Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Spyware Warnings


  • Please log in to reply
1 reply to this topic

#1 maxima1

maxima1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 April 2008 - 04:24 PM

I get a little yellow triangle with an exclamation point at the bottom right of my screen, The virus has also hijacked my screnpic and has a fake warning taking up the entire screen. I have scanned with many different programs and nothing..please help!!
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: IntelŽ CeleronŽ CPU 2.66GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 502.8 MiB / 165.18 MiB
Pagefile Memory (total/avail): 1226.71 MiB / 787.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.37 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 44.96 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00FJA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1133129110\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1133129110\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\p2pnetwork.exe"="C:\\WINDOWS\\system32\\p2pnetwork.exe:*:Disabled:p2pnetwork"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1133129110\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1133129110\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\nicholas bouillon\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-PF68LBC21
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nicholas bouillon
LOGONSERVER=\\OWNER-PF68LBC21
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp
USERDOMAIN=OWNER-PF68LBC21
USERNAME=nicholas bouillon
USERPROFILE=C:\Documents and Settings\nicholas bouillon
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nicholas bouillon (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AOL Instant Messenger --> C:\Program Files\aim\uninstll.exe -LOG= C:\Program Files\aim\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Comcast Rhapsody --> C:\PROGRA~1\COMCAS~1\Unwise32.exe /A C:\PROGRA~1\COMCAS~1\INSTALL.LOG
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
eMachines Bay Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Garmin MapSource --> MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Garmin POI Loader --> MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
IntelŽ Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelŽ PRO Network Adapters and Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Web Components --> MsiExec.exe /I{002C9999-0000-0000-C000-000000000112}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mogul User Guide --> C:\Program Files\Mogul User Guide\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\nicholas bouillon\Application Data\Move Networks\ie_bin\Uninst.exe
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PoiEdit --> C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Qtrax 0.2beta (20080125) --> "C:\Program Files\Qtrax_20080125\Songbird-Uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Samsung Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}\Setup.exe" -l0x9
Samsung Multimedia Studio --> "C:\Program Files\Samsung\MultimediaStudio\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TaxACT 2005 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta05.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT New Jersey 2005 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unst05.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\NJ.log
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7975 / Error
Event Submitted/Written: 04/09/2008 09:01:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7964 / Error
Event Submitted/Written: 04/09/2008 04:44:52 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7952 / Error
Event Submitted/Written: 04/09/2008 03:41:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type7951 / Error
Event Submitted/Written: 04/09/2008 03:41:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7948 / Error
Event Submitted/Written: 04/08/2008 08:15:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x1000140a.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type925 / Error
Event Submitted/Written: 04/10/2008 04:44:25 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Imapi
PxHelp20
SASKUTIL

Event Record #/Type924 / Error
Event Submitted/Written: 04/10/2008 04:44:24 PM / 04/10/2008 04:44:25 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Pantech&Curitel Utility Service service failed to start due to the following error:
%%2

Event Record #/Type895 / Error
Event Submitted/Written: 04/10/2008 04:34:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Imapi
PxHelp20
SASKUTIL

Event Record #/Type894 / Error
Event Submitted/Written: 04/10/2008 04:34:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Pantech&Curitel Utility Service service failed to start due to the following error:
%%2

Event Record #/Type886 / Error
Event Submitted/Written: 04/10/2008 05:53:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-10 16:56:28 ------------

DSS.txt
Deckard's System Scanner v20071014.68
Run by nicholas bouillon on 2008-04-10 16:51:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-10 20:52:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as nicholas bouillon.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:05 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\qpolazux\qjkvylib.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\NICHOL~1\APPLIC~1\FNTS~1\mmc.exe
C:\WINDOWS\system32\mjetmnuz.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\nicholas bouillon\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\nicholas bouillon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0BAD4089-4721-4064-A1F7-E5DD75E51BAB} - (no file)
O2 - BHO: (no name) - {0F5BAC67-8163-4F53-AC94-61B2AA9F8424} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {16A0DB2D-8B9C-4CCA-A8CE-D28A9A10F24D} - C:\WINDOWS\system32\pmnlkjgG.dll (file missing)
O2 - BHO: (no name) - {320B6071-5157-43D4-B7AF-A6435A71DC18} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6cc00bcf-48ce-4a8c-bd1a-45be5998e1d6} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - C:\WINDOWS\system32\cbXPfCst.dll
O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - C:\WINDOWS\ejabmrof.dll
O2 - BHO: (no name) - {B2276046-4E4E-42E6-BF12-459BF93A978E} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {C606C195-E878-497F-B444-F46E03B3F49D} - C:\WINDOWS\system32\hgGxXRkI.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E0B6E3AF-F08A-4555-9B9D-3478DCB324AC} - (no file)
O2 - BHO: (no name) - {E372B477-98DF-458A-9DEC-BE94688E7F91} - C:\WINDOWS\system32\ddcDtTmK.dll (file missing)
O2 - BHO: (no name) - {E9719E7C-7ADD-4696-9174-E45B50CD4F08} - C:\WINDOWS\system32\ljJBqpoo.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [e000e16c] rundll32.exe "C:\WINDOWS\system32\cmqnmkif.dll",b
O4 - HKLM\..\Run: [ripsnuxq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ripsnuxq.dll"
O4 - HKLM\..\Run: [BMe333d2f0] Rundll32.exe "C:\WINDOWS\system32\plroexbh.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Qblhfr] "C:\Program Files\Common Files\S?mantec\chkntfs.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Usrr] "C:\DOCUME~1\NICHOL~1\APPLIC~1\FNTS~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [yxmeykqd] C:\WINDOWS\system32\mjetmnuz.exe
O4 - HKCU\..\Run: [llflltyf] C:\WINDOWS\system32\yzslyhqt.exe
O4 - HKCU\..\Run: [deagsxrp] C:\WINDOWS\system32\fgzqrwra.exe
O4 - HKCU\..\Run: [pdszxuql] C:\WINDOWS\system32\ongrenkd.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1CYsfu2YM] C:\Documents and Settings\All Users\Application Data\qpolazux\qjkvylib.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...190/mcfscan.cab
O20 - Winlogon Notify: cbXPfCst - C:\WINDOWS\SYSTEM32\cbXPfCst.dll
O20 - Winlogon Notify: opnklij - opnklij.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14377 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080409-211424-254 O2 - BHO: (no name) - {0BAD4089-4721-4064-A1F7-E5DD75E51BAB} - C:\WINDOWS\system32\awtrOHxY.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŽ (32-bit)>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>

S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing)
S1 nmntt - c:\windows\system32\drivers\nmntt.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 PciTest (WinMTA PCI Service) - c:\windows\system32\drivers\pcitest.sys <Not Verified; Intel Corporation; IntelŽ Modular Test Architecture>
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 TnIDriver - c:\docume~1\nichol~1\locals~1\temp\tni282.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Pantech&Curitel Utility Service - c:\program files\utstarcom\sprint\sprint pcs connection manager\pncutilityservice.exe (file missing)
S3 Netcom3 (NetCom3 Service) - c:\program files\netcom3 cleaner\pscmonitor.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMJLMS_XJ-HD166S__________________________DTS6____\5&1FE23717&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: JLMS XJ-HD166S
PNP Device ID: IDE\CDROMJLMS_XJ-HD166S__________________________DTS6____\5&1FE23717&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_LTR-48327S______________________PTS1____\5&1FE23717&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON LTR-48327S
PNP Device ID: IDE\CDROMLITE-ON_LTR-48327S______________________PTS1____\5&1FE23717&0&0.1.0
Service: cdrom


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 16:48:30 0 d-------- C:\WINDOWS\LastGood
2008-04-10 16:47:33 93248 --a------ C:\WINDOWS\system32\xlvtntrq.dll
2008-04-10 16:41:49 85056 --a------ C:\WINDOWS\system32\cmqnmkif.dll
2008-04-10 16:39:20 0 d-------- C:\5902cde2f1f7174087df
2008-04-10 16:39:19 3648 --a------ C:\WINDOWS\system32\hqxdhcds.dll
2008-04-10 16:39:11 88128 --a------ C:\WINDOWS\system32\plroexbh.dll
2008-04-10 16:38:25 358330 --ahs---- C:\WINDOWS\system32\IkRXxGgh.ini2
2008-04-10 16:38:10 272896 --a------ C:\WINDOWS\system32\hgGxXRkI.dll
2008-04-10 16:36:16 0 d-------- C:\Program Files\Outerinfo
2008-04-10 16:34:27 102400 --a------ C:\WINDOWS\system32\ongrenkd.exe
2008-04-09 21:10:22 0 d-------- C:\Program Files\Trend Micro
2008-04-09 20:54:20 0 d-------- C:\dat-5270.zip Current
2008-04-09 20:44:38 11264 --a------ C:\WINDOWS\stcloader.exe
2008-04-09 20:44:36 0 d-------- C:\Program Files\zango
2008-04-09 20:44:36 0 d-------- C:\Program Files\seekmo
2008-04-09 20:44:36 0 d-------- C:\Program Files\180searchassistant
2008-04-09 20:44:35 0 d-------- C:\Program Files\180solutions
2008-04-09 20:44:33 0 d-------- C:\WINDOWS\FLEOK
2008-04-09 20:24:07 22784 --a------ C:\WINDOWS\2020search2.dll
2008-04-09 20:24:06 28928 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-09 20:24:06 13568 --a------ C:\WINDOWS\2020search.dll
2008-04-09 20:24:04 28160 --a------ C:\WINDOWS\updatetc.exe
2008-04-09 15:40:57 3648 --a------ C:\WINDOWS\system32\yixubkua.dll
2008-04-08 19:32:28 3260 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 17:06:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-08 17:06:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-08 17:06:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-08 17:06:54 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-08 17:06:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-08 17:06:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-08 17:05:21 1306941 --a------ C:\SmitfraudFix.exe
2008-04-08 06:04:19 373969 --ahs---- C:\WINDOWS\system32\Ggjklnmp.ini2
2008-04-08 06:01:56 114688 --a------ C:\WINDOWS\system32\fgzqrwra.exe
2008-04-08 05:57:21 32512 --a------ C:\WINDOWS\mspphe.dll
2008-04-08 05:57:20 32512 --a------ C:\WINDOWS\bjam.dll
2008-04-07 18:58:38 0 d-------- C:\dat-5268
2008-04-07 18:11:52 15872 --a------ C:\WINDOWS\voiceip.dll
2008-04-07 18:11:49 13824 --a------ C:\WINDOWS\salm.exe
2008-04-07 18:11:48 8448 --a------ C:\WINDOWS\saiemod.dll
2008-04-07 17:09:21 28416 --a------ C:\WINDOWS\swin32.dll
2008-04-07 17:09:21 10240 --a------ C:\WINDOWS\cdsm32.dll
2008-04-07 17:09:21 12544 --a------ C:\WINDOWS\bokja.exe
2008-04-07 17:09:21 0 d-------- C:\Program Files\stc
2008-04-07 17:09:20 9984 --a------ C:\WINDOWS\mssvr.exe
2008-04-07 17:09:18 0 d-------- C:\Program Files\180search assistant
2008-04-07 17:09:17 25088 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-07 17:09:17 28672 --a------ C:\WINDOWS\180ax.exe
2008-04-07 17:09:14 31744 --a------ C:\WINDOWS\msapasrc.dll
2008-04-07 17:07:13 12800 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-07 17:07:13 16640 --a------ C:\WINDOWS\msa64chk.dll
2008-04-07 17:07:12 15104 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-07 17:07:12 17920 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-07 17:07:11 20224 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 17:07:11 30976 --a------ C:\WINDOWS\shdocpl.dll
2008-04-07 17:07:11 21248 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 17:07:10 14592 --a------ C:\WINDOWS\winsb.dll
2008-04-07 17:07:10 12544 --a------ C:\WINDOWS\shdocpe.dll
2008-04-07 17:07:10 19200 --a------ C:\WINDOWS\browserad.dll
2008-04-07 17:07:09 18688 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-07 17:07:09 24832 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-07 17:07:09 28416 --a------ C:\WINDOWS\avifile32.dll
2008-04-07 17:07:09 22272 --a------ C:\WINDOWS\autodisc32.dll
2008-04-07 17:07:09 29440 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-07 17:07:09 21760 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-07 17:07:08 24064 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-07 17:07:08 29440 --a------ C:\WINDOWS\athprxy32.dll
2008-04-07 17:07:08 19968 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-07 17:07:08 8448 --a------ C:\WINDOWS\asferror32.dll
2008-04-07 17:07:08 24320 --a------ C:\WINDOWS\apphelp32.dll
2008-04-07 17:07:07 17408 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-07 16:48:04 349163 --ahs---- C:\WINDOWS\system32\KmTtDcdd.ini2
2008-04-07 16:46:12 102400 --a------ C:\WINDOWS\system32\yzslyhqt.exe
2008-04-06 19:58:40 273548 --ahs---- C:\WINDOWS\system32\oopqBJjl.ini2
2008-04-06 15:30:36 0 d-------- C:\Program Files\Sysmnt
2008-04-06 15:24:51 273583 --ahs---- C:\WINDOWS\system32\YxHOrtwa.ini2
2008-04-06 15:22:35 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-06 15:22:35 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-06 15:22:35 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-06 15:22:34 4096 --a------ C:\WINDOWS\a.bat
2008-04-06 15:22:34 0 d-------- C:\Documents and Settings\nicholas bouillon\Desktopvirii
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-06 15:22:33 0 d-------- C:\WINDOWS\system32smp
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-06 15:22:33 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-06 15:22:32 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-06 15:22:32 4096 --a------ C:\Documents and Settings\nicholas bouillon\Desktopfilemanagerclient.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-06 15:22:31 4096 --a------ C:\WINDOWS\bdn.com
2008-04-06 15:22:31 4096 --a------ C:\Documents and Settings\nicholas bouillon\DesktopFWebdEditor.exe
2008-04-06 15:22:31 4096 --a------ C:\Documents and Settings\nicholas bouillon\Desktopfwebd.exe
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-06 15:22:30 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-06 15:21:48 0 d-------- C:\Documents and Settings\All Users\Application Data\qpolazux
2008-04-06 15:21:46 114688 --a------ C:\WINDOWS\system32\mjetmnuz.exe
2008-04-06 15:21:12 0 d-------- C:\WINDOWS\uprjiefj
2008-04-06 15:21:10 182784 --a------ C:\WINDOWS\fslmpknk.dll
2008-04-06 15:20:54 67584 --a------ C:\Documents and Settings\All Users\Application Data\ripsnuxq.dll
2008-04-06 15:20:49 67584 --a------ C:\WINDOWS\ejabmrof.dll
2008-04-06 15:20:46 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\?ystem
2008-04-06 15:19:52 0 d-------- C:\Program Files\Bat
2008-04-06 15:19:17 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-06 15:19:04 36352 --a------ C:\WINDOWS\system32\cbXPfCst.dll
2008-04-05 01:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-04-04 12:26:00 229527 --a------ C:\WINDOWS\system32\000080.exe
2008-03-27 10:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 21:25:45 0 d-------- C:\Program Files\Lavasoft
2008-03-25 21:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-25 21:25:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 18:34:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-25 18:34:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-25 18:34:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-25 18:34:45 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-25 18:34:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-25 18:34:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-25 18:34:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-25 18:34:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-25 18:34:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-25 18:34:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-03-25 18:34:44 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-25 18:34:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-25 18:34:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-25 18:34:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-25 18:34:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-25 18:34:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-25 18:34:44 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-25 18:34:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-25 18:34:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-21 19:14:29 293319 --ahs---- C:\WINDOWS\system32\adeeg.ini2
2008-03-21 19:09:23 0 d-------- C:\WINDOWS\system32\aqVreo01


-- Find3M Report ---------------------------------------------------------------

2008-04-10 16:37:07 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\ComcastToolbar
2008-04-10 16:35:08 0 d-------- C:\Program Files\Common Files\S?mantec
2008-04-06 19:07:00 0 d-------- C:\Program Files\Common Files
2008-04-06 15:20:46 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\?ystem
2008-04-06 15:19:38 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\F?nts
2008-03-27 11:14:23 0 d-------- C:\Program Files\Messenger
2008-03-26 14:09:52 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\Real
2008-03-03 18:01:11 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\SUPERAntiSpyware.com
2008-03-03 18:00:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-02 20:29:31 255128 --ahs---- C:\WINDOWS\system32\yyadd.ini2
2008-03-02 16:22:03 87040 --a------ C:\WINDOWS\e01.exe
2008-03-02 16:21:58 22016 --a------ C:\WINDOWS\e00.exe
2008-03-02 16:21:49 23040 --a------ C:\YkET.exe
2008-03-02 14:43:03 0 d-------- C:\Program Files\Yahoo!
2008-03-02 14:18:59 0 d-------- C:\Program Files\CONEXANT
2008-03-02 14:10:52 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-01 12:58:54 0 d-------- C:\Program Files\Qtrax_20080125
2008-02-25 22:08:16 0 d-------- C:\Documents and Settings\nicholas bouillon\Application Data\BearShare
2008-02-25 06:59:50 0 d-------- C:\Program Files\AIM6
2008-02-25 06:59:17 0 d-------- C:\Program Files\Viewpoint
2008-02-19 19:01:18 4 --a------ C:\WINDOWS\system32\73F74C
2008-02-19 19:01:17 0 d-------- C:\Program Files\Comcast Rhapsody
2008-02-19 18:59:34 0 d-------- C:\Program Files\Real
2008-02-16 16:21:51 5120 --a------ C:\WINDOWS\rictions.dll
2008-02-16 16:21:50 5120 --a------ C:\info.exe
2008-01-29 17:01:48 2528 --a------ C:\Documents and Settings\nicholas bouillon\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BAD4089-4721-4064-A1F7-E5DD75E51BAB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5BAC67-8163-4F53-AC94-61B2AA9F8424}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16A0DB2D-8B9C-4CCA-A8CE-D28A9A10F24D}]
C:\WINDOWS\system32\pmnlkjgG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{320B6071-5157-43D4-B7AF-A6435A71DC18}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc00bcf-48ce-4a8c-bd1a-45be5998e1d6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8EEB996-62AA-4E48-995D-EADDCAC47476}]
04/06/2008 03:19 PM 36352 --a------ C:\WINDOWS\system32\cbXPfCst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1f03258-1dd1-11b2-844a-d95ac99666f6}]
04/06/2008 03:20 PM 67584 --a------ C:\WINDOWS\ejabmrof.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2276046-4E4E-42E6-BF12-459BF93A978E}]
C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C606C195-E878-497F-B444-F46E03B3F49D}]
04/10/2008 04:38 PM 272896 --a------ C:\WINDOWS\system32\hgGxXRkI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B6E3AF-F08A-4555-9B9D-3478DCB324AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E372B477-98DF-458A-9DEC-BE94688E7F91}]
C:\WINDOWS\system32\ddcDtTmK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9719E7C-7ADD-4696-9174-E45B50CD4F08}]
C:\WINDOWS\system32\ljJBqpoo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [03/12/2004 08:18 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 07:42 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/10/2004 01:07 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 01:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/18/2006 12:45 AM]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [06/23/2005 03:35 PM]
"e000e16c"="C:\WINDOWS\system32\cmqnmkif.dll" [04/10/2008 04:41 PM]
"ripsnuxq"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\ripsnuxq.dll" []
"BMe333d2f0"="C:\WINDOWS\system32\plroexbh.dll" [04/10/2008 04:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"Qblhfr"="C:\Program Files\Common Files\S?mantec\chkntfs.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Usrr"="C:\DOCUME~1\NICHOL~1\APPLIC~1\FNTS~1\mmc.exe" [04/06/2008 03:19 PM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"Microsoft Windows Installer"="C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp\ie.exe" []
"yxmeykqd"="C:\WINDOWS\system32\mjetmnuz.exe" [04/06/2008 03:21 PM]
"llflltyf"="C:\WINDOWS\system32\yzslyhqt.exe" [04/07/2008 04:46 PM]
"deagsxrp"="C:\WINDOWS\system32\fgzqrwra.exe" [04/08/2008 06:01 AM]
"pdszxuql"="C:\WINDOWS\system32\ongrenkd.exe" [04/10/2008 04:34 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/1/2004 2:09:15 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/23/2006 2:28:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"g1CYsfu2YM"=C:\Documents and Settings\All Users\Application Data\qpolazux\qjkvylib.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A8EEB996-62AA-4E48-995D-EADDCAC47476}"= C:\WINDOWS\system32\cbXPfCst.dll [04/06/2008 03:19 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"
"System"=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPfCst]
cbXPfCst.dll 04/06/2008 03:19 PM 36352 C:\WINDOWS\system32\cbXPfCst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklij]
opnklij.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGxXRkI

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8116 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-10 16:56:28 ------------

Edit: Fix spelling for legibility. ~ OB

Edited by Orange Blossom, 10 April 2008 - 07:57 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:29 PM

Posted 15 April 2008 - 04:22 AM

Hello Maxima1 and welcome to BleepingComputer,

This one does look quite messy :thumbsup:

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :blink:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users