1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: @MFDnSC (new thread for WinAntivirus)

Discussion in 'All Other Software' started by Xryll, Jul 31, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    .. or anyone who happens in..

    I've tried everything!
    I've downloaded the HjackThis and ran the first scan. Mind taking a peek for me and walk through? - ps thanks for your efforts-
    -------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 7:45:39 PM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\VnVsZGFyZQ\command.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\ybxbyzw.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\cvn0.exe
    C:\WINDOWS\system32\wfxqhv.exe
    C:\kybrdff_7.exe
    C:\WINDOWS\ms05317251-1468.exe
    C:\WINDOWS\ybxbyzwA.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\nwnmff_7.exe
    C:\WINDOWS\xload.exe
    C:\dfndrff_7.exe
    C:\WINDOWS\system32\zqskw.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\Program Files\Common Files\{A87B41BD-063A-1033-0830-040721040001}\Update.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\WINDOWS\FNTS~1\spoolsv.exe
    C:\PROGRA~1\ASEMBL~1\JVAW~1.EXE
    C:\Program Files\PSHope\PSHope.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\n9nyb.exe
    C:\WINDOWS\system32\ghynf.exe
    C:\Program Files\TClock\TClock.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\HPZipm12.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {D40BDD5A-4FC9-431B-ECDA-6284FDE31E9D} - C:\WINDOWS\system32\mkwrrmq.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vfyxk.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gafcukw.exe
    O2 - BHO: (no name) - {90093189-c040-4c46-b065-edecc582f24f} - C:\WINDOWS\system32\c_1nec.dll
    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ms05317251-1468] C:\WINDOWS\ms05317251-1468.exe
    O4 - HKLM\..\Run: [ybxbyzwA] C:\WINDOWS\ybxbyzwA.exe
    O4 - HKLM\..\Run: [gjx55426] RUNDLL32.EXE w0313a38.dll,n 00255424000000030313a38
    O4 - HKLM\..\Run: [w031bac4.dll] RUNDLL32.EXE w031bac4.dll,I2 002554240031bac4
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_7.exe
    O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_7.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Sdcs] "C:\WINDOWS\FNTS~1\spoolsv.exe" -vt yazr
    O4 - HKCU\..\Run: [Tszyu] C:\PROGRA~1\ASEMBL~1\JVAW~1.EXE
    O4 - HKCU\..\Run: [ffqk] C:\PROGRA~1\COMMON~1\ffqk\ffqkm.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.sxload.com
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:mad:MSITStore:C:\DOCUME~1\Admin\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:mad:MSITStore:C:\DOCUME~1\Admin\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
    O18 - Protocol: bw+0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {494EB85D-84F7-47A9-92B2-567FAF30AA4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - AppInit_DLLs: repairs303169590.dll,chkdsk.dll C:\WINDOWS\system32\chkdsk.dll
    O20 - Winlogon Notify: c_1nec - C:\WINDOWS\SYSTEM32\c_1nec.dll
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\ir8ml5l11.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VnVsZGFyZQ\command.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ybxbyzw.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove logitech desktop messenger
    ====================
    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ======================
    Then, go to start > run and copy and paste next command in the field:

    "C:\Documents and Settings\Master\Desktop\combofix.exe" /v pmkjj

    Hit enter.
    This should start combofix

    ==================
    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    The files are too large to post in one thread due to character limit.
    See attachment Combofix and Hjiackthis files if possible.
     

    Attached Files:

  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run the second half of my post - SPySweeper
     
  5. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    Thanks again for the assistance. This machine is not willing to cooperate to say the least. Heres Day 2 logs for someone to peek at. Thanks in advance!
     

    Attached Files:

  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have major problems

    Look in your Control Panel under Add/Remove programs for the following:

    PuritySCAN By OIN,
    Snowballwars by OIN,
    OuterInfo or anything similar ,

    If found, click on it and click remove.

    If not listed, download and run this uninstaller:

    http://www.outerinfo.com/OiUninstaller.exe


    run spy sweeper again

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  7. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    PuritySCAN By OIN,
    Snowballwars by OIN,
    OuterInfo or anything similar

    None found in Add/Remove
    Spy Sweeper was blocking the OiUninstaller.exe installation and when I disabled it, the pops up took over again.

    Results of SmitfraudFix:

    SmitFraudFix v2.78

    Scan done at 20:49:34.05, Tue 08/01/2006
    Run from C:\Documents and Settings\Admin\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="C:\\Program Files\\MSN\\howyqymil.html"
    "SubscribedURL"=""
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="C:\\WINDOWS\\warnhp.html"
    "SubscribedURL"=""
    "FriendlyName"="Desktop Uninstall"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    SpySweeper results #4

    Webroot Spy Sweeper

    trojan-downloaded-conhook
    purityscan
    forethought
    mfindalot hjack
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Need to see the current hijack log
     
  9. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    Current HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:43:21 PM, on 8/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\cvn0.exe
    C:\WINDOWS\ybxbyzwA.exe
    C:\WINDOWS\system32\n9nyb.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ghynf.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\WINDOWS\FNTS~1\spoolsv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TClock\TClock.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {D40BDD5A-4FC9-431B-ECDA-6284FDE31E9D} - C:\WINDOWS\system32\mkwrrmq.dll
    O2 - BHO: (no name) - {90093189-c040-4c46-b065-edecc582f24f} - C:\WINDOWS\system32\c_1nec.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
    O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKLM\..\Run: [ybxbyzwA] C:\WINDOWS\ybxbyzwA.exe
    O4 - HKLM\..\Run: [gjx55426] "RUNDLL32.EXE" w0313a38.dll,n 00255424000000030313a38
    O4 - HKLM\..\Run: [w031bac4.dll] "RUNDLL32.EXE" w031bac4.dll,I2 002554240031bac4
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Sdcs] "C:\WINDOWS\FNTS~1\spoolsv.exe" -vt yazr
    O4 - HKCU\..\Run: [ffqk] C:\PROGRA~1\COMMON~1\ffqk\ffqkm.exe
    O4 - HKCU\..\Run: [TClock.exe] "C:\Program Files\TClock\tclock_install.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.sxload.com
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:mad:MSITStore:C:\DOCUME~1\Admin\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
    O20 - Winlogon Notify: c_1nec - C:\WINDOWS\SYSTEM32\c_1nec.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    ========================================
    Run Spysweeper – check for updates and have it fix anything it finds
    ==========================
    Fix these with HJT – mark them, close IE, click fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=

    R3 - URLSearchHook: (no name) - {D40BDD5A-4FC9-431B-ECDA-6284FDE31E9D} - C:\WINDOWS\system32\mkwrrmq.dll

    O2 - BHO: (no name) - {90093189-c040-4c46-b065-edecc582f24f} - C:\WINDOWS\system32\c_1nec.dll

    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe

    O4 - HKLM\..\Run: [ybxbyzwA] C:\WINDOWS\ybxbyzwA.exe

    O4 - HKLM\..\Run: [gjx55426] "RUNDLL32.EXE" w0313a38.dll,n 00255424000000030313a38

    O4 - HKLM\..\Run: [w031bac4.dll] "RUNDLL32.EXE" w031bac4.dll,I2 002554240031bac4

    O4 - HKCU\..\Run: [Sdcs] "C:\WINDOWS\FNTS~1\spoolsv.exe" -vt yazr

    O4 - HKCU\..\Run: [ffqk] C:\PROGRA~1\COMMON~1\ffqk\ffqkm.exe

    O4 - HKCU\..\Run: [TClock.exe] "C:\Program Files\TClock\tclock_install.exe"

    O15 - Trusted Zone: *.sxload.com

    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download...reeInstall.cab

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:mad:MSITStore:C:\DOCUME~1\Admin\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

    O20 - Winlogon Notify: c_1nec - C:\WINDOWS\SYSTEM32\c_1nec.dll

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\c_1nec.dll
    C:\WINDOWS\system32\cvn0.exe
    C:\WINDOWS\ybxbyzwA.exe
    C:\WINDOWS\system32\w0313a38.dll
    C:\WINDOWS\system32\w031bac4.dll
    C:\WINDOWS\FNTS~1
    C:\PROGRA~1\COMMON~1\ffqk
    C:\Program Files\TClock

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  11. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    -Vundo report attached
    -Updated and Ran SpySweeper - corrected any files located
    -Ran HjackThis and fix/deleted files listed above
    -Ran KillBox in safemode and Deleted files listed avove (three not located)
    All files deleted from C:\Windows\Temp
    -Rebooted
    On reboot all pop up .dll files not located were no longer an issue
    Clock correct (TClock removed rather)
    Lavasoft Ad-Aware se freeware - This locked up during attempted scan - removed from Add/Remove utility

    XoftSpySE (Paid membership version) no cookies located - no spyware located -


    Current State of PC:
    After rebooting, the only error seems to be 'Active Desktop Recovery' with a box to Restore my Active Desktop. Is that normal due to recent changes? Go ahead and click Restore? I can't thank you enough. The obvious errors have been corrected. What do you reccommend from this point as far as security is concerned, virus protection etc.?
    What do you think about XoftSpySE add removal tool? Overall suggestions would be greatly appricieated.

    My laptop is running better than it has in months!

    PS Where do I contribute?
     
  12. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    ...
     

    Attached Files:

  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    That happens let it recover - need to see a new hijack log
     
  14. Xryll

    Xryll Thread Starter

    Joined:
    Jul 31, 2006
    Messages:
    12
    Attached:

    Seemingly the only issues currently are locking up when trying to use Windows Task Manager. Related?
     

    Attached Files:

  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this with HiJack

    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe

    and have killbox delete C:\WINDOWS\system32\cvn0.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488253

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice