Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F69B5C-09F1-44D2-8D1C-5B3E72BB46D2}\setup.exe" VAIOWorld --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601B53EE-509D-4649-9173-14A864F1E807}\setup.exe" Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VisualFlow 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D920}\setup.exe" /Uninstall VPHoldem version 1.0.23 --> C:\WINDOWS\desktop\VPHoldem\unins000.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type16114 / Warning Event Submitted/Written: 06/09/2008 04:13:44 PM Event ID/Source: 22 / Norton AntiVirus Event Description: Norton AntiVirus Realtime Protection failed to load. Event Record #/Type16111 / Error Event Submitted/Written: 06/07/2008 04:57:54 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type16107 / Error Event Submitted/Written: 06/06/2008 03:36:04 PM Event ID/Source: 5 / Norton AntiVirus Event Description: Virus Found!Virus name: Trojan.LowZones in File: C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP545\A0069332.exe by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Trojan.LowZones in File: C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP545\A0069333.exe by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Trojan.LowZones in File: C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP545\A0069334.exe by: Manual scan. Action: Clean failed : Quarantine succeeded : Event Record #/Type16106 / Warning Event Submitted/Written: 06/06/2008 03:35:55 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file D:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP545\change.log [00000003] Event Record #/Type16105 / Warning Event Submitted/Written: 06/06/2008 03:35:15 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Could not scan 10 files inside C:\dj3820\3820-enu-win2k_xp.exe due to extraction errors encountered by the Decomposer Engines. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type334677 / Error Event Submitted/Written: 06/14/2008 01:59:03 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Event Record #/Type333837 / Warning Event Submitted/Written: 06/14/2008 04:52:40 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. -- End of Deckard's System Scanner: finished at 2008-06-14 14:07:16 ------------ |
|
|
|
|
06-14-2008, 12:10 PM
|
#4 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Command.exe and other problems Please help
Hi,
Please visit this webpage for download links, and instructions for running combofixl: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log.
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-14-2008, 03:49 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 9
OS: xp
|
Re: Command.exe and other problems Please help
I have followed your instructions. One thing - and I'm not sure if this is normal - but the computer seems to be running even slower after combofix finished. THANKS AGAIN!! Combolog: ComboFix 08-06-12.2 - Me 2008-06-14 18:07:06.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -4:00] Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Me\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Me\Application Data\Microsoft\dtsc C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\16109.dll C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\19144.dll C:\Documents and Settings\Me\Application Data\Microsoft\dtsc\id C:\Program Files\Common Files\curity~1 C:\Program Files\delfin C:\Program Files\QdrPack C:\Temp\vtmp2 C:\WINDOWS\bundles C:\WINDOWS\bundles\2504040824.exe C:\WINDOWS\bundles\Tvm_b5_269.exe C:\WINDOWS\cookies.ini C:\WINDOWS\cpan.dll C:\WINDOWS\ctfmon32.exe C:\WINDOWS\ctrlpan.dll C:\WINDOWS\directx32.exe C:\WINDOWS\dnsrelay.dll C:\WINDOWS\editpad.exe C:\WINDOWS\explore.exe C:\WINDOWS\explorer32.exe C:\WINDOWS\funniest.exe C:\WINDOWS\funny.exe C:\WINDOWS\gfmnaaa.dll C:\WINDOWS\helpcvs.exe C:\WINDOWS\inetinf.exe C:\WINDOWS\internet.exe C:\WINDOWS\mainms.vpi C:\WINDOWS\megavid.cdt C:\WINDOWS\msconfd.dll C:\WINDOWS\msspi.dll C:\WINDOWS\mswsc10.dll C:\WINDOWS\mswsc20.dll C:\WINDOWS\muotr.so C:\WINDOWS\pskt.ini C:\WINDOWS\qttasks.exe C:\WINDOWS\quicken.exe C:\WINDOWS\rundll16.exe C:\WINDOWS\rundll32.vbe C:\WINDOWS\searchword.dll C:\WINDOWS\sistem.exe C:\WINDOWS\svchost32.exe C:\WINDOWS\svcinit.exe C:\WINDOWS\system32\aqaswtfu.dll C:\WINDOWS\system32\bkwrjkth.dll C:\WINDOWS\system32\bxgultmf.ini C:\WINDOWS\system32\cIjPoqru.ini C:\WINDOWS\system32\cIjPoqru.ini2 C:\WINDOWS\system32\fitbwkoe.dll C:\WINDOWS\system32\fvknwdkh.dll C:\WINDOWS\system32\fwkeugxg.dll C:\WINDOWS\system32\gqcklxci.dll C:\WINDOWS\system32\hljwugsf.bin C:\WINDOWS\system32\HOWEKRqr.ini C:\WINDOWS\system32\hvvlekfd.dll C:\WINDOWS\system32\ikeuytcc.dll C:\WINDOWS\system32\jegmxofx.dll C:\WINDOWS\system32\kfjcjqyr.dll C:\WINDOWS\system32\luhycuth.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlkbxkwq.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\MVxEOXbc.ini C:\WINDOWS\system32\MVxEOXbc.ini2 C:\WINDOWS\system32\nqsathdo.ini C:\WINDOWS\system32\nrbnxftj.ini C:\WINDOWS\system32\odhtasqn.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\qbhrodcy.dll C:\WINDOWS\system32\qwkxbklm.ini C:\WINDOWS\system32\qXEOVvut.ini C:\WINDOWS\system32\qXEOVvut.ini2 C:\WINDOWS\system32\ryqjcjfk.ini C:\WINDOWS\system32\uqklcwxq.ini C:\WINDOWS\system32\whskquel.ini C:\WINDOWS\system32\xanebptj.ini C:\WINDOWS\system32\XIQWHkkj.ini C:\WINDOWS\system32\XIQWHkkj.ini2 C:\WINDOWS\system32\yasqkoci.dll C:\WINDOWS\time.exe C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSECURITY1.209.4 -------\Service_MsSecurity1.209.4 ((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))) . 2008-06-14 15:57 . 2008-06-14 15:57 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-14 14:02 . 2008-06-14 14:02 <DIR> d-------- C:\Deckard 2008-06-10 17:28 . 1980-08-16 20:00 24,576 --a------ C:\WINDOWS\system32\__c00D6C4E.dat 2008-06-10 17:28 . 1980-08-16 20:00 24,576 --a------ C:\WINDOWS\system32\__c00CD3E9.dat 2008-06-10 17:28 . 1980-08-16 20:00 24,576 --a------ C:\WINDOWS\system32\__c00A8DC6.dat 2008-06-10 17:28 . 1980-08-16 20:00 24,576 --a------ C:\WINDOWS\system32\__c007328E.dat 2008-06-10 17:28 . 2008-06-14 13:55 24,576 --a------ C:\WINDOWS\system32\__c0017490.dat 2008-06-10 15:31 . 2008-06-10 15:31 <DIR> d--hs---- C:\FOUND.000 2008-06-09 19:23 . 2008-06-09 19:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-09 19:13 . 2008-06-09 19:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-09 19:13 . 2008-06-09 19:13 <DIR> d-------- C:\Program Files\AVG 2008-06-09 19:13 . 2008-06-09 19:13 <DIR> d-------- C:\Documents and Settings\Me\Application Data\AVGTOOLBAR 2008-06-09 19:13 . 2008-06-09 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-09 19:13 . 2008-06-09 19:13 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-09 19:13 . 2008-06-09 19:13 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-09 19:13 . 2008-06-09 19:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-09 18:28 . 2008-06-09 18:28 37,888 --a------ C:\WINDOWS\system32\eqicnnyl.exe 2008-06-09 18:04 . 2008-06-09 18:04 37,888 --a------ C:\WINDOWS\system32\tnbkqgfp.exe 2008-06-07 16:45 . 2008-06-07 16:45 37,888 --a------ C:\WINDOWS\system32\nkdpkgtu.exe 2008-06-06 15:54 . 2008-06-06 15:54 37,888 --a------ C:\WINDOWS\system32\nitbotts.exe 2008-06-06 14:49 . 2004-10-10 19:30 1,688 --a------ C:\WINDOWS\system32\AUTOEXEC.NT 2008-06-04 18:38 . 2008-06-04 18:38 37,888 --a------ C:\WINDOWS\system32\pvildlem.exe 2008-06-04 17:55 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-04 17:55 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-04 17:55 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-04 17:55 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-04 17:55 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-04 17:55 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-04 17:55 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-04 17:55 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-04 17:55 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-04 17:44 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-06-04 16:54 . 2008-06-04 16:54 37,888 --a------ C:\WINDOWS\system32\vtefbxoi.exe 2008-05-29 18:42 . 2008-05-29 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\setapicom 2008-05-29 18:42 . 2008-05-29 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AplMsg 2008-05-29 14:48 . 2008-05-29 14:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-29 14:48 . 2008-05-29 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-29 14:42 . 2008-05-29 18:52 534 ---hs---- C:\WINDOWS\system32\ipppurvn.ini 2008-05-29 14:31 . 2008-05-29 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dscgen 2008-05-29 14:31 . 2008-05-29 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comwincfg 2008-05-27 13:33 . 2008-05-29 18:36 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Common Files\ądobe 2008-05-25 22:37 . 2008-05-25 22:37 <DIR> d-------- C:\Documents and Settings\Me\Application Data\uTorrent 2008-05-25 19:43 . 2008-06-10 17:58 113 --a------ C:\WINDOWS\BM1b42ff5d.xml 2008-05-25 19:34 . 2008-05-25 19:34 <DIR> d-------- C:\Program Files\uqyfkdd 2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\WINDOWS\system32\vntiho06 2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\lmnqbyjk 2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\enutil 2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\admshcmd 2008-05-25 19:32 . 2008-05-25 19:32 <DIR> d-------- C:\Program Files\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-27 17:22 --------- d-----w C:\Program Files\Common Files\?dobe 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2004-09-06 19:23 38 ----a-w C:\Documents and Settings\Me\Application Data\tvmcwrd.dll 2004-09-06 19:23 33 ----a-w C:\Documents and Settings\Me\Application Data\tvmuknwrd.dll 2004-09-06 01:54 216,097 ----a-w C:\Documents and Settings\Me\Application Data\tvmknwrd.dll 2002-02-16 17:27 764 ----a-w C:\Documents and Settings\Me\MCRNPEN.DAT 2002-02-16 17:27 756 ----a-w C:\Documents and Settings\Me\MCRYPEN.DAT 2002-02-16 17:27 41 ----a-w C:\Documents and Settings\Me\MCRWPEN.DAT 2002-02-16 17:27 23 ----a-w C:\Documents and Settings\Me\MCRPLAY.DAT 2002-02-16 17:27 1,039 ----a-w C:\Documents and Settings\Me\MCROPEN.DAT 2002-01-27 02:38 37,470 ----a-w C:\Program Files\Uninstal.exe 2002-01-10 20:07 0 ----a-w C:\Documents and Settings\Me\MCRREG.DAT 2000-01-08 15:57 139 ----a-w C:\Program Files\VS.VSN 1999-08-15 11:36 281,600 ----a-w C:\Program Files\cncs232.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7AEF0F-D0EA-46C3-8360-CBEC0FF49C0A}] C:\WINDOWS\system32\jkkHWQIX.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A12F6E7-94A9-4B2F-923C-C18A9AF765EB}] C:\WINDOWS\system32\cbXOExVM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8439F4-D24B-A5C1-1195-A08F02547A94}] C:\WINDOWS\system32\cfzxt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dee9670a-8e01-4821-b213-e2ee44553ee6}] C:\WINDOWS\system32\vjftetfu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFC79B80-1CCE-4C1B-913C-C58870718B29}] C:\WINDOWS\system32\urqoPjIc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "rasmxs"="C:\WINDOWS\System32\rasmxs.exe" [ ] "homwanco"="C:\WINDOWS\system32\lmxihufa.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpinstantsupport"="C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" [2003-02-22 12:47 26112] "kxshstjm"="C:\WINDOWS\System32\clvdwcp.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-02-05 12:38 143360] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-09 19:13 1177368] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2001-09-11 08:05:59 40960] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SrvHlpEn"= {74484990-E3F3-C5B3-053E-0606278A4A73} - C:\Program Files\uqyfkdd\SrvHlpEn.dll [2008-05-25 19:34 126976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rtutrxy] rtutrxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjKCr] tuvTjKCr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0017490] C:\WINDOWS\system32\__c0017490.dat 2008-06-14 13:55 24576 C:\WINDOWS\system32\__c0017490.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005C7FC] C:\WINDOWS\system32\__c005C7FC.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007328E] C:\WINDOWS\system32\__c007328E.dat 1980-08-16 20:00 24576 C:\WINDOWS\system32\__c007328E.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008EFAE] C:\WINDOWS\system32\__c008EFAE.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00A8DC6] C:\WINDOWS\system32\__c00A8DC6.dat 1980-08-16 20:00 24576 C:\WINDOWS\system32\__c00A8DC6.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= sonymjpg.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM95\\aim.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-09 19:13] R1 SonyFanC;FAN Control Device Service;C:\WINDOWS\system32\Drivers\SonyFanC.sys [2001-09-06 16:21] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-09 19:13] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-09 19:13] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-09 19:13] R2 V7;V7;C:\WINDOWS\system32\drivers\V7.sys [2000-03-09 11:24] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38] S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11] . Contents of the 'Scheduled Tasks' folder "2008-06-13 15:46:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 18:19:42 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\__c0017490.dat -> C:\WINDOWS\system32\__c007328E.dat -> C:\WINDOWS\system32\__c00A8DC6.dat -> C:\WINDOWS\System32\NavLogon.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-06-14 18:27:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-14 22:27:12 Pre-Run: 2,939,625,472 bytes free Post-Run: 2,835,681,280 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 278 --- E O F --- 2008-06-04 22:00:12 Hijack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:47:15 PM, on 6/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\internet explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7A7AEF0F-D0EA-46C3-8360-CBEC0FF49C0A} - C:\WINDOWS\system32\jkkHWQIX.dll (file missing) O2 - BHO: (no name) - {8A12F6E7-94A9-4B2F-923C-C18A9AF765EB} - C:\WINDOWS\system32\cbXOExVM.dll (file missing) O2 - BHO: (no name) - {9F8439F4-D24B-A5C1-1195-A08F02547A94} - C:\WINDOWS\system32\cfzxt.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: {6ee35544-ee2e-312b-1284-10e8a0769eed} - {dee9670a-8e01-4821-b213-e2ee44553ee6} - C:\WINDOWS\system32\vjftetfu.dll (file missing) O2 - BHO: (no name) - {EFC79B80-1CCE-4C1B-913C-C58870718B29} - C:\WINDOWS\system32\urqoPjIc.dll (file missing) O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot O4 - HKLM\..\Run: [kxshstjm] C:\WINDOWS\System32\clvdwcp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [rasmxs] C:\WINDOWS\System32\rasmxs.exe O4 - HKCU\..\Run: [homwanco] C:\WINDOWS\system32\lmxih |
