1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MSN Messenger Virus

Discussion in 'Virus & Other Malware Removal' started by OopsAutumn, Apr 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    A couple of days ago I was talking with some friends and one of my friends sends me a link asking if this was me. Suspecting it was a virus I hesitated but overcome with temptation I eventually clicked on it and downloaded the "picture". The file was saved to my documents but I soon deleted because it could not be opened. It caused problems for messenger and sent the same link to couple other people. I managed to log in soon after that but every once in a while it would say someone else was trying to log in through a different computer. I also get random pop ups and many websites will not open up for me. Yahoo and Google search to name a few. Some programs would also close by themselves and my mouse would freeze frequently. Some slowed responses by the computer is also worrying me. I'm unsure if it really is a virus but some of these things lead me to think so. I've tried many things to be sure but it doesn't seem to be working. Anyone know what to do?
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Please click Here to download HijackThis to your desktop.

    Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

    It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

    A shortcut to the application will also be placed on your Desktop.

    The program will open automatically after installation.

    You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

    Close all other windows except HijackThis.

    Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

    Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:51:16 PM, on 4/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\wltray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Nurian\PSH2.0\PSH2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\msn.com
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [ServiceHome] C:\Program Files\Nurian\PSH2.0\PSH2.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows live Messenger] msn.com
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BM2835007b] Rundll32.exe "C:\WINDOWS\system32\oqdjfjxf.dll",s
    O4 - HKLM\..\Run: [2b0633e7] rundll32.exe "C:\WINDOWS\system32\tyenlnch.dll",b
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: FlashSprite - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160754994015
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 11578 bytes

    Thanks for the help
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
    5. Please attach extra.txt to your post.
    To attach a file to a new post, simply
    1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
    2. copy and paste the following into the "Upload File from your Computer" box:
      C:\Deckard\System Scanner\extra.txt
    3. Click Upload.
    What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
     
  5. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Deckard's System Scanner v20071014.68
    Run by HP_Administrator on 2008-04-13 00:13:19
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as HP_Administrator.exe) ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:22 AM, on 4/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\wltray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\msn.com
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\HP_Administrator\My Documents\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ukiwehpu.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {B2CBBD3F-0096-48FE-B667-B3C8E7E691E6} - C:\WINDOWS\system32\efcDUoPI.dll
    O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\opnkliFv.dll
    O2 - BHO: {ffb8b002-fcc0-412a-19b4-8636fb8eea7d} - {d7aee8bf-6368-4b91-a214-0ccf200b8bff} - C:\WINDOWS\system32\ijeupett.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [ServiceHome] C:\Program Files\Nurian\PSH2.0\PSH2.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows live Messenger] msn.com
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BM2835007b] Rundll32.exe "C:\WINDOWS\system32\oqdjfjxf.dll",s
    O4 - HKLM\..\Run: [2b0633e7] rundll32.exe "C:\WINDOWS\system32\tyenlnch.dll",b
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: FlashSprite - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160754994015
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: opnkliFv - C:\WINDOWS\SYSTEM32\opnkliFv.dll
    O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 12639 bytes

    -- Files created between 2008-03-13 and 2008-04-13 -----------------------------

    2080-04-10 22:51:54 274977 --ahs---- C:\WINDOWS\system32\IPoUDcfe.ini2
    2080-04-10 22:51:52 272896 --a------ C:\WINDOWS\system32\efcDUoPI.dll
    2080-04-10 22:47:19 38400 --a------ C:\WINDOWS\system32\jkkHAtro.dll
    2008-04-12 22:51:10 0 d-------- C:\Program Files\Trend Micro
    2008-04-12 20:30:31 86592 --a------ C:\WINDOWS\system32\tyenlnch.dll
    2008-04-12 20:24:31 92736 --a------ C:\WINDOWS\system32\ijeupett.dll
    2008-04-12 20:21:31 3648 --a------ C:\WINDOWS\system32\nqbvxqav.dll
    2008-04-12 20:18:31 94272 --a------ C:\WINDOWS\system32\oqdjfjxf.dll
    2008-04-12 20:15:31 53312 --a------ C:\WINDOWS\system32\ukiwehpu.dll
    2008-04-12 20:09:49 37888 --a------ C:\WINDOWS\system32\geBrSmmn.dll
    2008-04-12 19:23:15 0 d-------- C:\Program Files\Netcom3 Cleaner
    2008-04-12 19:22:05 0 d-------- C:\WINDOWS\pss
    2008-04-12 18:38:19 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-04-12 18:19:50 0 d-------- C:\MSNCleaner
    2008-04-12 18:10:42 0 d-------- C:\bintheredunthat
    2008-04-12 15:05:47 92736 --a------ C:\WINDOWS\system32\paoolaeq.dll
    2008-04-12 15:02:47 86592 -----n--- C:\WINDOWS\system32\uqdvxxti.dll
    2008-04-12 14:56:47 3648 --a------ C:\WINDOWS\system32\twnrlmhn.dll
    2008-04-12 14:53:47 53312 --a------ C:\WINDOWS\system32\busuujyx.dll
    2008-04-12 14:50:47 94272 --a------ C:\WINDOWS\system32\gqcmkujh.dll
    2008-04-12 14:43:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
    2008-04-12 14:41:11 3648 --a------ C:\WINDOWS\system32\fgrbqrwu.dll
    2008-04-12 14:41:05 94272 --a------ C:\WINDOWS\system32\xsqcpcsa.dll
    2008-04-12 14:41:00 53312 --a------ C:\WINDOWS\system32\sgofgbfh.dll
    2008-04-12 14:38:00 92736 --a------ C:\WINDOWS\system32\jjwfynhc.dll
    2008-04-12 14:29:34 3648 --a------ C:\WINDOWS\system32\yhxhyioc.dll
    2008-04-12 14:26:35 94272 --a------ C:\WINDOWS\system32\mvqkwwvl.dll
    2008-04-12 14:23:38 53312 --a------ C:\WINDOWS\system32\havaonmf.dll
    2008-04-12 14:00:51 50164 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-12 13:44:35 92736 --a------ C:\WINDOWS\system32\sxhhpsvl.dll
    2008-04-12 13:38:35 3648 --a------ C:\WINDOWS\system32\yjrpoqeb.dll
    2008-04-12 13:35:35 94272 --a------ C:\WINDOWS\system32\qiseeyfu.dll
    2008-04-12 13:32:36 53312 --a------ C:\WINDOWS\system32\xedxiiwc.dll
    2008-04-12 13:03:11 92736 --a------ C:\WINDOWS\system32\viaxlpwt.dll
    2008-04-12 13:00:04 3648 --a------ C:\WINDOWS\system32\vubmweuv.dll
    2008-04-12 12:57:17 94272 --a------ C:\WINDOWS\system32\kgnrrisa.dll
    2008-04-12 12:57:07 53312 --a------ C:\WINDOWS\system32\jabescsm.dll
    2008-04-12 09:26:12 39936 --a------ C:\WINDOWS\system32\geButTmk.dll
    2008-04-12 02:12:52 39936 --a------ C:\WINDOWS\system32\vtUnkhFw.dll
    2008-04-12 01:49:41 39936 --a------ C:\WINDOWS\system32\byXQIBtt.dll
    2008-04-12 01:21:18 39936 --a------ C:\WINDOWS\system32\geBqQIAQ.dll
    2008-04-12 00:10:40 38400 --a------ C:\WINDOWS\system32\byXOihFU.dll
    2008-04-11 23:18:15 38400 --a------ C:\WINDOWS\system32\hgGyvvuS.dll
    2008-04-11 22:55:08 38400 --a------ C:\WINDOWS\system32\qoMfeEuR.dll
    2008-04-11 22:38:26 38400 --a------ C:\WINDOWS\system32\efcBuuro.dll
    2008-04-11 21:44:45 38400 --a------ C:\WINDOWS\system32\efcDVOHA.dll
    2008-04-11 21:17:08 38400 --a------ C:\WINDOWS\system32\khfDtTjI.dll
    2008-04-11 17:52:34 90176 --a------ C:\WINDOWS\system32\hforvovw.dll
    2008-04-11 17:49:34 3648 --a------ C:\WINDOWS\system32\xmlyduxj.dll
    2008-04-11 17:46:34 53312 --a------ C:\WINDOWS\system32\bhekdvyo.dll
    2008-04-11 17:45:07 94784 --a------ C:\WINDOWS\system32\vncyuyup.dll
    2008-03-22 20:16:48 0 d-------- C:\Program Files\Safari
    2008-03-22 11:56:27 0 d-------- C:\Program Files\DNA
    2008-03-22 11:56:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA


    -- Find3M Report ---------------------------------------------------------------

    2008-04-12 17:28:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
    2008-04-12 14:35:58 3648 --a------ C:\WINDOWS\system32\cbqkjowk.dll
    2008-04-10 22:42:30 39424 -r-hs---- C:\WINDOWS\msn.com
    2008-04-10 19:18:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
    2008-04-01 12:09:54 0 d-------- C:\Program Files\DivX
    2008-03-23 02:26:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
    2008-03-17 08:16:27 0 d-------- C:\Program Files\Panasonic
    2008-03-15 19:59:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
    2008-03-15 15:25:03 0 d-------- C:\Program Files\iTunes
    2008-03-15 15:24:46 0 d-------- C:\Program Files\iPod
    2008-03-15 15:23:29 0 d-------- C:\Program Files\QuickTime
    2008-03-10 22:47:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mIRC
    2008-03-10 19:08:07 0 d-------- C:\Program Files\mIRC
    2008-03-09 15:16:51 0 d-------- C:\Program Files\Java
    2008-03-05 22:05:37 0 d-------- C:\Program Files\StepMania
    2008-03-04 11:10:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-04 09:57:52 0 d-------- C:\Program Files\HydraIRC
    2008-03-03 20:28:48 0 d-------- C:\Program Files\Windows Live
    2008-03-03 20:27:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-03 20:27:34 0 d-------- C:\Program Files\Common Files
    2008-02-21 22:20:02 0 d-------- C:\Program Files\Nurian
    2008-02-21 22:20:01 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-21 22:19:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
    2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-20 21:18:26 0 d-------- C:\Program Files\SopCast
    2008-02-20 18:41:22 0 d-------- C:\Program Files\LimeWire


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
    04/12/2008 08:15 PM 53312 --a------ C:\WINDOWS\system32\ukiwehpu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2CBBD3F-0096-48FE-B667-B3C8E7E691E6}]
    04/10/2080 10:51 PM 272896 --a------ C:\WINDOWS\system32\efcDUoPI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82F29E4-8368-4B14-9C00-5138C0D94034}]
    04/10/1980 10:42 PM 38400 --a------ C:\WINDOWS\system32\opnkliFv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7aee8bf-6368-4b91-a214-0ccf200b8bff}]
    04/12/2008 08:24 PM 92736 --a------ C:\WINDOWS\system32\ijeupett.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 10:01 PM]
    "RTHDCPL"="RTHDCPL.EXE" [03/08/2006 05:54 AM C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 12:19 AM C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 08:15 PM]
    "nwiz"="nwiz.exe" [01/24/2006 08:15 PM C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 10:05 AM]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 11:14 PM]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 11:34 PM]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 07:18 PM]
    "wltray.exe"="C:\WINDOWS\system32\wltray.exe" [06/08/2005 05:32 PM]
    "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 09:00 AM]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]
    "imekrmig"="C:\IME\IMKR\imekrmig.exe" [01/09/2001 12:01 PM]
    "ServiceHome"="C:\Program Files\Nurian\PSH2.0\PSH2.exe" [11/17/2007 02:42 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
    "Windows live Messenger"="msn.com" [04/10/2008 10:42 PM C:\WINDOWS\msn.com]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
    "BM2835007b"="C:\WINDOWS\system32\oqdjfjxf.dll" [04/12/2008 08:18 PM]
    "2b0633e7"="C:\WINDOWS\system32\tyenlnch.dll" [04/12/2008 08:30 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/08/2007 12:01 AM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 10:00 PM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/23/2007 12:43 PM]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/11/2008 05:44 PM]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
    "SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [03/11/2008 10:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/23/2006 9:47:50 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B82F29E4-8368-4B14-9C00-5138C0D94034}"= C:\WINDOWS\system32\opnkliFv.dll [04/10/1980 10:42 PM 38400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkliFv]
    opnkliFv.dll 04/10/1980 10:42 PM 38400 C:\WINDOWS\system32\opnkliFv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcDUoPI


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f96dd5-55ef-11db-962e-806d6172696f}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




    -- End of Deckard's System Scanner: finished at 2008-04-13 00:14:01 ------------
     

    Attached Files:

  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download the attached file oops.zip, unzip/extract oops.reg to your Desktop. Proceed with the rest of my instructions, do not double-click on oops.reg yet!!!!!



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\IPoUDcfe.ini2
      C:\WINDOWS\system32\efcDUoPI.dll
      C:\WINDOWS\system32\jkkHAtro.dll
      C:\WINDOWS\system32\tyenlnch.dll
      C:\WINDOWS\system32\ijeupett.dll
      C:\WINDOWS\system32\nqbvxqav.dll
      C:\WINDOWS\system32\oqdjfjxf.dll
      C:\WINDOWS\system32\ukiwehpu.dll
      C:\WINDOWS\system32\geBrSmmn.dll
      C:\WINDOWS\system32\d3d8caps.dat
      C:\WINDOWS\system32\paoolaeq.dll
      C:\WINDOWS\system32\uqdvxxti.dll
      C:\WINDOWS\system32\twnrlmhn.dll
      C:\WINDOWS\system32\busuujyx.dll
      C:\WINDOWS\system32\gqcmkujh.dll
      C:\WINDOWS\system32\fgrbqrwu.dll
      C:\WINDOWS\system32\xsqcpcsa.dll
      C:\WINDOWS\system32\sgofgbfh.dll
      C:\WINDOWS\system32\jjwfynhc.dll
      C:\WINDOWS\system32\yhxhyioc.dll
      C:\WINDOWS\system32\mvqkwwvl.dll
      C:\WINDOWS\system32\havaonmf.dll
      C:\WINDOWS\system32\sxhhpsvl.dll
      C:\WINDOWS\system32\yjrpoqeb.dll
      C:\WINDOWS\system32\qiseeyfu.dll
      C:\WINDOWS\system32\xedxiiwc.dll
      C:\WINDOWS\system32\viaxlpwt.dll
      C:\WINDOWS\system32\vubmweuv.dll
      C:\WINDOWS\system32\kgnrrisa.dll
      C:\WINDOWS\system32\jabescsm.dll
      C:\WINDOWS\system32\geButTmk.dll
      C:\WINDOWS\system32\vtUnkhFw.dll
      C:\WINDOWS\system32\byXQIBtt.dll
      C:\WINDOWS\system32\geBqQIAQ.dll
      C:\WINDOWS\system32\byXOihFU.dll
      C:\WINDOWS\system32\hgGyvvuS.dll
      C:\WINDOWS\system32\qoMfeEuR.dll
      C:\WINDOWS\system32\efcBuuro.dll
      C:\WINDOWS\system32\efcDVOHA.dll
      C:\WINDOWS\system32\khfDtTjI.dll
      C:\WINDOWS\system32\hforvovw.dll
      C:\WINDOWS\system32\xmlyduxj.dll
      C:\WINDOWS\system32\bhekdvyo.dll
      C:\WINDOWS\system32\vncyuyup.dll
      C:\WINDOWS\system32\cbqkjowk.dll
      C:\WINDOWS\msn.com

    • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. [/list]


    ==================================


    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:


    O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ukiwehpu.dll
    O2 - BHO: (no name) - {B2CBBD3F-0096-48FE-B667-B3C8E7E691E6} - C:\WINDOWS\system32\efcDUoPI.dll
    O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\opnkliFv.dll
    O2 - BHO: {ffb8b002-fcc0-412a-19b4-8636fb8eea7d} - {d7aee8bf-6368-4b91-a214-0ccf200b8bff} - C:\WINDOWS\system32\ijeupett.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [Windows live Messenger] msn.com
    O4 - HKLM\..\Run: [BM2835007b] Rundll32.exe "C:\WINDOWS\system32\oqdjfjxf.dll",s
    O4 - HKLM\..\Run: [2b0633e7] rundll32.exe "C:\WINDOWS\system32\tyenlnch.dll",b
    O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
    O20 - Winlogon Notify: opnkliFv - C:\WINDOWS\SYSTEM32\opnkliFv.dll
    O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - (no file)


    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."


    ===================================


    Double-Click on oops.reg and allow it to be merged into Windows Registry.. Then... Reboot your computer.....




    =====================================


    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
     

    Attached Files:

    • oops.zip
      File size:
      494 bytes
      Views:
      11
  7. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    C:\WINDOWS\system32\IPoUDcfe.ini2 moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDUoPI.dll
    C:\WINDOWS\system32\efcDUoPI.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\efcDUoPI.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkHAtro.dll
    C:\WINDOWS\system32\jkkHAtro.dll NOT unregistered.
    C:\WINDOWS\system32\jkkHAtro.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\tyenlnch.dll
    C:\WINDOWS\system32\tyenlnch.dll NOT unregistered.
    C:\WINDOWS\system32\tyenlnch.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ijeupett.dll
    C:\WINDOWS\system32\ijeupett.dll NOT unregistered.
    C:\WINDOWS\system32\ijeupett.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\nqbvxqav.dll
    C:\WINDOWS\system32\nqbvxqav.dll NOT unregistered.
    C:\WINDOWS\system32\nqbvxqav.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\oqdjfjxf.dll
    C:\WINDOWS\system32\oqdjfjxf.dll NOT unregistered.
    C:\WINDOWS\system32\oqdjfjxf.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ukiwehpu.dll
    C:\WINDOWS\system32\ukiwehpu.dll NOT unregistered.
    C:\WINDOWS\system32\ukiwehpu.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\geBrSmmn.dll
    C:\WINDOWS\system32\geBrSmmn.dll NOT unregistered.
    C:\WINDOWS\system32\geBrSmmn.dll moved successfully.
    C:\WINDOWS\system32\d3d8caps.dat moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\paoolaeq.dll
    C:\WINDOWS\system32\paoolaeq.dll NOT unregistered.
    C:\WINDOWS\system32\paoolaeq.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\uqdvxxti.dll
    C:\WINDOWS\system32\uqdvxxti.dll NOT unregistered.
    C:\WINDOWS\system32\uqdvxxti.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\twnrlmhn.dll
    C:\WINDOWS\system32\twnrlmhn.dll NOT unregistered.
    C:\WINDOWS\system32\twnrlmhn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\busuujyx.dll
    C:\WINDOWS\system32\busuujyx.dll NOT unregistered.
    C:\WINDOWS\system32\busuujyx.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\gqcmkujh.dll
    C:\WINDOWS\system32\gqcmkujh.dll NOT unregistered.
    C:\WINDOWS\system32\gqcmkujh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\fgrbqrwu.dll
    C:\WINDOWS\system32\fgrbqrwu.dll NOT unregistered.
    C:\WINDOWS\system32\fgrbqrwu.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xsqcpcsa.dll
    C:\WINDOWS\system32\xsqcpcsa.dll NOT unregistered.
    C:\WINDOWS\system32\xsqcpcsa.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\sgofgbfh.dll
    C:\WINDOWS\system32\sgofgbfh.dll NOT unregistered.
    C:\WINDOWS\system32\sgofgbfh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\jjwfynhc.dll
    C:\WINDOWS\system32\jjwfynhc.dll NOT unregistered.
    C:\WINDOWS\system32\jjwfynhc.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhxhyioc.dll
    C:\WINDOWS\system32\yhxhyioc.dll NOT unregistered.
    C:\WINDOWS\system32\yhxhyioc.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mvqkwwvl.dll
    C:\WINDOWS\system32\mvqkwwvl.dll NOT unregistered.
    C:\WINDOWS\system32\mvqkwwvl.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\havaonmf.dll
    C:\WINDOWS\system32\havaonmf.dll NOT unregistered.
    C:\WINDOWS\system32\havaonmf.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\sxhhpsvl.dll
    C:\WINDOWS\system32\sxhhpsvl.dll NOT unregistered.
    C:\WINDOWS\system32\sxhhpsvl.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yjrpoqeb.dll
    C:\WINDOWS\system32\yjrpoqeb.dll NOT unregistered.
    C:\WINDOWS\system32\yjrpoqeb.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\qiseeyfu.dll
    C:\WINDOWS\system32\qiseeyfu.dll NOT unregistered.
    C:\WINDOWS\system32\qiseeyfu.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xedxiiwc.dll
    C:\WINDOWS\system32\xedxiiwc.dll NOT unregistered.
    C:\WINDOWS\system32\xedxiiwc.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\viaxlpwt.dll
    C:\WINDOWS\system32\viaxlpwt.dll NOT unregistered.
    C:\WINDOWS\system32\viaxlpwt.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vubmweuv.dll
    C:\WINDOWS\system32\vubmweuv.dll NOT unregistered.
    C:\WINDOWS\system32\vubmweuv.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\kgnrrisa.dll
    C:\WINDOWS\system32\kgnrrisa.dll NOT unregistered.
    C:\WINDOWS\system32\kgnrrisa.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\jabescsm.dll
    C:\WINDOWS\system32\jabescsm.dll NOT unregistered.
    C:\WINDOWS\system32\jabescsm.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\geButTmk.dll
    C:\WINDOWS\system32\geButTmk.dll NOT unregistered.
    C:\WINDOWS\system32\geButTmk.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtUnkhFw.dll
    C:\WINDOWS\system32\vtUnkhFw.dll NOT unregistered.
    C:\WINDOWS\system32\vtUnkhFw.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXQIBtt.dll
    C:\WINDOWS\system32\byXQIBtt.dll NOT unregistered.
    C:\WINDOWS\system32\byXQIBtt.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\geBqQIAQ.dll
    C:\WINDOWS\system32\geBqQIAQ.dll NOT unregistered.
    C:\WINDOWS\system32\geBqQIAQ.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXOihFU.dll
    C:\WINDOWS\system32\byXOihFU.dll NOT unregistered.
    C:\WINDOWS\system32\byXOihFU.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGyvvuS.dll
    C:\WINDOWS\system32\hgGyvvuS.dll NOT unregistered.
    C:\WINDOWS\system32\hgGyvvuS.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMfeEuR.dll
    C:\WINDOWS\system32\qoMfeEuR.dll NOT unregistered.
    C:\WINDOWS\system32\qoMfeEuR.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcBuuro.dll
    C:\WINDOWS\system32\efcBuuro.dll NOT unregistered.
    C:\WINDOWS\system32\efcBuuro.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDVOHA.dll
    C:\WINDOWS\system32\efcDVOHA.dll NOT unregistered.
    C:\WINDOWS\system32\efcDVOHA.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfDtTjI.dll
    C:\WINDOWS\system32\khfDtTjI.dll NOT unregistered.
    C:\WINDOWS\system32\khfDtTjI.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hforvovw.dll
    C:\WINDOWS\system32\hforvovw.dll NOT unregistered.
    C:\WINDOWS\system32\hforvovw.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xmlyduxj.dll
    C:\WINDOWS\system32\xmlyduxj.dll NOT unregistered.
    C:\WINDOWS\system32\xmlyduxj.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\bhekdvyo.dll
    C:\WINDOWS\system32\bhekdvyo.dll NOT unregistered.
    C:\WINDOWS\system32\bhekdvyo.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vncyuyup.dll
    C:\WINDOWS\system32\vncyuyup.dll NOT unregistered.
    C:\WINDOWS\system32\vncyuyup.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbqkjowk.dll
    C:\WINDOWS\system32\cbqkjowk.dll NOT unregistered.
    C:\WINDOWS\system32\cbqkjowk.dll moved successfully.
    C:\WINDOWS\msn.com moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04132008_141958

    Files moved on Reboot...
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDUoPI.dll
    C:\WINDOWS\system32\efcDUoPI.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\efcDUoPI.dll scheduled to be move
     
  8. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Malwarebytes' Anti-Malware 1.11
    Database version: 619

    Scan type: Quick Scan
    Objects scanned: 33727
    Time elapsed: 4 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 25
    Registry Values Infected: 4
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\efcDUoPI.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\opnkliFv.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02116a9e-5b95-4106-98b8-79cc0a80eec0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{02116a9e-5b95-4106-98b8-79cc0a80eec0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnklifv (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3bc3ac5b-3bbb-9dbe-8166-ec650e3b9b48} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirGear 3.8 (Rogue.AntiVirGear) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\VirusLocker (Rogue.Virus.Locker) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcduopi -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\efcDUoPI.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\IPoUDcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\IPoUDcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnkliFv.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tuvWpQhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
     
  9. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please post a fresh DSS log. Thanks.
     
  10. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:47:04 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\pmropn.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\wltray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Nurian\PSH2.0\PSH2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: cpmsky browser optimizer - {8c191ff1-8e14-a3d2-542d-ac0124506957} - C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: {ffb8b002-fcc0-412a-19b4-8636fb8eea7d} - {d7aee8bf-6368-4b91-a214-0ccf200b8bff} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [ServiceHome] C:\Program Files\Nurian\PSH2.0\PSH2.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: FlashSprite - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160754994015
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
    O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 12482 bytes

    My computer worked alright for a while but then things just started to not work.
    I would get messages saying different things aren't quite working.
    At the moment it is Itunes but before it wouldn't show Task manager.
     
  11. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Deckard's System Scanner v20071014.68
    Run by HP_Administrator on 2008-04-14 22:03:15
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as HP_Administrator.exe) ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:03:36 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\pmropn.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\wltray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Documents and Settings\HP_Administrator\My Documents\dss(2).exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: cpmsky browser optimizer - {8c191ff1-8e14-a3d2-542d-ac0124506957} - C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [ServiceHome] C:\Program Files\Nurian\PSH2.0\PSH2.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: FlashSprite - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160754994015
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
    O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 12427 bytes

    -- Files created between 2008-03-14 and 2008-04-14 -----------------------------

    2008-04-14 21:42:57 712704 --a------ C:\WINDOWS\system32\pmph.dll <Not Verified; PremierOpinion; PremierOpinion>
    2008-04-14 18:49:35 118784 --a------ C:\WINDOWS\system32\pmai.dll <Not Verified; PremierOpinion; PremierOpinion>
    2008-04-13 19:55:16 0 d-------- C:\Program Files\MSN Messenger
    2008-04-13 19:13:48 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-04-13 19:13:48 1609728 --a------ C:\WINDOWS\system32\pmropn.exe <Not Verified; PremierOpinion; PremierOpinion>
    2008-04-13 19:13:48 368640 --a------ C:\WINDOWS\system32\pmls.dll <Not Verified; PremierOpinion; PremierOpinion>
    2008-04-13 19:09:20 40713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
    2008-04-13 14:42:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    2008-04-13 14:42:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-13 14:42:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-13 09:41:56 37888 --a------ C:\WINDOWS\system32\opnnolmj.dll
    2008-04-13 01:32:22 37888 --a------ C:\WINDOWS\system32\pmnoMdbB.dll
    2008-04-13 00:37:10 37888 --a------ C:\WINDOWS\system32\geBuVLfD.dll
    2008-04-12 22:51:10 0 d-------- C:\Program Files\Trend Micro
    2008-04-12 19:23:15 0 d-------- C:\Program Files\Netcom3 Cleaner
    2008-04-12 19:22:05 0 d-------- C:\WINDOWS\pss
    2008-04-12 18:19:50 0 d-------- C:\MSNCleaner
    2008-04-12 18:10:42 0 d-------- C:\bintheredunthat
    2008-04-12 14:43:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
    2008-04-12 14:00:51 50164 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-03-22 20:16:48 0 d-------- C:\Program Files\Safari
    2008-03-22 11:56:27 0 d-------- C:\Program Files\DNA
    2008-03-22 11:56:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA


    -- Find3M Report ---------------------------------------------------------------

    2008-04-14 18:53:19 0 d-------- C:\Program Files\BitTorrent
    2008-04-14 00:07:32 0 d-------- C:\Program Files\iTunes
    2008-04-14 00:07:14 0 d-------- C:\Program Files\iPod
    2008-04-14 00:06:15 0 d-------- C:\Program Files\QuickTime
    2008-04-13 19:13:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
    2008-04-12 17:28:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
    2008-04-01 12:09:54 0 d-------- C:\Program Files\DivX
    2008-03-23 02:26:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
    2008-03-17 08:16:27 0 d-------- C:\Program Files\Panasonic
    2008-03-15 19:59:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
    2008-03-10 22:47:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mIRC
    2008-03-10 19:08:07 0 d-------- C:\Program Files\mIRC
    2008-03-09 15:16:51 0 d-------- C:\Program Files\Java
    2008-03-05 22:05:37 0 d-------- C:\Program Files\StepMania
    2008-03-04 11:10:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-04 09:57:52 0 d-------- C:\Program Files\HydraIRC
    2008-03-03 20:28:48 0 d-------- C:\Program Files\Windows Live
    2008-03-03 20:27:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-03 20:27:34 0 d-------- C:\Program Files\Common Files
    2008-02-21 22:20:02 0 d-------- C:\Program Files\Nurian
    2008-02-21 22:20:01 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-21 22:19:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
    2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-20 21:18:26 0 d-------- C:\Program Files\SopCast
    2008-02-20 18:41:22 0 d-------- C:\Program Files\LimeWire


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8c191ff1-8e14-a3d2-542d-ac0124506957}]
    C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 10:01 PM]
    "RTHDCPL"="RTHDCPL.EXE" [03/08/2006 05:54 AM C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 12:19 AM C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 08:15 PM]
    "nwiz"="nwiz.exe" [01/24/2006 08:15 PM C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 10:05 AM]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 11:14 PM]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 11:34 PM]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 07:18 PM]
    "wltray.exe"="C:\WINDOWS\system32\wltray.exe" [06/08/2005 05:32 PM]
    "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 09:00 AM]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]
    "imekrmig"="C:\IME\IMKR\imekrmig.exe" [01/09/2001 12:01 PM]
    "ServiceHome"="C:\Program Files\Nurian\PSH2.0\PSH2.exe" [11/17/2007 02:42 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
    "PremierOpinion"="c:\windows\system32\pmropn.exe" [04/14/2008 06:48 PM]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/08/2007 12:01 AM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 10:00 PM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/23/2007 12:43 PM]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/11/2008 05:44 PM]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/23/2006 9:47:50 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
    C:\WINDOWS\system32\pmls.dll 04/14/2008 07:06 PM 368640 C:\WINDOWS\system32\pmls.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\pmai.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    *Newly Created Service* - ENTDRV51



    -- End of Deckard's System Scanner: finished at 2008-04-14 22:04:38 ------------

    thank you blackmirror.
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Still infected.

    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  13. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    ComboFix 08-04-14.2 - HP_Administrator 2008-04-15 17:10:48.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1118 [GMT 1:00]
    Running from: C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\geBuVLfD.dll
    C:\WINDOWS\system32\hcnlneyt.ini
    C:\WINDOWS\system32\ikhmkssl.ini
    C:\WINDOWS\system32\ldpackage.dll
    C:\WINDOWS\system32\model.dat
    C:\WINDOWS\system32\oigihixn.ini
    C:\WINDOWS\system32\opnnolmj.dll
    C:\WINDOWS\system32\pmnoMdbB.dll
    C:\WINDOWS\system32\silc_dll.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
    .

    2008-04-14 22:24 . 2008-04-14 22:24 286,720 --a------ C:\WINDOWS\system32\pmxf.dll
    2008-04-14 21:42 . 2008-04-14 21:42 712,704 --a------ C:\WINDOWS\system32\pmph.dll
    2008-04-14 18:49 . 2008-04-14 18:49 118,784 --a------ C:\WINDOWS\system32\pmai.dll
    2008-04-13 19:55 . 2008-04-13 19:55 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-04-13 19:14 . 2008-04-13 19:14 63,892 --a------ C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll-uninst.exe
    2008-04-13 19:13 . 2008-04-14 18:48 1,609,728 --a------ C:\WINDOWS\system32\pmropn.exe
    2008-04-13 19:13 . 2008-04-14 19:06 368,640 --a------ C:\WINDOWS\system32\pmls.dll
    2008-04-13 19:13 . 2003-05-07 18:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
    2008-04-13 19:09 . 2008-04-13 19:13 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
    2008-04-13 14:42 . 2008-04-13 14:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-13 14:42 . 2008-04-13 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    2008-04-13 14:42 . 2008-04-13 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-13 14:19 . 2008-04-13 14:19 <DIR> d-------- C:\_OTMoveIt
    2008-04-13 00:10 . 2008-04-13 00:10 <DIR> d-------- C:\Deckard
    2008-04-12 22:51 . 2008-04-12 22:51 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-12 19:23 . 2008-04-13 19:22 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
    2008-04-12 19:13 . 2008-04-15 17:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-12 19:13 . 2008-04-12 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-12 18:19 . 2008-04-12 18:25 <DIR> d-------- C:\MSNCleaner
    2008-04-12 18:10 . 2008-04-12 18:10 <DIR> d-------- C:\bintheredunthat
    2008-04-12 15:02 . 1980-04-12 19:13 709,255 ---hs---- C:\WINDOWS\system32\itxxvdqu.ini
    2008-04-12 14:43 . 2008-04-12 14:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
    2008-04-12 14:00 . 2008-04-12 14:00 50,164 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-12 13:41 . 1980-04-12 14:35 708,895 ---hs---- C:\WINDOWS\system32\jcdqddyc.ini
    2008-04-12 13:00 . 1980-04-12 13:30 708,715 ---hs---- C:\WINDOWS\system32\ipaxgmts.ini
    2008-04-11 17:45 . 2008-04-13 00:20 101,139 --a------ C:\WINDOWS\BM2835007b.xml
    2008-04-11 17:44 . 2008-04-11 17:44 268 --ah----- C:\sqmdata05.sqm
    2008-04-11 17:44 . 2008-04-11 17:44 244 --ah----- C:\sqmnoopt05.sqm
    2008-04-06 19:17 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-04-06 19:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-06 19:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-06 19:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-04-06 17:02 . 2008-04-06 17:02 268 --ah----- C:\sqmdata04.sqm
    2008-04-06 17:02 . 2008-04-06 17:02 244 --ah----- C:\sqmnoopt04.sqm
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-03-22 20:17 . 2008-03-22 20:17 268 --ah----- C:\sqmdata02.sqm
    2008-03-22 20:17 . 2008-03-22 20:17 244 --ah----- C:\sqmnoopt02.sqm
    2008-03-22 20:17 . 2008-03-22 20:17 172 --ah----- C:\sqmnoopt03.sqm
    2008-03-22 20:17 . 2008-03-22 20:17 148 --ah----- C:\sqmdata03.sqm
    2008-03-22 20:16 . 2008-03-22 20:17 <DIR> d-------- C:\Program Files\Safari
    2008-03-22 11:56 . 2008-03-22 11:56 <DIR> d-------- C:\Program Files\DNA
    2008-03-22 11:56 . 2008-04-15 17:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-14 17:53 --------- d-----w C:\Program Files\BitTorrent
    2008-04-13 23:07 --------- d-----w C:\Program Files\iTunes
    2008-04-13 23:07 --------- d-----w C:\Program Files\iPod
    2008-04-13 23:06 --------- d-----w C:\Program Files\QuickTime
    2008-04-13 18:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
    2008-04-12 16:28 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
    2008-04-01 11:09 --------- d-----w C:\Program Files\DivX
    2008-03-23 01:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
    2008-03-17 07:16 --------- d-----w C:\Program Files\Panasonic
    2008-03-10 21:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\mIRC
    2008-03-10 18:08 --------- d-----w C:\Program Files\mIRC
    2008-03-09 14:16 --------- d-----w C:\Program Files\Java
    2008-03-06 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-05 21:05 --------- d-----w C:\Program Files\StepMania
    2008-03-04 10:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-04 08:57 --------- d-----w C:\Program Files\HydraIRC
    2008-03-03 19:28 --------- d-----w C:\Program Files\Windows Live
    2008-03-03 19:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-21 21:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-21 21:20 --------- d-----w C:\Program Files\Nurian
    2008-02-21 21:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
    2008-02-20 20:18 --------- d-----w C:\Program Files\SopCast
    2008-02-20 17:41 --------- d-----w C:\Program Files\LimeWire
    2007-09-19 22:43 47,680 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2006-10-15 13:32 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8c191ff1-8e14-a3d2-542d-ac0124506957}]
    C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 12:43 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 17:44 288576]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01 67584]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 05:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360]
    "nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 10:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 19:18 49152]
    "wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-06-08 17:32 778318]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00 94208]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50 139320]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
    "imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 12:01 44544]
    "ServiceHome"="C:\Program Files\Nurian\PSH2.0\PSH2.exe" [2007-11-17 14:42 1667072]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "PremierOpinion"="c:\windows\system32\pmropn.exe" [2008-04-14 18:48 1609728]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-23 20:49:19 27136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-23 21:47:50 36903]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
    C:\WINDOWS\system32\pmls.dll 2008-04-14 19:06 368640 C:\WINDOWS\system32\pmls.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\WINDOWS\system32\pmai.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
    "C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\HydraIRC\\HydraIRC.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\system32\\pmropn.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-29 19:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-15 17:15:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 147

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\wltrysvc.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehmsas.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-15 17:22:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-15 16:22:09

    Pre-Run: 144,311,132,160 bytes free
    Post-Run: 144,243,920,896 bytes free
    .
    2008-04-10 02:03:53 --- E O F ---
     
  14. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:53:40 PM, on 4/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\pmropn.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\wltray.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: cpmsky browser optimizer - {8c191ff1-8e14-a3d2-542d-ac0124506957} - C:\WINDOWS\system32\{dd96fa3e-5368-9131-b581-16f8953af4e0}.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
    O4 - HKLM\..\Run: [ServiceHome] C:\Program Files\Nurian\PSH2.0\PSH2.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: FlashSprite - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: FlashSprite - {51f101a6-3884-4eb7-a832-340ba9104288} - C:\Program Files\Nurian\PSH2.0\BFS\ie.htm (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160754994015
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
    O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 12169 bytes
     
  15. OopsAutumn

    OopsAutumn Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    44
    This virus is getting worse by the day. I think I really need some help here. Anyone know what to do?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703043

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice