Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Diocleaner Pop-ups (my HiJack Log)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Diocleaner Pop-ups (my HiJack Log)

Unread postby Clorinsk » January 6th, 2008, 4:03 am

Main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-06 02:59:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-01-06 07:59:11 UTC - RP24 - Deckard's System Scanner Restore Point
21: 2008-01-06 07:52:29 UTC - RP23 - Installed AVG 7.5
20: 2008-01-06 07:50:35 UTC - RP22 - Removed AVG 7.5
19: 2008-01-06 07:41:28 UTC - RP21 - Removed AVG 7.5
18: 2008-01-05 05:05:18 UTC - RP20 - System Checkpoint


-- First Restore Point --
1: 2007-12-16 06:20:22 UTC - RP3 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:00, on 2008-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\AOL\1133413111\ee\AOLSoftware.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {0115046B-0E13-403A-96D5-2BBD36D793E6} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: 0 - {1BD3471C-7196-40DD-6A8A-1256C00E9333} - C:\Program Files\Common Files\labuv.dll (file missing)
O2 - BHO: (no name) - {207F41E5-4147-487A-B78B-A1D7477C86C5} - C:\Program Files\MSN\hopecekys555077.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4E95B989-33D0-4A7A-8491-F2050067DE97} - C:\WINDOWS\system32\opnmj.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {55c02781-94a7-4bee-a996-c8f622ddabcc} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {61BC2171-98BD-413E-A990-0F108F3F487A} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {76D7BB15-560F-4312-A9DE-4B52A7B68029} - C:\Program Files\MSN\hopecekys4444.dll (file missing)
O2 - BHO: (no name) - {7A9ACEAD-D4A2-4E5C-B547-F1523B9F07A3} - C:\Program Files\MSN\hopecekys83122.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EFBD35E2-8353-4481-A57D-6E5E335639DA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133413111\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{FB-B5-53-3A-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunServices: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - http://webcafe.wharton.upenn.edu/eRoomSetup/client.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrqonk - rqrqonk.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11871 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>

S2 Aspi32 - c:\windows\system32\drivers\aspi32.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20071121.002\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20071121.002\navex15.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 QCONSVC - system32\qconsvc.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 MT Mobile Connection
Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A85202&0&08F0
Manufacturer: Intel
Name: Intel(R) PRO/1000 MT Mobile Connection
PNP Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A85202&0&08F0
Service: E1000


-- Scheduled Tasks -------------------------------------------------------------

2008-01-01 19:02:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-11-27 21:07:25 458 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2007-12-06 and 2008-01-06 -----------------------------

2008-01-02 23:52:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\FileZilla
2008-01-02 23:48:34 0 d-------- C:\Program Files\FileZilla Client
2007-12-23 12:22:16 60416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2007-12-21 10:25:40 0 d-------- C:\WINDOWS\ERUNT
2007-12-12 11:59:02 0 d-------- C:\WINDOWS\CSC
2007-12-12 10:12:44 0 dr-h----- C:\$VAULT$.AVG
2007-12-12 10:07:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-12 09:58:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-12 09:57:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-12 09:48:50 0 d-------- C:\Program Files\Trend Micro
2007-12-11 22:21:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-11 22:12:37 0 d-------- C:\Program Files\Spruce
2007-12-11 22:10:45 0 d-------- C:\WINDOWS\system32\rex2
2007-12-11 22:10:45 0 d-------- C:\WINDOWS\system32\doc4
2007-12-11 22:10:45 0 d-------- C:\WINDOWS\system32\bbc5
2007-12-11 22:10:45 0 d-------- C:\WINDOWS\system32\ashell3
2007-12-08 21:41:04 0 d-------- C:\Program Files\iTunes
2007-12-08 21:32:46 0 d-------- C:\Program Files\QuickTime
2007-12-08 21:24:31 0 d-------- C:\Program Files\Apple Software Update
2007-12-08 21:23:09 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-08 21:21:29 0 d-------- C:\Program Files\Common Files\Apple
2007-12-08 21:21:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-01-06 02:58:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-21 10:32:03 0 d-------- C:\Program Files\Common Files
2007-12-12 10:02:02 652434 --ahs---- C:\WINDOWS\system32\jmnpo.ini2
2007-12-08 21:41:27 0 d-------- C:\Program Files\iPod
2007-12-05 11:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-23 22:44:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-21 14:56:56 0 d-------- C:\Program Files\Enigma Software Group
2007-11-18 17:26:01 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 23:42:42 0 d-------- C:\Program Files\Skype
2007-11-07 21:11:26 0 d-------- C:\Program Files\Common Files\Skype
2007-11-07 13:59:11 0 d-------- C:\Program Files\Symantec AntiVirus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0115046B-0E13-403A-96D5-2BBD36D793E6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BD3471C-7196-40DD-6A8A-1256C00E9333}]
C:\Program Files\Common Files\labuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{207F41E5-4147-487A-B78B-A1D7477C86C5}]
C:\Program Files\MSN\hopecekys555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E95B989-33D0-4A7A-8491-F2050067DE97}]
C:\WINDOWS\system32\opnmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55c02781-94a7-4bee-a996-c8f622ddabcc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61BC2171-98BD-413E-A990-0F108F3F487A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76D7BB15-560F-4312-A9DE-4B52A7B68029}]
C:\Program Files\MSN\hopecekys4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A9ACEAD-D4A2-4E5C-B547-F1523B9F07A3}]
C:\Program Files\MSN\hopecekys83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E78B911A-6F68-4B84-8C19-EC417C9590E2}]
C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFBD35E2-8353-4481-A57D-6E5E335639DA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 00:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 13:34]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 13:33]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-24 19:37]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-01-17 03:32]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 03:32]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-17 02:30]
"TP4EX"="tp4ex.exe" [2002-09-04 03:05 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 04:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-29 20:00]
"UC_SMB"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 16:52]
"StorageGuard"="c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 02:01]
"vptray"="C:\PROGRA~1\SYMANT~1\vptray.exe" [2003-05-01 16:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-06-25 14:08]
"EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe" [2002-04-25 02:00]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 13:49]
"Kaspersky Antivirus"="KasperskyAV.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1133413111\ee\AOLSoftware.exe" [2006-05-09 19:24]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"{FB-B5-53-3A-ZN}"="C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 02:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"tgcmd"="" []
"Kaspersky Antivirus"="KasperskyAV.exe" []
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Kaspersky Antivirus"=KasperskyAV.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-06-02 12:04:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqonk]
rqrqonk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54979cc4-3f09-11db-8376-90fe60a827c8}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-01-06 03:01:30 ------------



extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 510.92 MiB / 134.84 MiB
Pagefile Memory (total/avail): 1248.05 MiB / 924.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.06 MiB

C: is Fixed (NTFS) - 69.17 GiB total, 39.46 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 69.17 GiB - C:
\PARTITION1 - Unknown - 2.44 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COREYL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\COREYL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\MathWorks\MATLAB Component Runtime\v72\runtime\win32;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=COREYL
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

T40-PERF-USER (admin)
User2 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat Reader 5.1 --> MsiExec.exe /I{FD9C0732-7EE1-11D7-A12D-00C04F572BEC}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Agere Systems AC'97 Modem --> agrsmdel
alm --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Amazon MP3 Downloader 1.0.0 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX 4.12 Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
eRoom 7 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eRoom 7\Uninst.isu" -c"C:\Program Files\eRoom 7\eRClientUninstall.dll"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FileZilla 2.1.4b --> MsiExec.exe /I{ABA5CFE4-23A6-47E4-840F-CC3FBB7AD968}
FileZilla Client 3.0.4.1 --> C:\Program Files\FileZilla Client\uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hummingbird HostExplorer V8.0 --> MsiExec.exe /I{CD395C58-AE9F-40C1-BF65-21C223EA3BF2}
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
IBM RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE"
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
JMP IN 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{171F35E5-D5DA-4087-AA82-A97C03032045}\setup.exe" -l0x9
Kazaa Lite K++ v2.4.2 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Leash32 2.1.2 for Windows --> MsiExec.exe /I{C77E6020-52D0-443D-9DC2-BC9A5DE85F26}
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
MATLAB Component Runtime --> MsiExec.exe /I{36397154-0993-445D-A22F-8049559D4B22}
Microsoft Office XP Standard --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 6.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
SecureCRT 4.0.5 --> MsiExec.exe /I{BF57F48F-6215-437E-833C-7EC248FB70C8}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimNet XPert PageOut Combined 3.1 --> C:\Program Files\SimNet XPert/uninstall.exe
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffIt Expander 8.0 --> MsiExec.exe /X{DB74D322-389F-4C0C-810C-081D88CA62B1}
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer --> _tpiu000.exe /U
TPNala Wallpaper --> MsiExec.exe /I{F1F721BF-040C-4096-988A-1DB01EB73B0C}
TurboTax Business 2006 --> C:\Program Files\TurboTax\Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2006\Uninstall.log" -NoGui
Veo Advanced Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C44CB060-2AD1-11D6-BC84-00D0B7E10CD1}\SETUP.EXE"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type436 / Error
Event Submitted/Written: 01/05/2008 03:44:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x0000450e.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type414 / Error
Event Submitted/Written: 01/05/2008 01:37:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x0000450e.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type386 / Error
Event Submitted/Written: 01/03/2008 09:57:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type370 / Error
Event Submitted/Written: 01/01/2008 10:45:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type362 / Error
Event Submitted/Written: 01/01/2008 10:37:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x0000450e.
Processing media-specific event for [skype.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18394 / Error
Event Submitted/Written: 01/06/2008 02:55:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Aspi32 service failed to start due to the following error:
%%2

Event Record #/Type18369 / Error
Event Submitted/Written: 01/06/2008 02:46:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Aspi32 service failed to start due to the following error:
%%2

Event Record #/Type18348 / Error
Event Submitted/Written: 01/05/2008 10:02:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Aspi32 service failed to start due to the following error:
%%2

Event Record #/Type18330 / Error
Event Submitted/Written: 01/05/2008 05:22:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Aspi32 service failed to start due to the following error:
%%2

Event Record #/Type18312 / Error
Event Submitted/Written: 01/05/2008 03:56:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Aspi32 service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-01-06 03:01:30 ------------
Clorinsk
Regular Member
 
Posts: 36
Joined: December 12th, 2007, 1:03 pm
Advertisement
Register to Remove

Re: Diocleaner Pop-ups (my HiJack Log)

Unread postby Shaba » January 6th, 2008, 5:44 am

Hi

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {0115046B-0E13-403A-96D5-2BBD36D793E6} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: 0 - {1BD3471C-7196-40DD-6A8A-1256C00E9333} - C:\Program Files\Common Files\labuv.dll (file missing)
O2 - BHO: (no name) - {207F41E5-4147-487A-B78B-A1D7477C86C5} - C:\Program Files\MSN\hopecekys555077.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4E95B989-33D0-4A7A-8491-F2050067DE97} - C:\WINDOWS\system32\opnmj.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {55c02781-94a7-4bee-a996-c8f622ddabcc} - (no file)
O2 - BHO: (no name) - {61BC2171-98BD-413E-A990-0F108F3F487A} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {76D7BB15-560F-4312-A9DE-4B52A7B68029} - C:\Program Files\MSN\hopecekys4444.dll (file missing)
O2 - BHO: (no name) - {7A9ACEAD-D4A2-4E5C-B547-F1523B9F07A3} - C:\Program Files\MSN\hopecekys83122.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\Run: [{FB-B5-53-3A-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunServices: [Kaspersky Antivirus] KasperskyAV.exe
O20 - Winlogon Notify: rqrqonk - rqrqonk.dll (file missing)


Close all windows including browser and press fix checked.

Reboot.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Delete these:

C:\WINDOWS\system32\rex2
C:\WINDOWS\system32\doc4
C:\WINDOWS\system32\bbc5
C:\WINDOWS\system32\ashell3
C:\WINDOWS\system32\jmnpo.ini2

Empty Recycle Bin.

Re-run dss.

Post dss log (main.txt only, please).
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Diocleaner Pop-ups (my HiJack Log)

Unread postby Shaba » January 16th, 2008, 6:47 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware