Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Network, good; Internet, bad
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post server not found
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Tag Cloud
access acer asus bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Yet another RUNDLL error message help required please!! (In Progress)

Page 1 of 3 1 23
Reply  
Thread Tools
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
29-Jul-2010, 05:56 AM #1
Yet another RUNDLL error message help required please!!
Hi all - first post here.

A couple of days ago, my PC picked up a virus - it was that horrible Antimal antivirus which kept throwing up fake virus alert messages.

Eventually I managed to start up in safe mode and that allowed me access to my control panel so I can deleted the .exe file which solved the problem. I've since ran CCleaner as a house tidy exercise, but now when I boot up I have a RUNDLL error message....

"Error loading dqlgp.dl
Could not be found"

Basically I'm looking to download a free fix for this, because it is causing my PC to run slower.

Any links would be appreciated.

Thanks,
Gary
Register for free to hide this ad!
Phantom010's Avatar
Computer Specs
Trusted Advisor with 25,017 posts.
  
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
29-Jul-2010, 11:04 AM #2
Your computer is most probably still infected. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
29-Jul-2010, 12:27 PM #3
Thanks Phantom
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,286 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
29-Jul-2010, 12:31 PM #4
Please go here to download HijackThis.
  • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
  • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
  • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
  • Click on the Save log button and save the log file to your desktop. Copy and paste the contents of the log in your post.
Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary..
__________________
Microsoft MVP - Consumer Security
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 05:02 AM #5
Thanks - log attached as requested.............

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:01:02, on 30/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Vly.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Sky-Banners Browser Enhancer dqlgp - {84E716D9-B950-4F71-AE21-355C230AD248} - C:\WINDOWS\system32\dqlgp.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pneyesumidini] rundll32.exe "C:\WINDOWS\utizewugowize.dll",Startup
O4 - HKLM\..\Run: [sta] rundll32 "dqlgp.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\qqlgp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [5DR8ZAD8GX] C:\DOCUME~1\Gary\LOCALS~1\Temp\Vly.exe
O4 - HKCU\..\Run: [Oqeyiyiniyetaso] rundll32.exe "C:\WINDOWS\oneramer.dll",Startup
O4 - HKCU\..\Run: [releaseversion70700.exe] C:\Documents and Settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\releaseversion70700.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CC8DC4E-3670-420D-AC38-8C0AE0B6FFDA}: NameServer = 93.188.162.121,93.188.161.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{D663766F-C670-40D0-B34A-E3C71B1A12C6}: NameServer = 93.188.162.121,93.188.161.211
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.121,93.188.161.211
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.121,93.188.161.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.121,93.188.161.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8442 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,286 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Jul-2010, 10:21 AM #6
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
__________________
Microsoft MVP - Consumer Security
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 12:02 PM #7
This link appears to be out of use? Tried several times to open the link including cutting the address etc and it wont open for me?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,286 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Jul-2010, 12:53 PM #8
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 02:43 PM #9
After download, clicking on the icon wasn't working (which is what I had the other day also) so I re-started in SAFE mode and carried out this - just in case it makes a difference?



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

30/07/2010 18:40:14
mbam-log-2010-07-30 (18-40-14).txt

Scan type: Quick scan
Objects scanned: 114055
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameS erver (Trojan.DNSChanger) -> Data: 93.188.162.121,93.188.161.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{7cc8dc4e-3670-420d-ac38-8c0ae0b6ffda}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.121,93.188.161.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{d663766f-c670-40d0-b34a-e3c71b1a12c6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.121,93.188.161.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{d663766f-c670-40d0-b34a-e3c71b1a12c6}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.121,93.188.161.211 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\0.04876999711618302.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,286 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
31-Jul-2010, 04:50 PM #10
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
__________________
Microsoft MVP - Consumer Security
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
01-Aug-2010, 12:22 PM #11
ComboFix 10-07-31.04 - Gary 01/08/2010 16:12:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2814.2457 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\puppy.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Q4y0N4x1.exe
c:\documents and settings\All Users\Application Data\Q4y0N4x1.exe_
c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe
c:\documents and settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA
c:\documents and settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\enemies-names.txt
c:\documents and settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\local.ini
c:\documents and settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\lsrslt.ini
c:\documents and settings\Gary\Application Data\Sky-Banners
c:\documents and settings\Gary\Local Settings\Application Data\{5C4A573A-299B-41D0-AF58-1D52C717E225}
c:\documents and settings\Gary\Local Settings\Application Data\{5C4A573A-299B-41D0-AF58-1D52C717E225}\chrome.manifest
c:\documents and settings\Gary\Local Settings\Application Data\{5C4A573A-299B-41D0-AF58-1D52C717E225}\chrome\content\_cfg.js
c:\documents and settings\Gary\Local Settings\Application Data\{5C4A573A-299B-41D0-AF58-1D52C717E225}\chrome\content\overlay.xul
c:\documents and settings\Gary\Local Settings\Application Data\{5C4A573A-299B-41D0-AF58-1D52C717E225}\install.rdf
c:\documents and settings\Gary\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Gary\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Gary\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\aduwesif.dll
c:\windows\ahoyudaf.dll
c:\windows\avutejedab.dll
c:\windows\ihoyudafawinaqa.dll
c:\windows\inacubuw.dll
c:\windows\oneramer.dll
c:\windows\oruzepufi.dll
c:\windows\owaceqoz.dll
c:\windows\system32\ernel32.dll
c:\windows\Tasks\At10.job
c:\windows\Tasks\At102.job
c:\windows\ufasamav.dll
c:\windows\utizewugowize.dll
c:\windows\uvulowadilak.dll
c:\windows\uwuwakevadazad.dll
D:\AUTORUN.INF

Code:
 <pre>
c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam .exe --->c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe --->c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe --->c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe --->c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\program files\Java\jre6\bin\jusched .exe --->c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe --->c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\QuickTime\qttask     .exe --->c:\program files\QuickTime\qttask.exe
</pre>
.
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-29 11:31 . 2010-07-29 11:31 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\ESET
2010-07-29 06:55 . 2010-07-29 06:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-28 17:48 . 2010-07-28 17:48 -------- d-----w- c:\program files\ESET
2010-07-28 17:48 . 2010-07-28 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-28 15:59 . 2010-07-28 15:59 -------- d-----w- c:\documents and settings\Gary\Application Data\Malwarebytes
2010-07-28 15:28 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 15:28 . 2010-07-28 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 15:28 . 2010-07-28 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-28 15:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 14:48 . 2010-07-28 14:48 -------- d-----w- C:\spoolerlogs
2010-07-27 20:13 . 2010-07-27 20:13 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-27 20:06 . 2010-07-28 16:31 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\ljyhbaith
2010-07-27 20:01 . 2010-07-27 20:01 -------- d-----w- c:\windows\system32\LogFiles
2010-07-21 07:57 . 2010-07-21 07:57 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 15:18 . 2010-03-29 11:45 -------- d-----w- c:\program files\QuickTime
2010-08-01 14:44 . 2010-07-30 20:17 112 ----a-w- c:\documents and settings\All Users\Application Data\0Y3g3X.dat
2010-07-31 12:36 . 2009-12-29 22:27 -------- d-----w- c:\documents and settings\Gary\Application Data\Skype
2010-07-31 12:35 . 2009-12-29 22:29 -------- d-----w- c:\documents and settings\Gary\Application Data\skypePM
2010-07-30 19:46 . 2009-12-21 10:22 -------- d-----w- c:\program files\NetWaiting
2010-07-30 19:46 . 2004-08-04 12:00 36868 ----a-w- c:\windows\system32\rundll32.exe.tmp
2010-07-29 05:04 . 2009-12-22 12:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-28 17:12 . 2009-12-26 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-27 20:02 . 2005-05-13 00:00 46592 ----a-w- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe
2010-07-27 20:02 . 2005-05-13 00:00 46592 ----a-w- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe
2010-07-14 23:04 . 2009-12-23 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-28 08:04 . 2010-03-31 07:03 439816 ----a-w- c:\documents and settings\Gary\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 14:46 . 2010-01-14 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-14 14:30 . 2009-12-21 00:01 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
Code:
<pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\NetWaiting\netWaiting .exe
c:\windows\system32\rundll32 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2010-07-30 33284]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]
"Oqeyiyiniyetaso"="c:\windows\oneramer.dll" [N/A]
"releaseversion70700.exe"="c:\documents and settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\releaseversion70700.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-03 149280]
"Pneyesumidini"="c:\windows\utizewugowize.dll" [N/A]
"sta"="dqlgp.dll" [N/A]
"MChk"="c:\windows\system32\qqlgp.exe" [N/A]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Gary\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-24 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/03/2010 17:12 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/03/2010 17:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/03/2010 17:12 810120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [22/12/2009 16:36 181792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 20:09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 22:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-01 c:\windows\Tasks\fb5eb8dc.job
- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe [2005-05-13 20:02]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 19:09]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 19:09]

2010-08-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\i7udulqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{84E716D9-B950-4F71-AE21-355C230AD248} - c:\windows\system32\dqlgp.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-Facebook Plug-In - c:\documents and settings\Gary\Application Data\Facebook\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 16:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-01 16:19:37
ComboFix-quarantined-files.txt 2010-08-01 15:19

Pre-Run: 133,323,956,224 bytes free
Post-Run: 133,644,472,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F10791D451397A708B61C706465E4B14
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
01-Aug-2010, 12:25 PM #12
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:49, on 01/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pneyesumidini] rundll32.exe "C:\WINDOWS\utizewugowize.dll",Startup
O4 - HKLM\..\Run: [sta] rundll32 "dqlgp.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\qqlgp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Oqeyiyiniyetaso] rundll32.exe "C:\WINDOWS\oneramer.dll",Startup
O4 - HKCU\..\Run: [releaseversion70700.exe] C:\Documents and Settings\Gary\Application Data\7AA8EE3D52D7EDC83A862C097755E9FA\releaseversion70700.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.121,93.188.161.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7120 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,286 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Aug-2010, 08:25 PM #13
In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5543 then uncheck "Use a proxy server for your LAN" and check "Automatically detect settings".

Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\documents and settings\All Users\Application Data\0Y3g3X.dat
C:\windows\system32\rundll32.exe.tmp

Folder::
c:\documents and settings\Gary\Local Settings\Application Data\ljyhbaith

RenV::
c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam .exe --->c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe --->c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe --->c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe --->c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\program files\Java\jre6\bin\jusched .exe --->c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe --->c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\QuickTime\qttask     .exe --->c:\program files\QuickTime\qttask.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oqeyiyiniyetaso"=-
"releaseversion70700.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pneyesumidini"=-
"sta"=-
"MChk"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Also, please do this:

Please go to the link below and upload the following file(s) for analysis and post the results please:

http://virusscan.jotti.org/

c:\documents and settings\Gary\Application Data\fb5eb8dc.exe
__________________
Microsoft MVP - Consumer Security
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
03-Aug-2010, 04:03 PM #14
ComboFix 10-07-31.04 - Gary 03/08/2010 19:49:42.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2814.2372 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Gary\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\All Users\Application Data\0Y3g3X.dat"
"c:\windows\system32\rundll32.exe.tmp"
.
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\0Y3g3X.dat
c:\documents and settings\Gary\Local Settings\Application Data\ljyhbaith
c:\windows\system32\ernel32.dll
c:\windows\system32\rundll32.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-01 14:57 . 2010-08-01 15:19 -------- d-----w- C:\puppy
2010-07-29 11:31 . 2010-07-29 11:31 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\ESET
2010-07-29 06:55 . 2010-07-29 06:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-28 17:48 . 2010-07-28 17:48 -------- d-----w- c:\program files\ESET
2010-07-28 17:48 . 2010-07-28 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-28 15:59 . 2010-07-28 15:59 -------- d-----w- c:\documents and settings\Gary\Application Data\Malwarebytes
2010-07-28 15:28 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 15:28 . 2010-07-28 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 15:28 . 2010-07-28 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-28 15:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 14:48 . 2010-07-28 14:48 -------- d-----w- C:\spoolerlogs
2010-07-27 20:13 . 2010-07-27 20:13 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-27 20:01 . 2010-07-27 20:01 -------- d-----w- c:\windows\system32\LogFiles
2010-07-21 07:57 . 2010-07-21 07:57 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 15:18 . 2010-03-29 11:45 -------- d-----w- c:\program files\QuickTime
2010-07-31 12:36 . 2009-12-29 22:27 -------- d-----w- c:\documents and settings\Gary\Application Data\Skype
2010-07-31 12:35 . 2009-12-29 22:29 -------- d-----w- c:\documents and settings\Gary\Application Data\skypePM
2010-07-30 19:46 . 2009-12-21 10:22 -------- d-----w- c:\program files\NetWaiting
2010-07-29 05:04 . 2009-12-22 12:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-28 17:12 . 2009-12-26 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-27 20:02 . 2005-05-13 00:00 46592 ----a-w- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe
2010-07-27 20:02 . 2005-05-13 00:00 46592 ----a-w- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe
2010-07-14 23:04 . 2009-12-23 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-28 08:04 . 2010-03-31 07:03 439816 ----a-w- c:\documents and settings\Gary\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 14:46 . 2010-01-14 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-14 14:30 . 2009-12-21 00:01 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
Code:
<pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\NetWaiting\netWaiting .exe
c:\windows\system32\rundll32 .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-08-01_15.18.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 16:54 . 2010-08-03 16:54 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
+ 2004-08-13 00:00 . 2004-08-13 00:00 46592 c:\windows\system32\spool\prtprocs\w32x86\qGMY17.dll
+ 2004-08-04 12:00 . 2010-08-01 15:28 41348 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-07-28 17:19 41348 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-01 15:28 315252 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-07-28 17:19 315252 c:\windows\system32\perfh009.dat
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\347827.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2010-07-30 33284]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-03 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Gary\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-24 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/03/2010 17:12 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/03/2010 17:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/03/2010 17:12 810120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [22/12/2009 16:36 181792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 20:09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 22:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-03 c:\windows\Tasks\fb5eb8dc.job
- c:\documents and settings\Gary\Application Data\fb5eb8dc.exe [2005-05-13 20:02]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 19:09]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 19:09]

2010-08-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\i7udulqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 19:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-03 20:00:19
ComboFix-quarantined-files.txt 2010-08-03 19:00
ComboFix2.txt 2010-08-01 15:19

Pre-Run: 133,641,838,592 bytes free
Post-Run: 133,642,805,248 bytes free

- - End Of File - - F97DC5486EFDE072C237B57C09804247
GSW's Avatar
GSW GSW is offline
Computer Specs
Junior Member with 25 posts.
  
Join Date: Jul 2010
Experience: Intermediate
03-Aug-2010, 04:07 PM #15
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:06:49, on 03/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.121,93.188.161.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7097 bytes
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Rundll error - buwhtje.dll ACCA Virus & Other Malware Removal 5 02-Aug-2010 05:02 AM
Solved: Yet ANOTHER Windows Movie Maker Problem danielbier8 Multimedia 2 16-Nov-2009 01:32 AM
AHH! Another horrid error message! help please? jaccqullynn Windows XP 2 17-Mar-2009 06:49 AM
another Rundll error message goldenoldie Virus & Other Malware Removal 0 25-Jul-2008 09:23 PM
yet another Windows error message meggiemagoo Windows XP 1 02-Jul-2008 05:00 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 09:10 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.