friends really bad log..needs some major help here.

Status
Not open for further replies.

Static_11

Fully Optimized
Messages
1,946
friend woke up this morning with her background showing this:
screen1.jpg



every few seconds im getting random messages in the bottom right hand side saying spyware is being detected blah blah blah...
Ran spybot, adaware, and tweaknow... the messages are still coming on strong and every few minutes i get an IE popup wanting me to buy some AV crap.
Also, if i hit ctrl, alt, del, i get this message:
screen2.jpg



Yeah...something isn't right here. im trying to download AVG right now so i can run it but its being really slow. For some reason my satelite is downloading at like 15kbps...weak.
Well, heres the log! Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:40 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\SCURIT~1\wuauclt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Liz\Application Data\?icrosoft.NET\w?nspool.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QdrPack\QdrPack10.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\AOL\1166664359\ee\aolsoftware.exe
c:\program files\common files\aol\1166664359\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1166664359\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Task Killer\taskkiller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\RunOnce: [SpybotDeletingA5310] command /c del "C:\WINDOWS\7search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6704] cmd /c del "C:\WINDOWS\7search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5089] cmd /c del "C:\WINDOWS\pbsysie.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6574] cmd /c del "C:\WINDOWS\kvnab.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8370] command /c del "C:\WINDOWS\system32\wml.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC958] cmd /c del "C:\WINDOWS\system32\wml.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5513] command /c del "C:\WINDOWS\system32\vxddsk.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8008] cmd /c del "C:\WINDOWS\system32\vxddsk.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8652] command /c del "C:\WINDOWS\system32\ace16win.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5529] cmd /c del "C:\WINDOWS\system32\ace16win.dll_tobedeleted"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Widp] "C:\WINDOWS\SCURIT~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6785] command /c del "C:\WINDOWS\7search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9315] cmd /c del "C:\WINDOWS\7search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5957] cmd /c del "C:\WINDOWS\pbsysie.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3266] cmd /c del "C:\WINDOWS\kvnab.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2383] command /c del "C:\WINDOWS\system32\wml.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8355] cmd /c del "C:\WINDOWS\system32\wml.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7110] command /c del "C:\WINDOWS\system32\vxddsk.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2379] cmd /c del "C:\WINDOWS\system32\vxddsk.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5744] command /c del "C:\WINDOWS\system32\ace16win.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD126] cmd /c del "C:\WINDOWS\system32\ace16win.dll_tobedeleted"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=t...gimages/music/backeyedpeas_monkeybusiness.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=t...s_just_balls.jpg/200px-No_pads_just_balls.jpg
O24 - Desktop Component 10: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/adbd.jpg?tkn=phAC9wFB6GyXlAzW&saveas=McKayla+-+059
O24 - Desktop Component 11: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/66e8.jpg?tkn=phAC9wFBi3biSFEb&saveas=McKayla+-+001
O24 - Desktop Component 12: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/bd5c.jpg?tkn=phAC9wFBPv9AYNYZ&saveas=McKayla+-+009
O24 - Desktop Component 13: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/8f70.jpg?tkn=phEQ9wFB1yu4a2ah&saveas=McKayla+-+112
O24 - Desktop Component 14: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/1239.jpg?tkn=phEQ9wFBlNQVgXGx&saveas=McKayla+-+142
O24 - Desktop Component 15: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/948a.jpg?tkn=phEQ9wFBWgdoo6BY&saveas=McKayla+-+065
O24 - Desktop Component 16: (no name) - http://us.a2.yahoofs.com/users/_ISIXD4lVmgh/__sr_/33ed.jpg?tkn=phEQ9wFBuRUJqnkX&saveas=McKayla+-+006
O24 - Desktop Component 17: (no name) - http://a929.ac-images.myspacecdn.com/images01/36/l_56803a3133bd5a9a88ce002f527a8d08.jpg
O24 - Desktop Component 18: (no name) - http://tbn0.google.com/images?q=tbn...mages/mindofmencia/Carlos_Mencia_s2-prod2.jpg
O24 - Desktop Component 19: (no name) - http://tbn0.google.com/images?q=tbn...mages/mindofmencia/Carlos_Mencia_s2-prod3.jpg
O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=t....com/covers/3_doors_down_-_seventeen_days.jpg
O24 - Desktop Component 20: (no name) - http://tbn0.google.com/images?q=tbn...magazine/2006/November/images/hollywood10.jpg
O24 - Desktop Component 21: (no name) - http://photos-318.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096318_6741.jpg
O24 - Desktop Component 22: (no name) - http://photos-302.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096302_9477.jpg
O24 - Desktop Component 23: (no name) - http://photos-303.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096303_9705.jpg
O24 - Desktop Component 24: (no name) - http://photos-307.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096307_647.jpg
O24 - Desktop Component 25: (no name) - http://photos-300.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096300_9003.jpg
O24 - Desktop Component 26: (no name) - http://photos-313.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096313_2064.jpg
O24 - Desktop Component 27: (no name) - http://photos-308.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096308_883.jpg
O24 - Desktop Component 28: (no name) - http://photos-310.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/s1298490100_30096310_1350.jpg
O24 - Desktop Component 29: (no name) - http://photos-303.ak.facebook.com/photos-ak-sf2p/v73/94/75/1298490100/n1298490100_30096303_9705.jpg
O24 - Desktop Component 3: (no name) - http://images.google.com/images?q=t...mg/alben/theall-americanrejects_movealong.jpg
O24 - Desktop Component 30: (no name) - http://www.rickey.org/wp-content/uploads/2007/03/elliott-yamin-03-2007-03-23.jpg
O24 - Desktop Component 31: (no name) - http://i10.tinypic.com/53hsklw.jpg
O24 - Desktop Component 32: (no name) - http://tbn0.google.com/images?q=tbn...tent/wp/en/5/53/Pink-imnotdead-toxicstyle.jpg
O24 - Desktop Component 33: (no name) - http://a325.ac-images.myspacecdn.com/images01/30/l_97a30d2657908a629fae64242eb3630c.jpg
O24 - Desktop Component 34: (no name) - http://a398.ac-images.myspacecdn.com/images01/24/l_3ef381990b2c9a07f947338954f3dfc5.jpg
O24 - Desktop Component 35: (no name) - http://tbn0.google.com/images?q=tbn...lbum-cover-close-up-britney-spears-poster.jpg
O24 - Desktop Component 4: (no name) - http://images.google.com/images?q=t...hr/UserDocsImages/foo%20fighters%20coverV.jpg
O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:OsCZCYnFrZmElM:http://itunes.sdsu.edu/falloutboy.jpg
O24 - Desktop Component 6: (no name) - http://images.google.com/images?q=t...e/PARI/KAT/COVER1/JPG72DPI8/P/82876634612.jpg
O24 - Desktop Component 7: (no name) - http://images.google.com/images?q=t...derpictures/usher_confessions_album-cover.jpg
O24 - Desktop Component 8: (no name) - http://images.google.com/images?q=t...E63CEC3D7954648256F3B00086004/$file/MMHMM.jpg
O24 - Desktop Component 9: (no name) - http://images.google.com/images?q=t...tent/wp/en/thumb/f/f2/200px-RelientKMmhmm.jpg

--
End of file - 20036 bytes
 
This is gona be fun :D

Just remove what you can for now

C:\WINDOWS\system32\lpcywinp.exe

C:\WINDOWS\SCURIT~1\wuauclt.exe

C:\Documents and Settings\Liz\Application Data\?icrosoft.NET\w?nspool.exe

C:\Program Files\QdrModule\QdrModule9.exe

C:\Program Files\QdrPack\QdrPack10.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDO WS\system32\userinit.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"

O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"



Uninstall spybot search and destroy, that program is useless these days....

then run ccleaner and cleanup..

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK

then

Download This program by clicking on the link: VirtumundoBeGone.exe [94.7 KB]
Run the program and follow the directions. Make sure you save all your work before!
If the virus is detected it will force you to restart your computer right away.

then

Download ComboScan to your Desktop.


1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please attach Supplementary.txt to your post.




And finally post a new log and let me know if you see any improvements
 
of course he isnt.

its like he looks forward to logs like this!

ill do this stuff when i get home. thanks for the quick reply...if it is possible i'd like to have this computer done by tonight.. i get home at 3PM central time.
 
Status
Not open for further replies.
Back
Top Bottom