So Many Problems Dekards AnD Hijack this log included

beawulf · 2008/01/12

I have been expeirencing many diffrent errors and slow/buggy computer problems i have tried fixing with AVG Free Edition it somewhere around 74 errors i also ran spyhunter v3 it found areound 543 error but alas i cannot afford the full version to fix it at this time. pleas help me
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-13 11:34:23
Computer is in Normal Mode.
Files created between 2007-12-13 and 2008-01-13

2008-01-12 15:59:08 0 d-------- C:\Program Files\Enigma Software Group
2008-01-12 15:26:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-01-12 15:25:34 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-01-12 15:25:34 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-01-12 15:25:34 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-01-12 15:25:33 524288 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-01-12 10:41:10 163904 --a------ C:\WINDOWS\system32\pfrnnzub.dll
2008-01-12 10:41:07 163904 --a------ C:\WINDOWS\system32\xfswrchf.dll
2008-01-09 21:42:09 1358156 --a------ C:\WINDOWS\system32\silc.dat
2008-01-09 21:42:09 926241 --a------ C:\WINDOWS\system32\model.dat
2008-01-09 21:42:08 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2008-01-09 21:42:07 1523712 --a------ C:\WINDOWS\system32\LDPackage.dll <Not Verified; ; LDPackag Dynamic Link Library>
2008-01-09 19:35:27 0 d-------- C:\Program Files\Ventrilo
2008-01-09 19:35:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 21:38:03 0 d--h----- C:\Documents and Settings\Owner\Application Data\GTek
2008-01-02 21:36:51 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-02 21:36:50 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2007-12-24 12:41:23 286720 --a------ C:\WINDOWS\system32\rlxf.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-24 02:07:53 712704 --a------ C:\WINDOWS\system32\rlph.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-24 02:07:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Desktop Sidebar
2007-12-24 02:05:59 0 d-------- C:\Program Files\Desktop Sidebar
2007-12-24 01:48:40 1646592 --a------ C:\WINDOWS\system32\rlvknlg.exe <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-24 01:48:39 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-24 01:48:39 380928 --a------ C:\WINDOWS\system32\rlls.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-24 01:45:37 0 d-------- C:\Program Files\Save
2007-12-24 01:44:42 0 d-------- C:\Program Files\OneStepSearch
2007-12-24 01:44:39 0 d-------- C:\Program Files\filesubmit
2007-12-23 14:49:37 88209 --ahs---- C:\WINDOWS\system32\srqss.ini2

-- Find3M Report ---------------------------------------------------------------

2008-01-13 03:29:18 0 d-------- C:\Program Files\QuickTime
2008-01-13 03:29:15 0 d-------- C:\Program Files\MSN Messenger
2008-01-13 03:29:12 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-01-13 03:29:12 0 d-------- C:\Program Files\Messenger
2008-01-13 03:29:10 0 d-------- C:\Program Files\iTunes
2008-01-13 02:27:29 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-09 19:35:02 0 d-------- C:\Program Files\Common Files
2008-01-05 10:59:34 0 d-------- C:\Documents and Settings\Owner\Application Data\SeekmoToolbar
2007-12-19 07:14:34 0 d-------- C:\Program Files\Java
2007-12-14 17:28:17 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-14 17:25:19 0 d-------- C:\Program Files\Kodak
2007-12-14 17:23:47 0 d-------- C:\Program Files\Full Tilt Poker
2007-12-14 17:23:21 0 d-------- C:\Program Files\PartyGaming
2007-12-14 17:22:23 0 d-------- C:\Program Files\PokerStars.NET
2007-11-16 12:50:21 0 d-------- C:\Program Files\JetAudio
2007-11-16 12:50:20 0 d-------- C:\Documents and Settings\Owner\Application Data\COWON

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}]
02/13/2007 12:49 AM 546336 --a------ C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
01/12/2008 10:41 AM 163904 --a------ C:\WINDOWS\system32\pfrnnzub.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EEDC94-E177-43D2-B600-84E7AC69969B}]
C:\WINDOWS\system32\rqrstsp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C590FF17-757B-412B-A457-CEF2E3A5DD2C}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5CBE2611-C31B-401F-89BC-4CBB25E853D7} "= C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll [02/13/2007 12:49 AM 546336]

[-HKEY_CLASSES_ROOT\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}]
[HKEY_CLASSES_ROOT\SkHostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}]
[HKEY_CLASSES_ROOT\SkHostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [12/10/2004 12:45 PM C:\WINDOWS\KHALMNPR.Exe]
"SeekmoToolbar "= "C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}" []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [01/13/2008 02:15 AM]
"C-Media Mixer "= "Mixer.exe" [06/12/2002 04:23 PM C:\WINDOWS\mixer.exe]
"SoundMan "= "SOUNDMAN.EXE" [01/09/2004 07:54 PM C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:00 PM]
"WhenUSave "= "C:\Program Files\Save\Save.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{8086B6CF-0A6A-1033-0603-040502080001} "= "C:\Program Files\Common Files\{8086B6CF-0A6A-1033-0603-040502080001}\Update.exe" mc-110-12-0000137

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B0EEDC94-E177-43D2-B600-84E7AC69969B} "= C:\WINDOWS\system32\rqrstsp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 10/13/2004 06:29 PM 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pfrnnzub]
pfrnnzub.dll 01/12/2008 10:41 AM 163904 C:\WINDOWS\system32\pfrnnzub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Reliability]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsp]
rqrstsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbug32]
winbug32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\ssqrs
"Notification Packages "= scecli DPPWDFLT

-- End of Deckard's System Scanner: finished at 2008-01-13 11:35:22 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.66GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.8 MiB / 522.83 MiB
Pagefile Memory (total/avail): 2444.61 MiB / 2120.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.55 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 37.12 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - CBM Flash Disk USB Device - 941.31 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 964.5 MiB - L:

\\.\PHYSICALDRIVE4 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE6 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msnmsgr .exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr .exe:*:Enabled:Messenger "
"C:\\Program Files\\MSN Messenger\\msnmsgr .exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr .exe:*:Enabled:Messenger "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"c:\\windows\\system32\\rlvknlg.exe "= "c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe "

Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KC-A8542695483E
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KC-A8542695483E
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\DPDrv;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=KC-A8542695483E
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Guest (new local, guest)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{684CB795-C157-4E15-93D4-E26015FEF1EA}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Remote Wonder 2.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1033
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~2\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~2\BEARSH~1\INSTALL.LOG
BearShare MediaBar --> C:\Program Files\BearShare applications\BearShare MediaBar\Uninstall.exe
BearShare MediaBar --> regsvr32 /u /s "C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll"
CIF USB CAMERA --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC3110.txt
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D= "C:\Program Files\SlySoft\CloneCD "
COWON Media Center - jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Desktop Sidebar --> MsiExec.exe /I{4A389F44-8E35-49C8-9359-839A2B7550F5}
DigitalPersona Password Manager 1.0.1 --> MsiExec.exe /I{C6C136D9-B41E-46ED-A8ED-A84D18B7CA31}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Easy MP3 Alarm Clock --> C:\Program Files\Easy MP3 Alarm Clock\Uninstall.exe
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Fraps --> "C:\Fraps\uninstall.exe "
Game Copier 1.6 --> "F:\Game Copier\unins000.exe "
Game Jackal v2.9.18.565 --> "F:\Game Jackal\unins000.exe "
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
HijackThis 2.0.0 --> "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NZJ1S30H\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.13.6 --> "C:\Program Files\LimeWire\uninstall.exe "
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magic Online --> F:\magic\magic.exe -u
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Global Search Bar --> rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
OneStep Search 1.0 build 136 --> C:\Program Files\OneStepSearch\uninstall.exe
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver --> cmuninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RedLightCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35C73A54-1428-4893-B041-58AA594F4ACD}\setup.exe" -l0x9
RelevantKnowledge --> c:\windows\system32\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
Seekmo Toolbar --> "C:\Program Files\SeekmoToolbar\Bin\SkUninst.exe" Web
SourceGuardian 7.0 for PHP demo --> C:\Program Files\SourceGuardian\SourceGuardian 7 for PHP demo\uninst.exe
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Tracks Eraser Pro v6.2 --> "C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe "
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\fvkwdrt.exe
WhenU SaveNow --> "C:\Program Files\Save\SaveUninst.exe" /rWUSV /kSaveNow /d "WhenU SaveNow "
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI "
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
xpot.zip --> C:\PROGRA~1\FILESU~1\xpot.zip\UNWISE.EXE C:\PROGRA~1\FILESU~1\xpot.zip\INSTALL.LOG
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type7912 / Error
Event Submitted/Written: 01/13/2008 02:28:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7906 / Success
Event Submitted/Written: 01/13/2008 02:18:56 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7879 / Success
Event Submitted/Written: 01/12/2008 03:30:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7877 / Error
Event Submitted/Written: 01/12/2008 03:28:16 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application ati2evxx.exe, version 6.14.10.4132, faulting module ati2evxx.exe, version 6.14.10.4132, fault address 0x00001c52.
Error in creating result PEAP-TLV in response to received PEAP-TLV (ati2evxx.exe!ld!)

Event Record #/Type7876 / Error
Event Submitted/Written: 01/12/2008 03:25:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ati2evxx.exe, version 6.14.10.4132, faulting module ati2evxx.exe, version 6.14.10.4132, fault address 0x00001c52.
Processing media-specific event for [ati2evxx.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type112 / Warning
Event Submitted/Written: 01/13/2008 03:05:17 AM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type63 / Error
Event Submitted/Written: 01/13/2008 02:11:19 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 000CF1F1BD86.

Event Record #/Type62 / Warning
Event Submitted/Written: 01/13/2008 02:11:19 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1F1BD86. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type61 / Error
Event Submitted/Written: 01/13/2008 02:10:46 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.101 for the Network Card with network address 000CF1F1BD86 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type58 / Warning
Event Submitted/Written: 01/13/2008 02:10:37 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1F1BD86. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

-- End of Deckard's System Scanner: finished at 2008-01-13 03:12:45 ------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:43:33 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\SkSrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\Hijackl this\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrs.exe
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pfrnnzub.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B0EEDC94-E177-43D2-B600-84E7AC69969B} - C:\WINDOWS\system32\rqrstsp.dll (file missing)
O2 - BHO: (no name) - {C590FF17-757B-412B-A457-CEF2E3A5DD2C} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe "
O4 - HKCU\..\Policies\Explorer\Run: [{8086B6CF-0A6A-1033-0603-040502080001}] "C:\Program Files\Common Files\{8086B6CF-0A6A-1033-0603-040502080001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140954197906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: pfrnnzub - C:\WINDOWS\SYSTEM32\pfrnnzub.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\
O20 - Winlogon Notify: rqrstsp - rqrstsp.dll (file missing)
O20 - Winlogon Notify: winbug32 - C:\WINDOWS\SYSTEM32\winbug32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10436 bytes

noahdfear · 2008/01/13

Welcome to WindowsBBS beawulf

Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new dss log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please don't edit the log, wrap in quotes or code or color. Thanks!

beawulf · 2008/01/15

Dekards

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-14 19:07:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-14 19:08:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C590FF17-757B-412B-A457-CEF2E3A5DD2C} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{8086B6CF-0A6A-1033-0603-040502080001}] "C:\Program Files\Common Files\{8086B6CF-0A6A-1033-0603-040502080001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140954197906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: rqrstsp - C:\WINDOWS\system32\rqrstsp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe

--
End of file - 9848 bytes

-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-14 18:57:42 0 d-------- C:\WINDOWS\LastGood
2008-01-14 17:57:44 1978 --a------ C:\Documents and Settings\Owner\resetlog
2008-01-13 14:14:31 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-01-13 14:14:30 0 d-------- C:\Program Files\SpywareBlaster
2008-01-13 14:09:32 0 d-------- C:\Program Files\Lavasoft
2008-01-13 14:09:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 14:06:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2008-01-13 14:06:23 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-13 14:06:22 0 d-------- C:\Program Files\COMODO
2008-01-13 14:03:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 15:59:08 0 d-------- C:\Program Files\Enigma Software Group
2008-01-12 15:26:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-01-12 15:25:34 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-01-12 15:25:34 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-01-12 15:25:34 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-01-12 15:25:34 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2008-01-12 15:25:34 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-01-12 15:25:34 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-01-12 15:25:33 495616 --a------ C:\Documents and Settings\Guest\NTUSER.DAT
2008-01-09 21:42:09 1358156 --a------ C:\WINDOWS\system32\silc.dat
2008-01-09 19:35:27 0 d-------- C:\Program Files\Ventrilo
2008-01-09 19:35:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 21:38:03 0 d--h----- C:\Documents and Settings\Owner\Application Data\GTek
2008-01-02 21:36:51 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-02 21:36:50 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2007-12-24 02:07:53 712704 --a------ C:\WINDOWS\system32\rlph.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-24 02:07:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Desktop Sidebar
2007-12-24 02:05:59 0 d-------- C:\Program Files\Desktop Sidebar
2007-12-24 01:48:39 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-24 01:44:39 0 d-------- C:\Program Files\filesubmit

-- Find3M Report ---------------------------------------------------------------

2008-01-14 18:50:45 0 d-------- C:\Program Files\Common Files
2008-01-14 16:36:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-14 00:08:01 0 d-------- C:\Program Files\BearShare Applications
2008-01-14 00:07:59 0 d-------- C:\Program Files\Easy MP3 Alarm Clock
2008-01-13 03:29:18 0 d-------- C:\Program Files\QuickTime
2008-01-13 03:29:15 0 d-------- C:\Program Files\MSN Messenger
2008-01-13 03:29:12 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-01-13 03:29:12 0 d-------- C:\Program Files\Messenger
2008-01-13 03:29:10 0 d-------- C:\Program Files\iTunes
2007-12-19 07:14:34 0 d-------- C:\Program Files\Java
2007-12-14 17:28:17 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-14 17:25:19 0 d-------- C:\Program Files\Kodak
2007-12-14 17:23:47 0 d-------- C:\Program Files\Full Tilt Poker
2007-12-14 17:23:21 0 d-------- C:\Program Files\PartyGaming
2007-12-14 17:22:23 0 d-------- C:\Program Files\PokerStars.NET
2007-11-16 12:50:21 0 d-------- C:\Program Files\JetAudio
2007-11-16 12:50:20 0 d-------- C:\Documents and Settings\Owner\Application Data\COWON

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C590FF17-757B-412B-A457-CEF2E3A5DD2C}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/13/2008 02:07 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [01/13/2008 02:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr .exe" [01/13/2008 02:17 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{8086B6CF-0A6A-1033-0603-040502080001} "= "C:\Program Files\Common Files\{8086B6CF-0A6A-1033-0603-040502080001}\Update.exe" mc-110-12-0000137

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 10/13/2004 06:29 PM 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsp]
rqrstsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ssqrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoToolbar]
C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

-- End of Deckard's System Scanner: finished at 2008-01-14 19:08:56 ------------

noahdfear · 2008/01/15

Please reread my previous post.

Log in or Sign up

So Many Problems Dekards AnD Hijack this log included

beawulf Inactive Thread Starter

noahdfear Inactive

beawulf Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

So Many Problems Dekards AnD Hijack this log included

beawulf Inactive Thread Starter

noahdfear Inactive

beawulf Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches