[coolnan]

the dr watson debugger error pops up and need to send the report to the microsoft site, and also my windows security alert pop up with update is off and firewall is off. plus if i click on some folder example, my computer or any document of programs it will then hang/crash but when i try to end task the drwatson exe it ok again but the only thing is i cant click a single thing again if i do so the comp will than hang/crash again.

these happens in my dad's user account only and also new account that i have created.
but nvr affected my account.

please anyone please help been searching for lots of guides but until hijackthis i dont dare to remove anything yet need assistants thank you.

this is my hijack list can any pro here help me check what shall i remove in order to get my comp fixed
i have run other antivirus scan and also adware malware software scan too. but just need some guide here which is safe to remove. thank you.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:06 AM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Windows\system32\NUAGOVBIP.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\wnl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tommy\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NTZFNUZGN - {79268C87-954A-4A04-9BA6-805D7B12BD38} - C:\WINDOWS\system32\QWDKSZFLSZ.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBOX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WNL Pro] C:\WINDOWS\wnl.exe
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te265/fyf
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tommy\Start Menu\Programs\IMVU\Run IMVU.lnk
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.metastream.com/MTSInstal...MetaStream3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {E36BEEF0-E18D-4FCB-9AD4-F9A643232027} - http://down.spykeep.com/down/spykeepatx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: winoperaWeb (operaWeb) - Unknown owner - C:\Windows\system32\NUAGOVBIP.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe

 

[Glaswegian]

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Uninstall List
Please create a uninstall list:

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Open Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from the notebook into your next post

Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware.



Disable Webroot SpySweeper
Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable Webroot SpySweeper:

• Click on Options> then Program tab
• Uncheck Load at Windows Startup
• Click Shields on the left.
• Click Web Browser and uncheck all items.
• Click Startup Programs and uncheck all items.
• Exit Spysweeper.

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button

• Locate the service - winoperaWeb
• Double-click on it to open the Properties dialog.
  • Under the General tab, Stop the service by using the Stop button.
• Change the Startup type to Disabled & then click on the OK button

• Then start HiJackThis & go to Config > Misc.Tools...> Delete an NT service...
• In the popup box that appears, copy/paste operaWeb and then click on the OK button

.




Reboot
Reboot your system in Safe Mode.

• Restart the computer. The computer begins processing a set of instructions known as BIOS.
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
• Instead of Windows loading as normal, a menu should appear
• Use the arrow key to highlight Safe Mode and press Enter.

HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (if they still exist) (make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: NTZFNUZGN - {79268C87-954A-4A04-9BA6-805D7B12BD38} - C:\WINDOWS\system32\QWDKSZFLSZ.DLL
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [WNL Pro] C:\WINDOWS\wnl.exe
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te265/fyf
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.metastream.com/MTS...etaStream3.cab
O16 - DPF: {E36BEEF0-E18D-4FCB-9AD4-F9A643232027} - http://down.spykeep.com/down/spykeepatx.cab

Please remember to close all other windows, including browsers then click Fix checked.



File Deletions
Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\system32\QWDKSZFLSZ.DLL
C:\WINDOWS\system32\spoolsv\spoolsv.exe <- - This filename from THIS location ONLY
C:\WINDOWS\system32\res.exe
C:\WINDOWS\wnl.exe
C:\WINDOWS\system\Mvvp.dll
] D;]XJOEPXT]ufnq]te265/fyf <- - Try and search for this file as best you can – use several different characters from those listed – I have no idea what this file is actually named




Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.




Run AVG Anti Spyware
Run AVG with it's updated definitions...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

NOTE: AVG scan may require an hour.



Reboot
Reboot your system in Normal Mode.



Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on
   located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on
  then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan



Logs required
AVG Log
Panda Log
HijackThis Log

Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

 

[coolnan]

ray: ray: ray:

thanks for the instruction but i have follow the instruction for tomcoyote.org help too but anyway i solves the problem using combofix and CleanUp! thanks to the both sites and i also have deleted the files that u pin point here and here is my combofix log

"Tommy" - 07-01-30 7:39:58 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Tommy\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\32F77AC0.094
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\WINDOWS\system32\QWDKSZFLSZ.DLL
\Windows\System32\QWDKSZFLSZ.DLL
c:\command.com
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\guid.vxd
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\scia.dll
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\DOCUME~1\Tommy\Application Data\Macromedia\Flash Player\#SharedObjects\GRBT64WW\www.inter-focus.cn
C:\DOCUME~1\Tommy\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper
C:\Program Files\Common Files\Updat
C:\WINDOWS\system32\1116
C:\WINDOWS\system32\mscache
C:\WINDOWS\system32\spoolsv
C:\WINDOWS\system32\winup
C:\\WINDOWS\system32\drivers\jqdbag31.sys
C:\WINDOWS\system32\drivers\lsxsvjs.sys
C:\WINDOWS\system32\lsxsvjs.dll
C:\WINDOWS\system32\drivers\rt_jln.sys
C:\WINDOWS\system32\rt_jln.dll
C:\WINDOWS\system32\msicn


((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


2007-01-30 07:43 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-30 07:42 <DIR> d-------- C:\WINDOWS\system32\spoolsv
2007-01-30 07:42 <DIR> d-------- C:\WINDOWS\system32\1116
2007-01-29 23:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-29 18:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Webroot
2007-01-29 11:15 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-01-29 07:26 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-29 07:26 <DIR> d-------- C:\Program Files\Grisoft
2007-01-29 06:26 <DIR> d-------- C:\DOCUME~1\Dad\Application Data\Lavasoft
2007-01-29 03:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-29 02:29 <DIR> d-------- C:\Program Files\RegScrubXP
2007-01-28 07:38 <DIR> d-------- C:\Program Files\Webroot
2007-01-28 07:38 <DIR> d-------- C:\DOCUME~1\Tommy\Application Data\Webroot
2007-01-28 07:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-28 07:14 <DIR> d-------- C:\DOCUME~1\Tommy\Application Data\Lavasoft
2007-01-28 00:32 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-28 00:32 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-28 00:32 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-28 00:32 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-28 00:32 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-28 00:31 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-28 00:31 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-28 00:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-27 18:10 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-27 18:06 <DIR> d-------- C:\DOCUME~1\Tommy\.housecall6.6
2007-01-27 10:29 <DIR> d-------- C:\DOCUME~1\Dad\Application Data\MEGAUPLOADTOOLBAR
2007-01-26 01:44 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-01-26 01:44 <DIR> d-------- C:\DOCUME~1\Tommy\Application Data\MegauploadToolbar
2007-01-25 08:01 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2007-01-25 08:01 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2007-01-25 08:01 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2007-01-25 08:01 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2007-01-25 08:01 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2007-01-25 08:01 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-01-25 08:01 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-01-25 08:01 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-01-25 08:01 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-01-25 08:01 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2007-01-25 08:01 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-01-25 08:01 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-01-25 08:01 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2007-01-25 08:01 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-01-25 07:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-25 02:54 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-25 02:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-24 04:07 53,248 --a------ C:\WINDOWS\rmvpeye.exe
2007-01-24 04:07 102,400 --a------ C:\WINDOWS\mmvem.exe
2007-01-24 04:07 102,400 --a------ C:\WINDOWS\japi.dll
2007-01-23 08:31 57,344 --a------ C:\WINDOWS\system32\VFWUI.dll
2007-01-23 08:31 123,052 --a------ C:\WINDOWS\system32\drivers\pfc027.sys
2007-01-22 05:42 69 --a------ C:\WINDOWS\system32\LRWCKQXD.DLL
2007-01-22 05:42 36 --a------ C:\WINDOWS\system32\QVCHPWDIP.DLL
2007-01-22 05:42 1,297 --a------ C:\WINDOWS\system32\iP1kP0w7.dll
2007-01-15 18:05 134,878 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-01-08 19:39 11,776 --a------ C:\WINDOWS\system\Mvvp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-30 00:09 -------- d-------- C:\Program Files\spyware doctor
2007-01-30 00:08 -------- d-------- C:\Program Files\msn messenger
2007-01-30 00:08 -------- d-------- C:\Program Files\itunes
2007-01-29 11:12 -------- d-------- C:\Program Files\k-lite
2007-01-28 22:43 -------- d--h----- C:\Program Files\installshield installation information
2007-01-28 22:20 -------- d-------- C:\Documents and Settings\Tommy\Application Data\adobe
2007-01-28 07:38 -------- d-------- C:\Documents and Settings\Tommy\Application Data\webroot
2007-01-28 07:14 -------- d-------- C:\Documents and Settings\Tommy\Application Data\lavasoft
2007-01-28 00:08 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-28 00:00 -------- d-------- C:\Program Files\norton antivirus
2007-01-26 04:32 -------- d-------- C:\Documents and Settings\Tommy\Application Data\megauploadtoolbar
2007-01-25 18:32 -------- d-------- C:\Program Files\regsupreme
2007-01-25 08:01 -------- d-------- C:\Program Files\Common Files\logitech
2007-01-24 17:58 -------- d-------- C:\Program Files\yahoo!
2007-01-24 03:35 9744 --a------ C:\Documents and Settings\Tommy\Application Data\catspy.log
2007-01-23 05:32 -------- d-------- C:\Program Files\vimicro
2007-01-19 14:57 180224 --a------ C:\WINDOWS\system32\wmpdrm.dll
2006-12-21 14:08 -------- d-------- C:\Program Files\java
2006-12-13 00:48 -------- d-------- C:\Program Files\njstar communicator
2006-12-07 13:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 13:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"MPTBox"="C:\\PROGRA~1\\Canon\\MULTIP~1\\MPTBOX.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"dfsf"="RUNDLL32.EXE C:\\WINDOWS\\system\\Mvvp.dll,DImmcv"
"spoolsv"="C:\\WINDOWS\\system32\\spoolsv\\spoolsv.exe -printer"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"qvmn_p"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,72,75,6e,64,6c,6c,33,32,2e,65,78,65,20,25,73,79,73,74,65,6d,72,6f,6f,74,\
25,5c,73,79,73,74,65,6d,33,32,5c,71,76,6d,6e,5f,70,2e,64,6c,6c,2c,52,75,6e,\
00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"spoolsv"="C:\\WINDOWS\\system32\\spoolsv\\spoolsv.exe -printer"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"res"="c:\\windows\\system32\\res.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{35a88e51-b53d-43e9-b8a7-75d4c31b4676}"="Register LogWare"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech


Completion time: 07-01-30 8:21:57

 

[Glaswegian]

Hi

I've just found out that you are also being helped here

http://forums.tomcoyote.org/index.php?showtopic=75500&hl=

so I will take this no further.

Please don't cross post at more than one forum - it's simply a waste of time and resources - mine, yours and the other helper's. Not to mention confusing as things would disappear from your log and I would be left wondering what had happened.

I'll now close this thread.