1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware problem, cant identify it

Discussion in 'Windows - Virus and spyware problems' started by MrX1oo1, Nov 10, 2007.

  1. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    I've had a problem with what i think is malware for a few weeks now. I downloaded what i thought was a crack, yeah stupid mistake now IE pops up every few minutes with advertisements. I use trend micro now full suite. It had detected some spyware and what it said was a problem, deleted them and still IE pops up. I'm guessing whats causing it is a program or process that it doesn't identify as harmful. so is there any programs or something that can identify unwanted processes or programs out there? also winspool.exe keeps popping up and sucking up all my cpu usage. what is winspool and why is it doing this? thanks for your help in advance.
  2. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    cracks, keygens etc usually nothing but trojans/virus or packaged with the same. winspool.exe = backdoor trojan. get another malware scanner to use like AVG antispyware or superantispyware.

  3. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    ran AVG and the problem still continues. winspool.exe wasn't identified by AVG either. whats the best way to get rid of it? run in safe mode and try deleting it? ive tried ending the active process and just right click deleting it under search but it wont let me. thanks
  4. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    post a hjt log:


    * Save HJTInstall.exe to your desktop.
    * Doubleclick on the HJTInstall.exe icon on your desktop.
    * By default it will install to C:\Program Files\Trend Micro\HijackThis .
    * Click on Install.
    * It will create a HijackThis icon on the desktop.
    * Once installed, it will launch Hijackthis.
    * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    * Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into next reply.

  5. Zer0ink

    Zer0ink Regular member

    Jan 22, 2005
    Likes Received:
    Trophy Points:
    assuming youre running xp

    run all in safe mode after all is installed
    and updated

    AVG Anti-Virus Free Edition

    EMCO Malware Destroyer

    SUPERAntiSpyware (Free Edition)

    Spyware Terminator

    Spybot - Search and Destroy

    install Ad-Aware SE

    hijackthis (delete any line that ends in isp #, ie:

    SpywareBlaster & McAfee SiteAdvisor after cleaning up your computer

    these are all free and given my two thumbs up

    found at http://www.snapfiles.com/

    giving back what was freely given to me... good luck
  6. Zer0ink

    Zer0ink Regular member

    Jan 22, 2005
    Likes Received:
    Trophy Points:
    message above had errors

    assuming youre running xp

    run all in safe mode after all is installed
    and updated & then run in normal mode

    AVG Anti-Virus Free Edition (never have more than one anti-virus installed at one time)

    EMCO Malware Destroyer

    SUPERAntiSpyware (Free Edition)

    Spyware Terminator

    Spybot - Search and Destroy

    Ad-Aware SE

    hijackthis (delete any line that ends in isp #, ie:

    SpywareBlaster & McAfee SiteAdvisor after cleaning up your computer

    these are all free and given my two thumbs up

    found at http://www.snapfiles.com/

    giving back what was so freely given to me at afterdawn.com... good luck from zer0ink
  7. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:16:45 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Xtawu] "C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    End of file - 9418 bytes
  8. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    hi MrX1oo1,

    we can try this first:

    Look in your control panel's add/remove programs for any of these:
    uninstall if present

    Cowabanga by OIN
    ipwindows / ipwins
    MediaTickets by OIN
    Outer Info Network
    PurityScan by OIN
    Snowball Wars by OIN
    TizzleTalk by OIN
    Yazzle by OIN
    Yazzle ActiveX by OIN
    Yazzle Cowabanga by OIN
    Yazzle Kobe :filtered:! By OIN
    Yazzle Picster by OIN
    Yazzle Snowball Wars by OIN
    Yazzle Sudoku by OIN
    Zolero Translator

    if you dont see any of them then:
    download and run this uninstaller:

    after a uninstall or using the uninstaller reboot computer once then rescan and post a new hjt log.
  9. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:50:54 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    End of file - 9256 bytes
  10. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    ok. did you find any of those in the add/remove programs panel? you ran that uninstaller? i dont see this 04 in the new hjt log;

    O4 - HKCU\..\Run: [Xtawu] "C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe"

    which is good. run your avg antispyware once.

  11. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    hi MrX1oo1,

    can't edit my posts. you can remove this via add/remove programs panel:


    it piggy-backed in with something else.

  12. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    ok from the list above i didnt find any of those under add or remove programs. i just deleted the viewpoint media player, must've piggy backed like you said. I'm running AVG again, full system scan. as for the winspool thing you commented it was good? good as in good process or good as in its identified so I can remove it? thanks again echoreply
  13. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    no winspool.exe isnt good. see what avg digs up this time.

    shelf life
  14. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    its still around. i guess ill try and get rid of it in safe mode
  15. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:

    Please download ComboFix (by sUBs) from one of the following links:


    Save it to the Desktop.
    Double-click combofix.exe and follow the prompts.

    CAUTION: Do not mouse-click ComboFix's window while it is running.
    It may cause it to stall.

    When finished, it produces a log.

    Please provide the contents of the ComboFix log in your reply--
  16. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    ComboFix 07-11-08.1 - Brett 2007-11-11 18:57:50.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.598 [GMT -8:00]
    Running from: C:\Documents and Settings\Brett\Desktop\ComboFix.exe
    * Created a new restore point

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Documents and Settings\Brett\Application Data\ECURIT~1
    C:\Program Files\ystem~1

    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))

    2007-11-11 18:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    2007-11-10 21:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-06 15:09 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-29 21:48 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games
    2007-10-29 21:48 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games
    2007-10-29 21:46 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games Plugin
    2007-10-29 21:46 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games Plugin
    2007-10-29 21:45 <DIR> d-------- C:\Program Files\Tencent
    2007-10-23 02:00 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-10-22 21:24 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
    2007-10-22 16:27 <DIR> d-------- C:\WINDOWS\l2schemas
    2007-10-22 16:12 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
    2007-10-22 16:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
    2007-10-22 16:12 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
    2007-10-22 16:12 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
    2007-10-21 11:51 10,752 --a------ C:\WINDOWS\DCEBoot.exe
    2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\LocalSSL
    2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\kdefense
    2007-10-20 23:46 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
    2007-10-20 23:46 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
    2007-10-20 23:46 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
    2007-10-20 23:46 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
    2007-10-20 23:44 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-20 23:44 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
    2007-10-20 23:44 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
    2007-10-20 23:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
    2007-10-20 23:40 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-19 16:46 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-10-18 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-10-18 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-10-18 23:23 <DIR> d-------- C:\Program Files\Common Files\Canon
    2007-10-18 23:23 <DIR> d-------- C:\Program Files\Canon
    2007-10-18 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    2007-10-16 21:58 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\SoundSpectrum
    2007-10-16 21:58 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\SoundSpectrum
    2007-10-16 20:49 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-16 20:47 102,400 --a------ C:\WINDOWS\system32\drvzab.dll
    2007-10-16 20:47 33,792 --a------ C:\WINDOWS\system32\vtutspm.dll
    2007-10-13 23:35 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\Logitech
    2007-10-13 23:35 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\Logitech
    2007-10-13 23:33 127,034 -r------- C:\WINDOWS\bwUnin-
    2007-10-13 23:31 <DIR> d-------- C:\Program Files\Logitech
    2007-10-13 23:31 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2007-10-13 23:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-11-12 00:48 --------- d-----w C:\Program Files\Viewpoint
    2007-11-12 00:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-11-11 22:37 --------- d-----w C:\Program Files\Dl_cats
    2007-11-11 21:44 --------- d-----w C:\Documents and Settings\Brett\Application Data\Azureus
    2007-11-11 21:44 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Azureus
    2007-11-10 22:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
    2007-11-08 02:40 --------- d-----w C:\Program Files\PeerGuardian2
    2007-11-06 23:22 --------- d-----w C:\Program Files\iTunes
    2007-11-06 23:22 --------- d-----w C:\Program Files\iPod
    2007-10-30 05:46 --------- d-----w C:\Program Files\AIM6
    2007-10-30 05:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2007-10-30 04:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2007-10-24 08:16 --------- d-----w C:\Documents and Settings\Brett\Application Data\iolo
    2007-10-24 08:16 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\iolo
    2007-10-21 07:31 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-10-19 21:28 --------- d-----w C:\Documents and Settings\Brett\Application Data\WeatherBug
    2007-10-19 21:28 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\WeatherBug
    2007-10-19 01:08 --------- d-----w C:\Documents and Settings\Brett\Application Data\Ahead
    2007-10-19 01:08 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Ahead
    2007-10-17 19:37 --------- d-----w C:\Program Files\Lavasoft
    2007-10-17 19:37 --------- d-----w C:\Documents and Settings\Brett\Application Data\Lavasoft
    2007-10-17 19:37 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Lavasoft
    2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-10-14 07:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-10 06:12 --------- d-----w C:\Program Files\MediaCell Video Converter
    2007-09-27 04:45 --------- d-----w C:\Documents and Settings\Brett\Application Data\Apple Computer
    2007-09-27 04:45 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Apple Computer
    2007-09-26 21:35 --------- d-----w C:\Documents and Settings\Brett\Application Data\Sonic
    2007-09-26 21:35 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Sonic
    2007-09-26 21:34 --------- d-----w C:\Documents and Settings\Brett\Application Data\Leadertech
    2007-09-26 21:34 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Leadertech
    2007-09-24 06:46 --------- d-----w C:\Program Files\DivX
    2007-09-24 06:45 --------- d-----w C:\Program Files\Last.fm
    2007-09-22 18:47 --------- d-----w C:\Program Files\Human Head Studios
    2007-09-18 09:31 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
    2007-09-18 09:31 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
    2007-09-17 21:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-09-17 21:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
    2007-09-17 21:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-16 05:35 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-15 23:30 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944
    2007-09-15 23:27 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-09-15 23:25 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-15 23:25 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-15 23:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-09-14 02:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
    2007-09-13 05:49 --------- d-----w C:\Program Files\Driver Cleaner PE
    2007-09-13 05:33 --------- d-----w C:\Documents and Settings\Brett\Application Data\AdobeUM
    2007-09-13 05:33 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\AdobeUM
    2007-09-13 03:11 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
    2007-09-13 03:11 --------- d-----w C:\Program Files\Alcohol Soft
    2007-09-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-13 01:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2007-09-13 01:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-09-13 00:57 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-09-13 00:55 --------- d-----w C:\Program Files\Illustrate
    2007-09-13 00:53 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd5773.sys
    2007-09-13 00:53 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-09-13 00:49 --------- d-----w C:\Program Files\Nero
    2007-09-13 00:49 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-09-13 00:38 --------- d-----w C:\Program Files\SoundSpectrum
    2007-09-13 00:29 --------- d-----w C:\Program Files\AWS
    2007-09-13 00:28 --------- d-----w C:\Program Files\LimeWire
    2007-09-13 00:27 --------- d-----w C:\Program Files\XviD
    2007-09-13 00:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
    2007-09-12 14:56 77,824 ----a-w C:\WINDOWS\system32\G-Force.scr
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
    2007-10-16 20:49 24064 --a------ C:\Program Files\Adsense Helper Object\aho.v1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 06:21 103760]


    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
    "IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 18:11]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 14:45]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
    "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 01:31]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 13:39]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-10 21:19]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20]

    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 16:25:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 23:33:57]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-13 23:32:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqooo]



    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 19:19:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    Completion time: 2007-11-11 19:21:27 - machine was rebooted
    --- E O F ---
  17. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:
    ok combofix got rid of some stuff. i will post back later with a script file to use.
  18. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    awesome thanks again man/woman lol
  19. echoreply

    echoreply Regular member

    Nov 9, 2007
    Likes Received:
    Trophy Points:


    Copy and paste ALL the following red text in the box below into Notepad.
    Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript save to your desktop.

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqooo]

    now locate the script you just saved and the combofix icon, both on the desktop--
    drag the CFScript right on top of the combofix icon and release it.
    combofix will run and produce another log. post the new log.

    echoreply(a man)
  20. MrX1oo1

    MrX1oo1 Member

    Nov 21, 2004
    Likes Received:
    Trophy Points:
    ComboFix 07-11-08.1 - Brett 2007-11-12 16:11:17.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.262 [GMT -8:00]
    Running from: C:\Documents and Settings\Brett\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Brett\Desktop\CFScript.txt
    * Created a new restore point

    ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))

    2007-11-11 18:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    2007-11-10 21:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-06 15:09 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-29 21:48 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games
    2007-10-29 21:48 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games
    2007-10-29 21:46 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games Plugin
    2007-10-29 21:46 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games Plugin
    2007-10-29 21:45 <DIR> d-------- C:\Program Files\Tencent
    2007-10-23 02:00 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-10-22 21:24 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
    2007-10-22 16:27 <DIR> d-------- C:\WINDOWS\l2schemas
    2007-10-22 16:12 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
    2007-10-22 16:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
    2007-10-22 16:12 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
    2007-10-22 16:12 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
    2007-10-21 11:51 10,752 --a------ C:\WINDOWS\DCEBoot.exe
    2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\LocalSSL
    2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\kdefense
    2007-10-20 23:46 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
    2007-10-20 23:46 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
    2007-10-20 23:46 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
    2007-10-20 23:46 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
    2007-10-20 23:44 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-20 23:44 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
    2007-10-20 23:44 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
    2007-10-20 23:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
    2007-10-20 23:40 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-19 16:46 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-10-18 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-10-18 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-10-18 23:23 <DIR> d-------- C:\Program Files\Common Files\Canon
    2007-10-18 23:23 <DIR> d-------- C:\Program Files\Canon
    2007-10-18 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    2007-10-16 21:58 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\SoundSpectrum
    2007-10-16 21:58 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\SoundSpectrum
    2007-10-16 20:49 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-16 20:47 102,400 --a------ C:\WINDOWS\system32\drvzab.dll
    2007-10-16 20:47 33,792 --a------ C:\WINDOWS\system32\vtutspm.dll
    2007-10-13 23:35 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\Logitech
    2007-10-13 23:35 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\Logitech
    2007-10-13 23:33 127,034 -r------- C:\WINDOWS\bwUnin-
    2007-10-13 23:31 <DIR> d-------- C:\Program Files\Logitech
    2007-10-13 23:31 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2007-10-13 23:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-11-13 00:15 --------- d-----w C:\Documents and Settings\Brett\Application Data\Azureus
    2007-11-13 00:15 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Azureus
    2007-11-12 03:56 --------- d-----w C:\Program Files\Dl_cats
    2007-11-12 00:48 --------- d-----w C:\Program Files\Viewpoint
    2007-11-12 00:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-11-10 22:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
    2007-11-08 02:40 --------- d-----w C:\Program Files\PeerGuardian2
    2007-11-06 23:22 --------- d-----w C:\Program Files\iTunes
    2007-11-06 23:22 --------- d-----w C:\Program Files\iPod
    2007-10-30 05:46 --------- d-----w C:\Program Files\AIM6
    2007-10-30 05:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2007-10-30 04:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2007-10-24 08:16 --------- d-----w C:\Documents and Settings\Brett\Application Data\iolo
    2007-10-24 08:16 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\iolo
    2007-10-21 07:31 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-10-19 21:28 --------- d-----w C:\Documents and Settings\Brett\Application Data\WeatherBug
    2007-10-19 21:28 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\WeatherBug
    2007-10-19 01:08 --------- d-----w C:\Documents and Settings\Brett\Application Data\Ahead
    2007-10-19 01:08 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Ahead
    2007-10-17 19:37 --------- d-----w C:\Program Files\Lavasoft
    2007-10-17 19:37 --------- d-----w C:\Documents and Settings\Brett\Application Data\Lavasoft
    2007-10-17 19:37 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Lavasoft
    2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-10-14 07:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-10 06:12 --------- d-----w C:\Program Files\MediaCell Video Converter
    2007-09-27 04:45 --------- d-----w C:\Documents and Settings\Brett\Application Data\Apple Computer
    2007-09-27 04:45 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Apple Computer
    2007-09-26 21:35 --------- d-----w C:\Documents and Settings\Brett\Application Data\Sonic
    2007-09-26 21:35 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Sonic
    2007-09-26 21:34 --------- d-----w C:\Documents and Settings\Brett\Application Data\Leadertech
    2007-09-26 21:34 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Leadertech
    2007-09-24 06:46 --------- d-----w C:\Program Files\DivX
    2007-09-24 06:45 --------- d-----w C:\Program Files\Last.fm
    2007-09-22 18:47 --------- d-----w C:\Program Files\Human Head Studios
    2007-09-18 09:31 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
    2007-09-18 09:31 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
    2007-09-17 21:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-09-17 21:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
    2007-09-17 21:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-16 05:35 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-15 23:30 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944
    2007-09-15 23:27 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-09-15 23:25 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-15 23:25 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-15 23:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-09-14 02:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
    2007-09-13 05:49 --------- d-----w C:\Program Files\Driver Cleaner PE
    2007-09-13 05:33 --------- d-----w C:\Documents and Settings\Brett\Application Data\AdobeUM
    2007-09-13 05:33 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\AdobeUM
    2007-09-13 03:11 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
    2007-09-13 03:11 --------- d-----w C:\Program Files\Alcohol Soft
    2007-09-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-13 01:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2007-09-13 01:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-09-13 00:57 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-09-13 00:55 --------- d-----w C:\Program Files\Illustrate
    2007-09-13 00:53 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd5773.sys
    2007-09-13 00:53 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-09-13 00:49 --------- d-----w C:\Program Files\Nero
    2007-09-13 00:49 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-09-13 00:38 --------- d-----w C:\Program Files\SoundSpectrum
    2007-09-13 00:29 --------- d-----w C:\Program Files\AWS
    2007-09-13 00:28 --------- d-----w C:\Program Files\LimeWire
    2007-09-13 00:27 --------- d-----w C:\Program Files\XviD
    2007-09-13 00:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
    2007-09-12 14:56 77,824 ----a-w C:\WINDOWS\system32\G-Force.scr
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

    ((((((((((((((((((((((((((((( snapshot@2007-11-11_19.20.03.29 )))))))))))))))))))))))))))))))))))))))))
    + 2007-11-12 03:55:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_208.dat
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
    2007-10-16 20:49 24064 --a------ C:\Program Files\Adsense Helper Object\aho.v1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 06:21 103760]


    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
    "IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 18:11]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 14:45]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
    "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 01:31]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 13:39]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-10 21:19]

    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 16:25:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 23:33:57]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-13 23:32:03]


    R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe -service


    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 16:15:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    Completion time: 2007-11-12 16:17:55
    C:\ComboFix2.txt ... 2007-11-11 19:21
    --- E O F ---

Share This Page