Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Really Messed Up......


  • Please log in to reply
3 replies to this topic

#1 jenc

jenc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 09 April 2008 - 03:59 PM

Having lots of trouble...keys not working, freezing up,pop ups

please help :thumbsup:





Deckard's System Scanner v20071014.68
Run by friend on 2008-04-09 16:36:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-04-09 20:37:00 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-04-09 18:02:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as friend.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:21 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\friend\Desktop\dss.exe
C:\DOCUME~1\friend\Desktop\friend.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlazeConnect (231)597-0376
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {5D669F35-37CD-45F5-91D2-2C29BCC326BD} - C:\WINDOWS\system32\jkkHBTNF.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB} - C:\WINDOWS\system32\ddcYrQkK.dll (file missing)
O2 - BHO: {7860d564-8d32-474a-7b04-81529c1357ef} - {fe7531c9-2518-40b7-a474-23d8465d0687} - C:\WINDOWS\system32\byuihgri.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [00000e41] rundll32.exe "C:\WINDOWS\system32\qviyyyhp.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BM03333ddd] Rundll32.exe "C:\WINDOWS\system32\mlyakhbs.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm009OCUS
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161457371288
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207050899890
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jensglass.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.charter.net/files/charter/securitysuite/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O20 - Winlogon Notify: ddcYrQkK - ddcYrQkK.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

--
End of file - 9130 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\system32\migicons.exe,14
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\migicons.exe,13


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
R1 F-Secure HIPS - c:\program files\charter high-speed security suite\hips\fshs.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>

S3 BCM42RLY - c:\windows\system32\bcm42rly.sys (file missing)
S3 WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SysEnforce - c:\progra~1\trisna~1\ssi\sysenf~1.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 13:41:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-07 11:57:24 498 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 16:17:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-09 16:17:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-09 16:17:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-09 16:17:45 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-09 16:17:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-09 16:17:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-09 16:17:45 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-09 16:17:45 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-09 16:17:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-09 16:17:45 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-09 16:17:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-09 16:17:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 16:17:44 786432 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-04-09 16:17:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-09 15:39:22 0 d-------- C:\327882R2FWJFW
2008-04-09 13:44:46 0 d-------- C:\Program Files\QuickTime
2008-04-09 13:40:53 0 d-------- C:\Program Files\Apple Software Update
2008-04-09 13:40:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-09 07:26:46 0 d--hs---- C:\FOUND.005
2008-04-09 07:19:40 88640 -----n--- C:\WINDOWS\system32\bhrcrlmc.dll
2008-04-08 18:00:05 9 --a------ C:\WINDOWS\system32\00001ccf
2008-04-08 07:03:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-08 07:02:22 0 d-------- C:\Program Files\Common Files\iS3
2008-04-08 07:02:21 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-07 20:32:00 90176 --a------ C:\WINDOWS\system32\xxcysyme.dll
2008-04-07 20:29:16 85056 --a------ C:\WINDOWS\system32\jgsalscs.dll
2008-04-07 19:56:04 88128 --a------ C:\WINDOWS\system32\ywulqvri.dll
2008-04-07 15:05:54 0 d-------- C:\Program Files\Enigma Software Group
2008-04-07 12:08:54 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-04-07 12:08:43 0 d-------- C:\Program Files\Trisnap Technologies
2008-04-07 11:46:05 0 d-------- C:\Documents and Settings\friend\Application Data\AdwareAlert
2008-04-06 20:01:08 85056 --a------ C:\WINDOWS\system32\qviyyyhp.dll
2008-04-06 19:58:08 89664 --a------ C:\WINDOWS\system32\byuihgri.dll
2008-04-06 19:55:32 87104 --a------ C:\WINDOWS\system32\mlyakhbs.dll
2008-04-06 19:09:42 0 d--hs---- C:\FOUND.004
2008-04-06 14:00:56 0 d--hs---- C:\FOUND.003
2008-04-06 09:40:50 0 d-------- C:\KPCMS
2008-04-05 20:02:19 89664 --a------ C:\WINDOWS\system32\TVROBDYP.DLL
2008-04-05 19:56:19 87104 --a------ C:\WINDOWS\system32\TFDXTXGF.DLL
2008-04-04 19:58:46 90176 -----n--- C:\WINDOWS\system32\OYPTOMAK.DLL
2008-04-04 19:55:46 87104 -----n--- C:\WINDOWS\system32\eiccuuwg.dll
2008-04-04 07:11:34 0 d--hs---- C:\FOUND.002
2008-04-03 19:59:16 89152 -----n--- C:\WINDOWS\system32\mensfolv.dll
2008-04-03 19:56:15 88640 -----n--- C:\WINDOWS\system32\WIIDWHMB.DLL
2008-04-02 19:55:24 88128 -----n--- C:\WINDOWS\system32\vprtrrba.dll
2008-04-02 08:43:52 0 d--hs---- C:\FOUND.001
2008-04-01 19:57:21 90688 -----n--- C:\WINDOWS\system32\qbcvyyoe.dll
2008-04-01 18:56:46 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-04-01 18:56:46 51072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-04-01 12:33:23 0 d-------- C:\WINDOWS\pss
2008-04-01 10:59:07 0 d-------- C:\Documents and Settings\friend\Application Data\F-Secure
2008-04-01 10:41:08 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2008-04-01 10:41:04 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-01 10:40:47 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-01 08:48:25 0 d-------- C:\fsaua.data
2008-04-01 08:29:40 38400 --a------ C:\WINDOWS\system32\geBtUkki.dll
2008-04-01 08:09:38 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 07:58:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 07:34:14 38400 --a------ C:\WINDOWS\system32\fccyxxWq.dll
2008-03-31 23:42:55 38400 --a------ C:\WINDOWS\system32\awttsTkK.dll
2008-03-31 19:54:08 91712 --a------ C:\WINDOWS\system32\bcjtvkrn.dll
2008-03-31 15:27:49 0 d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 09:20:40 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-31 07:44:15 38400 --a------ C:\WINDOWS\system32\hgGwTkLb.dll
2008-03-31 07:42:48 0 d--hs---- C:\FOUND.000
2008-03-30 19:54:04 90176 --a------ C:\WINDOWS\system32\lqmnvceu.dll
2008-03-30 19:51:04 87104 -----n--- C:\WINDOWS\system32\yanioipv.dll
2008-03-30 07:48:03 372557 --ahs---- C:\WINDOWS\system32\FNTBHkkj.ini2
2008-03-30 07:47:59 268288 -----n--- C:\WINDOWS\system32\jkkHBTNF.dll
2008-03-27 17:55:43 0 d-------- C:\Documents and Settings\friend\Application Data\MySpace
2008-03-27 17:55:39 0 d-------- C:\Program Files\MySpace
2008-03-27 13:49:48 0 d-------- C:\Program Files\Common Files\Real
2008-03-27 13:49:47 0 d-------- C:\Documents and Settings\friend\Application Data\Real
2008-03-27 10:15:37 0 d-------- C:\Documents and Settings\friend\Application Data\FunWebProducts
2008-03-22 14:07:27 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-22 12:15:04 0 d-------- C:\Documents and Settings\friend\Application Data\Leadertech
2008-03-15 10:33:51 0 d-------- C:\Program Files\Disney


-- Find3M Report ---------------------------------------------------------------

2008-03-08 22:26:38 0 d-------- C:\Documents and Settings\friend\Application Data\Apple Computer
2008-03-08 21:08:10 31 --ah----- C:\WINDOWS\uccspecc.sys
2008-03-08 21:08:10 0 d-------- C:\Program Files\Coupons
2008-03-07 09:21:20 0 d-------- C:\Documents and Settings\friend\Application Data\Yahoo!
2008-03-06 21:05:32 0 d-------- C:\Program Files\Yahoo!
2008-03-02 12:42:04 0 d-------- C:\Documents and Settings\friend\Application Data\ArcSoft
2008-03-01 09:42:28 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-02-29 18:02:20 405 --a------ C:\WINDOWS\PowerReg.dat
2008-02-29 18:01:28 0 d-------- C:\Program Files\Hasbro Interactive
2008-02-29 17:52:56 0 d-------- C:\Program Files\Kodak
2008-02-29 17:36:56 942 --a------ C:\Documents and Settings\friend\Application Data\Hewlett-PackardHP PSC 1400 series1204323956_UI.log
2008-02-29 17:36:56 1160 --a------ C:\Documents and Settings\friend\Application Data\Hewlett-PackardHP PSC 1400 series1204323956_PROTOCOL.log
2008-02-29 17:36:56 212 --a------ C:\Documents and Settings\friend\Application Data\Hewlett-PackardHP PSC 1400 series1204323956_API.log
2008-02-29 17:27:40 0 d-------- C:\Documents and Settings\friend\Application Data\Image Zone Express
2008-02-29 17:27:14 0 d-------- C:\Documents and Settings\friend\Application Data\HP
2008-02-29 17:26:58 112886 --a------ C:\WINDOWS\hpoins07.dat
2008-02-29 17:25:34 0 d-------- C:\Program Files\Common Files\HP
2008-02-29 17:22:44 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D669F35-37CD-45F5-91D2-2C29BCC326BD}]
03/30/2008 07:48 AM 268288 --------- C:\WINDOWS\system32\jkkHBTNF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}]
C:\WINDOWS\system32\ddcYrQkK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe7531c9-2518-40b7-a474-23d8465d0687}]
04/06/2008 07:58 PM 89664 --a------ C:\WINDOWS\system32\byuihgri.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [02/13/2008 06:38 AM]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [02/13/2008 06:38 AM]
"00000e41"="C:\WINDOWS\system32\qviyyyhp.dll" [04/06/2008 08:01 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BM03333ddd"="C:\WINDOWS\system32\mlyakhbs.dll" [04/06/2008 07:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [3/10/2005 9:40:30 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}"= C:\WINDOWS\system32\ddcYrQkK.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYrQkK]
ddcYrQkK.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHBTNF

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^friend^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\friend\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00000e41]
rundll32.exe "C:\WINDOWS\system32\yanioipv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareAlarm]
C:\Program Files\MalwareAlarm\MalwareAlarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN User Services]
msnuserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvGraphicsInterface]
C:\DOCUME~1\friend\LOCALS~1\Temp\13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"KodakCCS"=2 (0x2)
"iPod Service"=3 (0x3)
"Iomega Activity Disk2"=2 (0x2)
"gusvc"=2 (0x2)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"FSAUA"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SoundMan"=SOUNDMAN.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb10.exe
"HP Component Manager"="C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\UPDCRL.EXE -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-04-09 16:47:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP1800+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 511.47 MiB / 238.7 MiB
Pagefile Memory (total/avail): 1250.58 MiB / 889.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.35 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 74.51 GiB total, 66.34 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Charter High-Speed Security Suite 7.03 v7.03 (F-Secure Corporation)
AV: Charter High-Speed Security Suite 7.03 v7.03 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\30.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\30.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\40.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\40.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\50.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\50.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\36.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\36.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\16.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\16.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\12.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\12.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\63.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\63.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\18.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\18.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\78.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\78.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\43.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\43.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\51.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\51.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\26.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\26.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\13.exe"="C:\\DOCUME~1\\friend\\LOCALS~1\\Temp\\13.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"="C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Disabled:Bejeweled2"
"F:\\World of Warcraft\\BackgroundDownloader.exe"="F:\\World of Warcraft\\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader"
"C:\\WINDOWS\\Desktop\\Online Services\\Temporary Internet Files\\Temporary Internet Files\\Content.IE5\\Q16JOVS5\\wowclient-downloader[1].exe"="C:\\WINDOWS\\Desktop\\Online Services\\Temporary Internet Files\\Temporary Internet Files\\Content.IE5\\Q16JOVS5\\wowclient-downloader[1].exe:*:Disabled:Blizzard Downloader"
"C:\\WINDOWS\\Desktop\\Online Services\\Temporary Internet Files\\Temporary Internet Files\\Content.IE5\\KHIF45MB\\wowclient-downloader[1].exe"="C:\\WINDOWS\\Desktop\\Online Services\\Temporary Internet Files\\Temporary Internet Files\\Content.IE5\\KHIF45MB\\wowclient-downloader[1].exe:*:Disabled:Blizzard Downloader"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Disabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Disabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\88.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\88.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\84.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\84.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\72.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\72.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\60.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\60.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\52.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\52.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\46.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\46.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\45.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\45.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\34.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\34.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\friend\\Local Settings\\Temp\\15.exe"="C:\\Documents and Settings\\friend\\Local Settings\\Temp\\15.exe:*:Disabled:@xpsp2res.dll,-22005"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Disabled:Starcraft"
"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"="C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\friend\Application Data
CLASSPATH=.;C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRIEND
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\friend
LOGONSERVER=\\FRIEND
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\friend\LOCALS~1\Temp
TMP=C:\DOCUME~1\friend\LOCALS~1\Temp
USERDOMAIN=FRIEND
USERNAME=friend
USERPROFILE=C:\Documents and Settings\friend
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

friend (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Type Manager --> C:\PROGRAM FILES\ADOBE TYPE MANAGER\ATMFM.EXE -U
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{885283DA-46D5-4F9A-85AA-45B421BB6077}\setup.exe"
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Charter High-Speed Security Suite --> "C:\Program Files\Charter High-Speed Security Suite\FSGUI\PostInstall.exe" /tUnInstall
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations --> C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\friend\Desktop\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_32dd3\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCI Audio Driver --> cmuninst.exe
PCI Modem Enumerator --> C:\PROGRAM FILES\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_1036&SUBSYS_026013E0\SETUP.EXE -U -CMODEM -BPCI -IVEN_14F1&DEV_1036&SUBSYS_026013E0
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4397 / Error
Event Submitted/Written: 04/09/2008 04:47:00 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
60 2008-04-09 16:46:59-04:00 friend FRIEND\friend F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\jkkHBTNF.dll.
Infection: Packed.Win32.Monder.gen

Event Record #/Type4396 / Error
Event Submitted/Written: 04/09/2008 04:46:28 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
59 2008-04-09 16:46:28-04:00 friend FRIEND\friend F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\jkkHBTNF.dll.
Infection: Packed.Win32.Monder.gen

Event Record #/Type4395 / Error
Event Submitted/Written: 04/09/2008 04:45:57 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
58 2008-04-09 16:45:57-04:00 friend FRIEND\friend F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\jkkHBTNF.dll.
Infection: Packed.Win32.Monder.gen

Event Record #/Type4394 / Error
Event Submitted/Written: 04/09/2008 04:45:54 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
57 2008-04-09 16:45:53-04:00 friend FRIEND\friend F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\bhrcrlmc.dll.
Infection: Packed.Win32.Monder.gen

Event Record #/Type4393 / Error
Event Submitted/Written: 04/09/2008 04:45:53 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
56 2008-04-09 16:45:53-04:00 friend FRIEND\friend F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\OYPTOMAK.DLL.
Infection: Packed.Win32.Monder.gen



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25776 / Error
Event Submitted/Written: 04/09/2008 04:21:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SysEnforce service failed to start due to the following error:
%%2

Event Record #/Type25772 / Error
Event Submitted/Written: 04/09/2008 04:19:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type25771 / Error
Event Submitted/Written: 04/09/2008 04:18:51 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK7
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Event Record #/Type25770 / Error
Event Submitted/Written: 04/09/2008 04:18:51 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type25769 / Error
Event Submitted/Written: 04/09/2008 04:18:51 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-09 16:47:25 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:36 AM

Posted 18 April 2008 - 02:23 AM

Hello Jenc and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 jenc

jenc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 18 April 2008 - 08:58 PM

First of all, thank you for taking the time. O.K. I think this is everything....



ComboFix 08-04-17.1 - friend 2008-04-18 21:20:02.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.207 [GMT -4:00]
Running from: C:\Documents and Settings\friend\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\friend\Application Data\FunWebProducts
C:\WINDOWS\BM03333ddd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\system32\awttsTkK.dll
C:\WINDOWS\system32\bhrcrlmc.dll
C:\WINDOWS\system32\eiccuuwg.dll
C:\WINDOWS\system32\fccyxxWq.dll
C:\WINDOWS\system32\geBtUkki.dll
C:\WINDOWS\system32\hgGwTkLb.dll
C:\WINDOWS\system32\jgsalscs.dll
C:\WINDOWS\system32\mensfolv.dll
C:\WINDOWS\system32\OYPTOMAK.DLL
C:\WINDOWS\system32\qbcvyyoe.dll
C:\WINDOWS\system32\TFDXTXGF.DLL
C:\WINDOWS\system32\TVROBDYP.DLL
C:\WINDOWS\system32\vprtrrba.dll
C:\WINDOWS\system32\WIIDWHMB.DLL
C:\WINDOWS\system32\ywulqvri.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-12 08:23 . 2008-04-12 08:23 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-04-10 09:34 . 2008-04-10 09:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-10 09:34 . 2008-04-10 09:34 <DIR> d-------- C:\Documents and Settings\friend\Application Data\Malwarebytes
2008-04-10 09:34 . 2008-04-10 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-10 09:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-10 09:27 . 2008-04-10 09:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-10 08:26 . 2008-04-10 08:26 <DIR> d--hs---- C:\FOUND.007
2008-04-10 08:12 . 2008-04-10 08:12 <DIR> d--hs---- C:\FOUND.006
2008-04-09 18:20 . 2008-04-09 18:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 18:20 . 2008-04-09 18:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 16:36 . 2008-04-09 16:36 <DIR> d-------- C:\Deckard
2008-04-09 16:17 . 2008-04-09 16:17 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-09 16:17 . 2006-10-21 12:56 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-09 16:17 . 2008-04-18 21:19 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 13:44 . 2008-04-09 13:44 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 13:40 . 2008-04-09 13:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-09 13:40 . 2008-04-09 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-09 07:26 . 2008-04-09 07:26 <DIR> d--hs---- C:\FOUND.005
2008-04-08 18:00 . 2008-04-08 18:00 9 --a------ C:\WINDOWS\SYSTEM32\00001ccf
2008-04-08 07:03 . 2008-04-08 07:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-08 07:02 . 2008-04-08 07:02 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-08 07:02 . 2008-04-08 07:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-07 20:32 . 2008-04-07 20:32 90,176 --a------ C:\WINDOWS\SYSTEM32\xxcysyme.dll
2008-04-07 15:05 . 2008-04-07 15:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 12:08 . 2008-04-07 12:08 <DIR> d-------- C:\Program Files\Trisnap Technologies
2008-04-07 12:08 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\SYSTEM32\mscomct2.ocx
2008-04-07 12:08 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\SYSTEM32\hasher.dll
2008-04-06 19:09 . 2008-04-06 19:09 <DIR> d--hs---- C:\FOUND.004
2008-04-06 14:00 . 2008-04-06 14:00 <DIR> d--hs---- C:\FOUND.003
2008-04-06 09:40 . 2008-04-06 09:40 <DIR> d-------- C:\KPCMS
2008-04-05 19:59 . 2008-04-06 19:59 1,581,746 ---hs---- C:\WINDOWS\SYSTEM32\omgrploe.ini
2008-04-04 20:01 . 2008-04-05 18:56 1,581,115 ---hs---- C:\WINDOWS\SYSTEM32\tcglecwo.ini
2008-04-04 07:11 . 2008-04-04 07:11 <DIR> d--hs---- C:\FOUND.002
2008-04-03 20:22 . 2005-02-01 13:02 24,616 --a------ C:\WINDOWS\SYSTEM32\KPD.xml
2008-04-03 20:22 . 2004-04-08 10:41 14,739 --a------ C:\WINDOWS\SYSTEM32\natural.tli
2008-04-03 20:22 . 2005-02-01 10:40 14,739 --a------ C:\WINDOWS\SYSTEM32\nat3_win.tli
2008-04-03 20:22 . 2004-06-28 15:57 14,739 --a------ C:\WINDOWS\SYSTEM32\nat3.tli
2008-04-03 20:22 . 2004-04-08 10:41 14,739 --a------ C:\WINDOWS\SYSTEM32\nat2.tli
2008-04-03 20:22 . 2004-04-08 10:41 14,739 --a------ C:\WINDOWS\SYSTEM32\enhanced.tli
2008-04-03 20:22 . 2005-02-01 10:40 14,739 --a------ C:\WINDOWS\SYSTEM32\enh3_win.tli
2008-04-03 20:22 . 2004-06-28 15:57 14,739 --a------ C:\WINDOWS\SYSTEM32\enh3.tli
2008-04-03 20:22 . 2004-06-08 14:58 14,739 --a------ C:\WINDOWS\SYSTEM32\enh2.tli
2008-04-03 20:22 . 2004-11-15 11:08 1,627 --a------ C:\WINDOWS\SYSTEM32\KPDIDs.xml
2008-04-03 19:56 . 2008-04-04 19:57 1,963,174 ---hs---- C:\WINDOWS\SYSTEM32\dhkvjfyr.ini
2008-04-02 19:58 . 2008-04-03 18:59 1,599,737 ---hs---- C:\WINDOWS\SYSTEM32\tpjlernd.ini
2008-04-02 08:43 . 2008-04-02 08:43 <DIR> d--hs---- C:\FOUND.001
2008-04-02 07:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-04-02 07:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-04-01 19:54 . 2008-04-02 19:55 1,609,048 ---hs---- C:\WINDOWS\SYSTEM32\dkiigwla.ini
2008-04-01 18:56 . 2008-04-01 19:09 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fsdfw.sys
2008-04-01 18:56 . 2008-04-01 19:09 30,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fsndis5.sys
2008-04-01 11:07 . 2008-04-01 19:12 268 --a------ C:\WINDOWS\SYSTEM32\CTSTATUS.FCS
2008-04-01 10:59 . 2008-04-01 10:59 <DIR> d-------- C:\Documents and Settings\friend\Application Data\F-Secure
2008-04-01 10:41 . 2008-04-01 10:41 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite
2008-04-01 10:41 . 2008-04-01 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-01 10:40 . 2008-04-01 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-01 08:48 . 2008-04-01 08:48 <DIR> d-------- C:\fsaua.data
2008-04-01 08:09 . 2008-04-01 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 07:58 . 2008-04-01 07:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 23:51 . 2008-03-31 23:51 1,399 --a------ C:\Uninstall.lnk
2008-03-31 15:27 . 2008-03-31 15:27 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 09:20 . 2008-03-31 09:20 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-31 07:42 . 2008-03-31 07:42 <DIR> d--hs---- C:\FOUND.000
2008-03-30 07:42 . 2008-03-30 07:42 38,912 --a------ C:\WINDOWS\SYSTEM32\ddcYrQkK.dll.bak
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d-------- C:\Program Files\MySpace
2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\friend\Application Data\MySpace
2008-03-27 17:23 . 2008-03-28 07:39 949 --a------ C:\WINDOWS\cdplayer.ini
2008-03-27 13:49 . 2008-03-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-25 09:59 . 2008-03-25 09:59 1,011,454 --a------ C:\attachments.zip
2008-03-23 10:07 . 2008-03-23 10:07 1,011,454 --a------ C:\camping 2007.zip
2008-03-22 14:07 . 2008-03-22 14:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-22 12:15 . 2008-03-22 12:15 <DIR> d-------- C:\Documents and Settings\friend\Application Data\Leadertech
2008-03-20 15:29 . 2008-03-20 15:29 868,808 --a------ C:\google earth.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 17:49 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2008-03-27 17:49 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-03-15 14:33 --------- d-----w C:\Program Files\Disney
2008-03-11 20:17 25,755,448 ----a-w C:\windows media player download.exe
2008-03-10 20:09 1,294,632 ----a-w C:\pay pal account.exe
2008-03-09 02:26 --------- d-----w C:\Documents and Settings\friend\Application Data\Apple Computer
2008-03-09 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-09 02:22 59,163,944 ----a-w C:\iTunesSetup.exe
2008-03-09 01:08 --------- d-----w C:\Program Files\Coupons
2008-03-07 13:21 --------- d-----w C:\Documents and Settings\friend\Application Data\Yahoo!
2008-03-07 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-07 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-03-07 01:05 --------- d-----w C:\Program Files\Yahoo!
2008-03-04 13:03 1,837,561 ----a-w C:\camping pictures 2007.zip
2008-03-02 16:42 --------- d-----w C:\Documents and Settings\friend\Application Data\ArcSoft
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-03-01 13:42 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-02-29 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TDK
2008-02-29 22:01 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-29 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-29 21:52 --------- d-----w C:\Program Files\Kodak
2008-02-29 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-29 21:27 --------- d-----w C:\Documents and Settings\friend\Application Data\Image Zone Express
2008-02-29 21:27 --------- d-----w C:\Documents and Settings\friend\Application Data\HP
2008-02-29 21:25 --------- d-----w C:\Program Files\Common Files\HP
2008-02-29 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-29 21:22 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll
2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll
2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll
2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe
2004-10-07 13:06 266 --sh--w C:\Program Files\desktop.ini
2004-10-07 13:06 11,079 ---h--w C:\Program Files\folder.htt
2000-12-12 15:17 100,432 ------w C:\Program Files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-25 22:36 8454656 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [2008-02-13 06:38 184800]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2008-02-13 06:38 741800]
"00000e41"="C:\WINDOWS\system32\qviyyyhp.dll" [ ]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2005-03-10 09:40:30 757760]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYrQkK]
ddcYrQkK.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^friend^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\friend\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00000e41]
C:\WINDOWS\system32\yanioipv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\launchpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2001-09-12 18:09 1134592 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2008-02-13 06:38 184800 C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-02-13 06:38 741800 C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2005-03-07 23:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareAlarm]
C:\Program Files\MalwareAlarm\MalwareAlarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN User Services]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvGraphicsInterface]
C:\DOCUME~1\friend\LOCALS~1\Temp\13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-04 20:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2004-08-04 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"KodakCCS"=2 (0x2)
"iPod Service"=3 (0x3)
"Iomega Activity Disk2"=2 (0x2)
"gusvc"=2 (0x2)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"FSAUA"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SoundMan"=SOUNDMAN.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb10.exe
"HP Component Manager"="C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-01 19:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2008-04-01 19:09]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-05-04 11:24]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2008-02-13 06:38]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12:00]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 06:38]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2008-02-13 06:38]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\UPDCRL.EXE -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 15:57:24 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.friendWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2008-04-09 17:41:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 21:35:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32ST.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMA32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMB32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FCH32.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSQH.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPC.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSGUIDLL.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSAUA\PROGRAM\FSAUA.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-04-18 21:39:54 - machine was rebooted [friend]
ComboFix-quarantined-files.txt 2008-04-19 01:39:40

Pre-Run: 70,669,303,808 bytes free
Post-Run: 70,635,913,216 bytes free
.
2008-04-13 02:17:26 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:35 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\friend\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlazeConnect (231)597-0376
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [00000e41] rundll32.exe "C:\WINDOWS\system32\qviyyyhp.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm009OCUS
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161457371288
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207050899890
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jensglass.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.charter.net/files/charter/securitysuite/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = blazeconnect.net
O20 - Winlogon Notify: ddcYrQkK - ddcYrQkK.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

--
End of file - 9174 bytes



Malwarebytes' Anti-Malware 1.11
Database version: 606

Scan type: Quick Scan
Objects scanned: 31558
Time elapsed: 14 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.11
Database version: 606

Scan type: Quick Scan
Objects scanned: 324
Time elapsed: 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



again, many thanks......

jen

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:36 AM

Posted 19 April 2008 - 05:02 AM

Hello Jenc,

Somehow you apparently managed to overlook this part of the ComboFix tutorial :

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.

For safety reasons, I"d advise you to do this before proceeding with the next step :thumbsup:

Could you upload some files please ?
Can you zip the folder C:\Qoobox using WinZip (or a similar program) to Qoobox.zip and upload the zipped file to :

http://www.bleepingcomputer.com/submit-malware.php?channel=9

How ? : 1. In the first window (Link to topic where this file was requested:) copy and past this link :http://www.bleepingcomputer.com/forums/t/140929/computer-really-messed-up/
2. In the second window (Browse to the file you want to submit: ) browse to the Qoobox.zip file

3. Click the Send file button
[/list] :blink:

Then let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/142164/infected-please-help/
Collect::[9]
C:\WINDOWS\SYSTEM32\xxcysyme.dll
File::
C:\WINDOWS\SYSTEM32\omgrploe.ini
C:\WINDOWS\SYSTEM32\tcglecwo.ini
C:\WINDOWS\SYSTEM32\dhkvjfyr.ini
C:\WINDOWS\SYSTEM32\tpjlernd.ini
C:\WINDOWS\SYSTEM32\dkiigwla.ini
C:\WINDOWS\SYSTEM32\ddcYrQkK.dll.bak
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00000e41"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYrQkK]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00000e41]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder

Edited by Thunder, 19 April 2008 - 05:02 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users