Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • This topic is locked This topic is locked
3 replies to this topic

#1 thamsaiswan

thamsaiswan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 06 April 2008 - 10:23 AM

Hi, basically my taskbar is stuck in classic mode. I've no idea how it happened. I've tried downloading regedit files and tried all sorts of solution and nothing works. The taskbar is still stuck in classic mode. Also my programs like utorrent is recieving a "no a valid win32 application" error. I think its an infection. Here is my log. Pls help.

Ps this is my first post, sry if i've broken and regulations regarding postings.




Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-06 22:52:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-04-06 14:53:06 UTC - RP53 - Deckard's System Scanner Restore Point
28: 2008-04-06 11:37:05 UTC - RP52 - Restore Operation
27: 2008-04-05 02:54:34 UTC - RP51 - Installed Windows Live Messenger
26: 2008-04-04 07:25:09 UTC - RP50 - System Checkpoint
25: 2008-04-02 11:42:30 UTC - RP49 - System Checkpoint


-- First Restore Point --
1: 2008-02-04 04:19:04 UTC - RP25 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 22:54:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [tciocp32] C:\WINDOWS\tciocp32.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [mhlvigmh] C:\WINDOWS\hvghubhl.exe
O4 - HKLM\..\Run: [fmsbbqi] C:\WINDOWS\fmsbbqi.exe
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [chiBsNiu] C:\WINDOWS\system32\renrou.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mfchlp32] C:\WINDOWS\mfchlp32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: msosmhfp00.dll,msosdohs00.dll SysWoWa7.dll,msosmnsf00.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


--
End of file - 7583 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 fpids32 - c:\windows\system32\drivers\msosfpids32.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
R3 RT73 (RT73 USB Wireless LAN Card Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
R3 ZkMpj (ZkMpj WDM Driver) - c:\windows\system32\drivers\zkmpj.sys

S2 dohs - c:\docume~1\admini~1\locals~1\temp\tmp8.tmp (file missing)
S2 mhfp - c:\docume~1\admini~1\locals~1\temp\tmp2.tmp (file missing)
S2 mnsf - c:\docume~1\admini~1\locals~1\temp\tmp22.tmp (file missing)
S3 pop - c:\windows\system32\drivers\pop.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Modem Audio Device
Device ID: MODEMWAVE\0\{49341C6F-5A56-413F-84B6-79CC2EB565AB}
Manufacturer: Microsoft
Name: Modem Audio Device
PNP Device ID: MODEMWAVE\0\{49341C6F-5A56-413F-84B6-79CC2EB565AB}
Service:


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 22:42:22 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-04-06 22:42:22 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-04-06 22:42:22 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-04-06 22:42:22 0 d--h----- C:\Documents and Settings\Guest\Recent
2008-04-06 22:42:22 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-04-06 22:42:22 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-04-06 22:42:22 0 d-------- C:\Documents and Settings\Guest\My Documents
2008-04-06 22:42:22 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-04-06 22:42:22 0 d-------- C:\Documents and Settings\Guest\Favorites
2008-04-06 22:42:22 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-04-06 22:42:22 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-04-06 22:42:22 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-04-06 22:42:22 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-04-06 22:42:21 262144 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-04-06 22:33:53 20340 --a------ C:\WINDOWS\WSockDrv32.exe
2008-04-06 19:58:04 0 d-------- C:\Program Files\TGTSoft
2008-04-06 19:18:49 28932 --a------ C:\WINDOWS\system32\jvqnnj.dll
2008-04-06 19:18:47 34572 --a------ C:\WINDOWS\system32\sefoym.dll
2008-04-06 19:18:41 36620 --a------ C:\WINDOWS\system32\evtmja.dll
2008-04-06 19:18:38 30468 --a------ C:\WINDOWS\system32\bdqggc.dll
2008-04-06 19:18:22 34816 --a------ C:\WINDOWS\system32\bgvbsk.dll
2008-04-06 19:18:20 30988 --a------ C:\WINDOWS\system32\gwjmxm.dll
2008-04-06 19:18:09 32256 --a------ C:\WINDOWS\system32\mxsmpy.dll
2008-04-06 19:17:54 35596 --a------ C:\WINDOWS\system32\elvcaf.dll
2008-04-06 19:17:43 30468 --a------ C:\WINDOWS\system32\xdxysp.dll
2008-04-06 19:17:37 35084 --a------ C:\WINDOWS\system32\ezcmvq.dll
2008-04-06 19:03:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-06 17:45:56 13996 --a------ C:\Privilege.dat
2008-04-06 15:31:46 16384 --a------ C:\WINDOWS\system32\serv.exe
2008-04-06 15:31:46 28672 --a------ C:\WINDOWS\system32\runlog.dll
2008-04-06 15:31:33 7027 --a------ C:\WINDOWS\system32\ttNNBNNB1047.dll
2008-04-06 15:31:32 10012 ---hs---- C:\WINDOWS\system32\zfdzb.dll
2008-04-06 15:31:29 11967 --a------ C:\WINDOWS\system32\ttNNBNNB1047.exe
2008-04-06 15:31:23 7266 --a------ C:\WINDOWS\system32\txWWQWWQ1006.dll
2008-04-06 15:31:17 7699 --a------ C:\WINDOWS\system32\aySADSAD1032.dll
2008-04-06 15:31:16 12206 --a------ C:\WINDOWS\system32\txWWQWWQ1006.exe
2008-04-06 15:31:14 7583 --a------ C:\WINDOWS\system32\ayDABDAB1056.dll
2008-04-06 15:31:12 12603 --a------ C:\WINDOWS\system32\aySADSAD1032.exe
2008-04-06 15:31:08 12487 --a------ C:\WINDOWS\system32\ayDABDAB1056.exe
2008-04-06 15:31:01 7809 --a------ C:\WINDOWS\system32\ttEZZEZZ1044.dll
2008-04-06 15:31:01 9442 ---hs---- C:\WINDOWS\system32\cqzs.dll
2008-04-06 15:30:55 12749 --a------ C:\WINDOWS\system32\ttEZZEZZ1044.exe
2008-04-06 15:30:54 7268 --a------ C:\WINDOWS\system32\ayKAFKAF1057.dll
2008-04-06 15:30:47 12168 --a------ C:\WINDOWS\system32\ayKAFKAF1057.exe
2008-04-06 15:30:43 7209 ---hs---- C:\WINDOWS\system32\zdbdb.dll
2008-04-06 15:30:42 9724 ---hs---- C:\WINDOWS\system32\kiluw.dll
2008-04-06 15:30:39 17408 --a------ C:\WINDOWS\system32\vmvreg32.dll
2008-04-06 15:30:37 7755 --a------ C:\WINDOWS\system32\ayBAIBAI1054.dll
2008-04-06 15:30:36 12659 --a------ C:\WINDOWS\system32\ayBAIBAI1054.exe
2008-04-06 15:30:32 7232 --a------ C:\WINDOWS\system32\ayFKKFKK1055.dll
2008-04-06 15:30:31 12136 --a------ C:\WINDOWS\system32\ayFKKFKK1055.exe
2008-04-06 15:30:25 8478 --a------ C:\WINDOWS\system32\ayJHVJHV1015.dll
2008-04-06 15:30:24 13374 --a------ C:\WINDOWS\system32\ayJHVJHV1015.exe
2008-04-06 15:30:23 7205 --a------ C:\WINDOWS\system32\ayHADHAD1058.dll
2008-04-06 15:30:22 12101 --a------ C:\WINDOWS\system32\ayHADHAD1058.exe
2008-04-06 15:30:20 11706 --a------ C:\WINDOWS\system32\ttVUFVUF1011.exe
2008-04-06 15:30:20 6802 --a------ C:\WINDOWS\system32\ttVUFVUF1011.dll
2008-04-06 15:30:19 0 d--hs---- C:\WINDOWS\system32\Cache
2008-04-06 15:17:19 30839 --a------ C:\WINDOWS\system32\22.exe
2008-04-06 15:17:09 15535 ---hs---- C:\WINDOWS\system32\jyjlt.dll
2008-04-06 15:14:53 29613 --a------ C:\WINDOWS\system32\14.exe
2008-04-06 15:14:45 15013 ---hs---- C:\WINDOWS\system32\crugd.dll
2008-04-06 15:14:37 28932 --a------ C:\WINDOWS\system32\mfchlp32.dll
2008-04-06 15:14:37 16680 --a------ C:\WINDOWS\mfchlp32.exe
2008-04-06 15:14:36 34572 --a------ C:\WINDOWS\system32\cmdbcs.dll
2008-04-06 15:14:36 19748 --a------ C:\WINDOWS\cmdbcs.exe
2008-04-06 15:14:30 8320 --a------ C:\WINDOWS\system32\mseion.sys
2008-04-06 15:14:29 15418 ---hs---- C:\WINDOWS\system32\xjxr.dll
2008-04-06 15:14:27 30468 --a------ C:\WINDOWS\system32\fmsbbqi.dll
2008-04-06 15:14:27 17264 --a------ C:\WINDOWS\fmsbbqi.exe
2008-04-06 15:14:25 36620 --a------ C:\WINDOWS\system32\WSockDrv32.dll
2008-04-06 15:14:25 13075 --a------ C:\WINDOWS\system32\ayWWQWWQ1004.exe
2008-04-06 15:14:25 8175 --a------ C:\WINDOWS\system32\ayWWQWWQ1004.dll
2008-04-06 15:14:25 7219 --a------ C:\WINDOWS\system32\ayHADHAD1053.dll
2008-04-06 15:14:24 12115 --a------ C:\WINDOWS\system32\ayHADHAD1053.exe
2008-04-06 15:14:23 49250 --ahs---- C:\WINDOWS\684745MM.DLL
2008-04-06 15:14:20 34060 --a------ C:\WINDOWS\system32\tlvgthxb.dll
2008-04-06 15:14:20 19660 --a------ C:\WINDOWS\hvghubhl.exe
2008-04-06 15:14:17 34816 --a------ C:\WINDOWS\system32\MsIMMs32.dll
2008-04-06 15:14:17 19686 --a------ C:\WINDOWS\MsIMMs32.exE
2008-04-06 15:14:16 30988 --a------ C:\WINDOWS\system32\PTSShell.dll
2008-04-06 15:14:16 18368 --a------ C:\WINDOWS\PTSShell.exe
2008-04-06 15:14:15 35084 --a------ C:\WINDOWS\system32\Kvsc3.dll
2008-04-06 15:14:15 20256 --a------ C:\WINDOWS\Kvsc3.exE
2008-04-06 15:14:13 33548 --a------ C:\WINDOWS\system32\LotusHlp.dll
2008-04-06 15:14:13 19552 --a------ C:\WINDOWS\LotusHlp.exe
2008-04-06 15:14:12 12417 --a------ C:\WINDOWS\system32\txTQLTQL1037.exe
2008-04-06 15:14:12 7473 --a------ C:\WINDOWS\system32\txTQLTQL1037.dll
2008-04-06 15:14:11 32256 --a------ C:\WINDOWS\system32\DbgHlp32.dlL
2008-04-06 15:14:11 19360 --a------ C:\WINDOWS\DbgHlp32.exe
2008-04-06 15:14:09 12260 --a------ C:\WINDOWS\system32\ayQACQAC1030.exe
2008-04-06 15:14:09 7352 --a------ C:\WINDOWS\system32\ayQACQAC1030.dll
2008-04-06 15:14:09 7445 --a------ C:\WINDOWS\system32\ayCBDCBD1046.dll
2008-04-06 15:14:08 35596 --a------ C:\WINDOWS\system32\upxdnd.dll
2008-04-06 15:14:08 12349 --a------ C:\WINDOWS\system32\ayCBDCBD1046.exe
2008-04-06 15:14:06 11905 --a------ C:\WINDOWS\system32\ayNNBNNB1046.exe
2008-04-06 15:14:06 7005 --a------ C:\WINDOWS\system32\ayNNBNNB1046.dll
2008-04-06 15:14:05 13996 --a------ C:\WINDOWS\system32\DXDLG.EXE
2008-04-06 15:14:05 8423 --a------ C:\WINDOWS\system32\D3D9_64.DLL
2008-04-06 15:14:05 3816 --a------ C:\WINDOWS\system32\D3D9_32.DLL
2008-04-06 15:14:05 51 --a------ C:\WINDOWS\dxtmechk
2008-04-06 15:14:01 20293 --a------ C:\WINDOWS\system32\SysWoWa7.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-06 15:14:00 17348 --a------ C:\WINDOWS\tciocp32.exe
2008-04-06 15:14:00 30468 --a------ C:\WINDOWS\system32\tciocp32.dll
2008-04-06 15:13:54 35084 --a------ C:\WINDOWS\system32\AVPSrv.dll
2008-04-06 15:13:54 19948 --a------ C:\WINDOWS\AVPSrv.exE
2008-04-06 15:13:52 9155 --a------ C:\WINDOWS\system32\txPATPAT1029.dll
2008-04-06 15:13:51 14095 --a------ C:\WINDOWS\system32\txPATPAT1029.exe
2008-04-06 15:13:39 5632 --a------ C:\WINDOWS\system32\netsrv.dll
2008-04-06 15:13:38 7856 --a------ C:\WINDOWS\system32\explorer.exe
2008-04-06 15:13:31 1792 --a------ C:\WINDOWS\system32\drivers\pop.sys
2008-04-06 15:13:28 23717 --a------ C:\Program Files\ntuser.com
2008-04-06 08:23:49 36349 ---hs---- C:\renrou.exe
2008-04-06 01:56:15 36349 ---hs---- C:\WINDOWS\system32\renrou.exe
2008-04-06 01:55:59 210 --a------ C:\WINDOWS\MicroSoft.vbs
2008-04-06 01:55:59 58 --a------ C:\_uninsep.bat
2008-04-05 10:55:41 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-05 10:54:40 0 d-------- C:\Program Files\MSN Messenger
2008-04-03 17:46:26 0 d-------- C:\Marketing CoOrdinator (JCG 300331) - TODAY'S CAREER -Jurong_files
2008-04-02 19:42:24 7077888 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-04-02 19:42:22 1572864 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-03-19 21:45:26 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-19 17:09:26 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-19 17:07:37 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-03-19 17:07:37 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-19 17:07:37 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-19 17:07:36 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-19 17:07:36 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-19 17:07:36 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-19 01:41:25 16336 --a------ C:\sysalnl.exe
2008-03-19 01:41:22 16336 --a------ C:\sysbdrw.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-06 22:03:57 2942 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 18:41:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Metacafe
2008-04-06 17:43:10 0 d-------- C:\Program Files\Metacafe
2008-04-06 16:29:16 0 d-------- C:\Program Files\mIRC
2008-04-06 16:28:59 0 d-------- C:\Program Files\Warcraft III
2008-04-06 15:54:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-06 15:45:49 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-06 15:28:31 0 d-------- C:\Program Files\uTorrent
2008-04-06 15:14:43 0 d-------- C:\Program Files\Magic Video Studio
2008-04-06 15:14:42 0 d-------- C:\Program Files\FxFoto
2008-04-03 20:22:55 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2008-04-02 00:03:43 0 d-------- C:\Program Files\MediaCoder
2008-03-19 17:09:34 0 d-------- C:\Program Files\Ahead
2008-03-19 17:07:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-19 16:36:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-16 14:52:02 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-03 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-03-03 21:51:33 0 d-------- C:\Program Files\Common Files
2008-03-03 21:13:43 49168 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-03 21:13:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-03-03 16:12:47 0 d-------- C:\Program Files\Ulead Systems
2008-03-03 16:12:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 16:12:45 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-03 15:58:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-03-03 15:47:41 0 d-------- C:\Program Files\Common Files\InterVideo
2008-03-03 14:58:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-26 22:46:29 25 --a------ C:\WINDOWS\system32\sysogg.dll
2008-02-18 23:14:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2008-02-17 21:29:57 0 d-------- C:\Program Files\Picasa2
2008-02-16 19:17:47 47360 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-12 16:14:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\PSPDocMaker
2008-02-12 09:18:31 0 d-------- C:\Program Files\V One Multimedia
2008-02-07 06:45:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vso
2008-02-07 06:45:28 34 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.log
2008-02-07 06:45:25 47360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-07 06:45:25 1144 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
2008-02-07 06:45:25 7176 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
2008-02-07 06:45:25 81920 --a------ C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2008-02-02 21:31:40 4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-01 22:59:12 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2008-02-01 11:16:46 0 --a------ C:\WINDOWS\system32\Biport
2008-01-06 21:48:17 56 --a------ C:\WINDOWS\system32\S-1-5-21-78445852


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D29DCEE0-457B-45A2-A92D-741B95B7723B}]
04/06/2008 08:16 PM 44657 --ahs---- C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [01/26/2005 06:02 PM]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03/03/2007 02:12 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"AVPSrv"="C:\WINDOWS\AVPSrv.exE" [04/06/2008 08:15 PM]
"tciocp32"="C:\WINDOWS\tciocp32.exe" [04/06/2008 08:16 PM]
"DbgHlp32"="C:\WINDOWS\DbgHlp32.exe" [04/06/2008 08:16 PM]
"LotusHlp"="C:\WINDOWS\LotusHlp.exe" [04/06/2008 08:16 PM]
"Kvsc3"="C:\WINDOWS\Kvsc3.exE" [04/06/2008 08:16 PM]
"PTSShell"="C:\WINDOWS\PTSShell.exe" [04/06/2008 08:16 PM]
"MsIMMs32"="C:\WINDOWS\MsIMMs32.exE" [04/06/2008 08:16 PM]
"mhlvigmh"="C:\WINDOWS\hvghubhl.exe" [04/06/2008 08:16 PM]
"fmsbbqi"="C:\WINDOWS\fmsbbqi.exe" [04/06/2008 08:16 PM]
"WSockDrv32"="C:\WINDOWS\WSockDrv32.exe" [04/06/2008 08:16 PM]
"chiBsNiu"="C:\WINDOWS\system32\renrou.exe" [04/06/2008 08:16 PM]
"cmdbcs"="C:\WINDOWS\cmdbcs.exe" [04/06/2008 08:16 PM]
"mfchlp32"="C:\WINDOWS\mfchlp32.exe" [04/06/2008 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/25/2008 12:27 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/25/2006 02:31 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Planex Wireless Utility.lnk - C:\Program Files\Planex\Common\RaUI.exe [1/20/2008 8:51:41 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6a44982e-aad3-4bec-8f4b-c60b7a898341}"= C:\WINDOWS\system32\txPATPAT1029.dll [04/06/2008 08:15 PM 9155]
"{fb5dd009-c847-4b95-8376-6efc33745687}"= C:\WINDOWS\system32\ayNNBNNB1046.dll [04/06/2008 08:16 PM 7005]
"{7a170d6e-7afb-4596-8252-f6606c0c594e}"= C:\WINDOWS\system32\ayCBDCBD1046.dll [04/06/2008 08:16 PM 7445]
"{1b792ceb-5239-4ae0-bb8b-47ab9173c5d6}"= C:\WINDOWS\system32\ayQACQAC1030.dll [04/06/2008 08:16 PM 7352]
"{cc18ce29-ab41-490a-b07b-41345176e7dd}"= C:\WINDOWS\system32\txTQLTQL1037.dll [04/06/2008 08:16 PM 7473]
"{D29DCEE0-457B-45A2-A92D-741B95B7723B}"= C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys [04/06/2008 08:16 PM 44657]
"{2f180b82-163c-43ed-8b32-e0227dbef519}"= C:\WINDOWS\system32\ayHADHAD1053.dll [04/06/2008 08:16 PM 7219]
"{04931b05-1a40-4c3d-9eee-62b01f19f394}"= C:\WINDOWS\system32\ayWWQWWQ1004.dll [04/06/2008 08:16 PM 8175]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=msosmhfp00.dll,msosdohs00.dll SysWoWa7.dll,msosmnsf00.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OCRAWARE.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OCRAWARE.lnk
backup=C:\WINDOWS\pss\OCRAWARE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"gusvc"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Capture Device Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\renrou.exe
Explore\Command- F:\renrou.exe
Open\Command- F:\renrou.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55fd6e20-b208-11dc-b429-000ae64eba8f}]
AutoRun\command- F:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.dj8910.com
127.0.0.1 www.music100000.cn
127.0.0.1 www.keeppure.cn
127.0.0.1 qq.90356.com.cn
127.0.0.1 74.5460w.cn
127.0.0.1 www.qisihuisheng.net
127.0.0.1 xia.qisihuisheng.net
127.0.0.1 web.shijiediyi.net
127.0.0.1 tttt.591jx.com
127.0.0.1 picon.chinaren.com

129 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-06 22:56:36 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 511.48 MiB / 302.89 MiB
Pagefile Memory (total/avail): 1249.09 MiB / 969.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.55 GiB total, 26.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
H: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N - 74.56 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:

\\.\PHYSICALDRIVE1 - Brother DCP-115C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:猥orrent"
"C:\\Program Files\\Warcraft III\\yawle.exe"="C:\\Program Files\\Warcraft III\\yawle.exe:*:Enabled:yawle"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"
"C:\\Documents and Settings\\Administrator\\My Documents\\utorrent.exe"="C:\\Documents and Settings\\Administrator\\My Documents\\utorrent.exe:*:Enabled:猥orrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TECKON23-E22CCB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\TECKON23-E22CCB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=TECKON23-E22CCB
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
鈊象-明星三缺一2002 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IGS\明星三缺一2002\Uninst.isu"
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Photoshop Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
猥orrent --> "C:\Program Files\uTorrent\uninstall.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CCS64 V3.4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Computerbrains\CCS64 V3.4\Uninst.isu"
CDCheck --> "C:\Program Files\CDCheck\uninst.exe"
FxFoto by Triscape --> C:\Program Files\FxFoto\FxViewer.exe -U1
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HSP56 MR Drivers --> ptuninst.exe
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.7 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic Video Studio 8.0.10.25 --> "C:\Program Files\Magic Video Studio\unins000.exe"
MediaCoder 0.5.1 --> C:\Program Files\MediaCoder\uninst.exe
Metacafe --> C:\Program Files\Metacafe\uninstaller.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Movie Studio VCC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E940059-F081-4B45-A92A-B7D18D367FEB}\Setup.exe" -uninst
MP3 Converter Simple --> C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PCI GW-US54Mini2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PSXMemTool 1.19b (remove only) --> "C:\Program Files\PSXMemTool\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Triscape FxFoto --> C:\Program Files\FxFoto\FxViewer.exe -U1
Ulead iPhoto Express 1.1 --> C:\WINDOWS\ULEAD.DAT\ULuninst.exe /f:ipe11f.inf
Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
UltraISO Premium V8.65 --> "C:\Program Files\UltraISO\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Virtual Pool 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Interplay\Virtual Pool 3\Uninst.isu"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
YAWLE 0.5b --> C:\WINDOWS\iun6002.exe "C:\Program Files\Warcraft III\irunin.ini"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1889 / Success
Event Submitted/Written: 04/05/2008 10:56:08 AM
Event ID/Source: 12004 / usnjsvc
Event Description:
C:

Event Record #/Type1888 / Success
Event Submitted/Written: 04/05/2008 10:56:07 AM
Event ID/Source: 12001 / usnjsvc
Event Description:


Event Record #/Type1870 / Error
Event Submitted/Written: 04/04/2008 05:47:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02437300.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1869 / Error
Event Submitted/Written: 04/04/2008 05:19:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02437300.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1825 / Error
Event Submitted/Written: 04/01/2008 06:42:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02347300.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1904 / Warning
Event Submitted/Written: 04/06/2008 09:09:58 PM
Event ID/Source: 52 / Disk
Event Description:
The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.

Event Record #/Type1877 / Error
Event Submitted/Written: 04/06/2008 08:11:21 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000d1, parameter1 00000202, parameter2 000000ff, parameter3 00000001, parameter4 bf81a061.

Event Record #/Type1876 / Error
Event Submitted/Written: 04/06/2008 08:11:05 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ce, parameter1 f8baf4cc, parameter2 00000000, parameter3 f8baf4cc, parameter4 00000000.

Event Record #/Type1806 / Error
Event Submitted/Written: 04/06/2008 07:36:22 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AVG Anti-Spyware Driver
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type1805 / Error
Event Submitted/Written: 04/06/2008 07:36:22 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-06 22:56:36 ------------






Pls help me solve the problem thanks.

Wes

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 PM

Posted 13 April 2008 - 07:24 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image
_________________________

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 PM

Posted 16 April 2008 - 02:18 PM

Do you still need help?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 PM

Posted 20 April 2008 - 05:39 AM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users