Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Hijackthis Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 zwhitlock

zwhitlock

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brooklyn
  • Local time:05:16 PM

Posted 30 April 2008 - 07:44 PM

HI. I am new and unsure of if this is the proper way to go about posting. I am having a very big problem with my computer. I noticed yesterday that my desktop icons were missing. Then while trying to figure out the problem (which I suspected was a virus or trojan) I realized I cannot access the task manager, or any document files, C: drive, or My Computer. I can, in fact, only access RUN and execute some things from there, and programs from the start menu. Also taskbar items.

I tried all sorts of things, including using CleanUp! program, running Spyware terminator, running Trend Micro online scan, as well as a few other spyware/anti-virus softwares but I could not solve the problem.

Now I have downloaded this hijackthis software and did the scan and saved a log as my user name. I don't know what else to do, so can someone please help me??

Thank you so much!!

Attached Files



BC AdBot (Login to Remove)

 


#2 zwhitlock

zwhitlock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brooklyn
  • Local time:05:16 PM

Posted 30 April 2008 - 08:02 PM

OH, I downloaded the DDS thing too, now. So here are the logs from that...


Deckard's System Scanner v20071014.68
Run by Anthony-Baba on 2008-04-30 20:55:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
105: 2008-05-01 00:56:08 UTC - RP410 - Deckard's System Scanner Restore Point
104: 2008-05-01 00:06:36 UTC - RP409 - Software Distribution Service 3.0
103: 2008-04-30 23:59:41 UTC - RP408 - Installed Windows XP KB885836.
102: 2008-04-30 21:46:18 UTC - RP407 - Software Distribution Service 3.0
101: 2008-04-30 21:16:09 UTC - RP406 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-29 12:57:32 UTC - RP306 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Anthony-Baba.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:44 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anthony-Baba\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anthony-Baba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B9CD57-3043-442F-8DFF-F9924AF056BD} - C:\WINDOWS\system32\opnlKAro.dll (file missing)
O2 - BHO: (no name) - {27879976-5DEC-42C8-888D-065EB285D2E7} - C:\WINDOWS\system32\qoMEvWOF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{44AD4D11-09DF-1033-0103-060416200001}] "C:\Program Files\Common Files\{44AD4D11-09DF-1033-0103-060416200001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{44AD4D11-09DF-1033-0103-060416200001}] "C:\Program Files\Common Files\{44AD4D11-09DF-1033-0103-060416200001}\Update.exe" mc-110-12-0000140 (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Anthony-Baba\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavin...aderControl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...993/mcfscan.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnlKAro - opnlKAro.dll (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 13013 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys <Not Verified; Dolphin, Inc.; Dolphin Keyboard Filter>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
S1 OMCI - c:\windows\system32\drivers\omci.sys (file missing)
S2 CoachCap (Concord Eye-Q Go LCD USB Video Capture V1.01) - c:\windows\system32\drivers\coachcap.sys <Not Verified; Zoran Microelectronics Ltd.; Zoran COACH>
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 KProcWatch - c:\windows\system32\drivers\kprocwatch.sys
S4 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 sp_clamsrv (Spyware Terminator Clam Service) - "c:\program files\winclamavshield\sp_clamsrv.exe" <Not Verified; Crawler.com; Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-30 17:46:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 20:10:24 0 d-------- C:\Program Files\Trend Micro
2008-04-30 20:01:07 0 d-------- C:\Program Files\Panda Security
2008-04-30 19:59:03 0 d-------- C:\WINDOWS\LastGood
2008-04-30 18:26:28 0 d-------- C:\Documents and Settings\Anthony-Baba\.housecall6.6
2008-04-30 17:38:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-04-30 17:23:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-30 17:20:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-30 17:20:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-30 17:20:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-30 17:20:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-30 17:20:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-30 17:20:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-30 17:20:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-30 17:20:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-30 17:20:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-30 17:20:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-30 17:20:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-30 17:20:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-30 17:20:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 17:19:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-30 17:14:04 8576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys
2008-04-30 17:14:04 0 d-------- C:\Program Files\HiddenFinder
2008-04-30 14:19:40 0 d-------- C:\RootkitNO
2008-04-30 14:18:43 30946 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-04-30 14:18:42 25088 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite, UnHackMe>
2008-04-30 14:18:30 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2008-04-30 13:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 13:52:56 0 d-------- C:\Program Files\Windows Defender
2008-04-30 13:52:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 13:52:01 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\SUPERAntiSpyware.com
2008-04-30 13:49:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 13:38:24 0 d-------- C:\WatchNow
2008-04-30 12:18:04 0 d-------- C:\Program Files\PC-Cleaner
2008-04-29 21:08:45 0 d-------- C:\Documents and Settings\All Users\Application Data\dahpztyp
2008-04-29 14:50:10 0 d-------- C:\WINDOWS\system32\382077
2008-04-29 08:57:13 425555 --ahs---- C:\WINDOWS\system32\FOWvEMoq.ini2
2008-04-29 08:50:09 0 d-------- C:\Documents and Settings\All Users\Application Data\pajazexu
2008-04-28 01:04:39 0 d-------- C:\WINDOWS\WatchNow
2008-04-27 22:26:21 0 d-------- C:\Documents and Settings\Aww Shucks Shy lolsz\Contacts
2008-04-23 14:11:52 0 d-------- C:\thumbs
2008-04-23 04:29:30 0 d-------- C:\Directory
2008-04-23 04:28:17 0 d-------- C:\Program Files\Veoh Networks
2008-04-21 03:34:24 0 d-------- C:\Program Files\Webteh
2008-04-21 03:34:24 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\BSplayer
2008-04-21 03:34:24 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\BSplayer Pro
2008-04-21 00:57:26 0 d-------- C:\Program Files\Gabest
2008-04-20 20:11:55 0 d-------- C:\Documents and Settings\Aww Shucks Shy lolsz\Program Files
2008-04-20 20:11:50 0 d-------- C:\Documents and Settings\Aww Shucks Shy lolsz\Application Data\BitTorrent
2008-04-18 15:19:55 0 d-------- C:\Documents and Settings\tiny\C
2008-04-16 19:40:36 0 d-------- C:\Documents and Settings\tiny\Application Data\Yahoo!
2008-04-12 20:58:48 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\SecondLife
2008-04-09 22:21:39 0 d-------- C:\Documents and Settings\Azi_2\Application Data\SecondLife
2008-04-09 09:28:07 0 d-------- C:\Program Files\SecondLife
2008-04-08 15:03:26 0 d-------- C:\WINDOWS\Prefetch
2008-04-08 14:50:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 14:47:57 0 d-------- C:\WINDOWS\EHome
2008-04-08 04:57:32 0 d-------- C:\Program Files\DNA
2008-04-08 04:57:32 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\DNA
2008-04-05 20:29:37 0 d-------- C:\Documents and Settings\tiny\Application Data\MySpace
2008-04-05 20:25:33 0 d-------- C:\Documents and Settings\tiny\Application Data\Diino


-- Find3M Report ---------------------------------------------------------------

2008-04-30 20:05:40 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\OpenOffice.org2
2008-04-30 20:01:10 2101 --a----c- C:\WINDOWS\mozver.dat
2008-04-30 18:20:48 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\LimeWire
2008-04-30 17:26:37 0 d-------- C:\Program Files\W?nSxS
2008-04-30 13:49:02 0 d-------- C:\Program Files\Common Files
2008-04-30 13:38:24 0 d-------- C:\Program Files\Spyware Terminator
2008-04-30 13:28:32 0 d-------- C:\Program Files\WinClamAVShield
2008-04-30 13:28:26 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\Spyware Terminator
2008-04-30 09:50:33 7168 --ahs---- C:\Program Files\Thumbs.db
2008-04-27 16:54:10 0 d-------- C:\Program Files\NCH Software
2008-04-27 10:40:01 5018 --a------ C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-27 10:39:55 168 -r-hs---- C:\WINDOWS\system32\EAC684886A.sys
2008-04-26 08:33:48 304182 --a------ C:\StiImg.dat
2008-04-24 09:58:54 0 d-------- C:\Program Files\Java
2008-04-23 04:29:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 11:09:28 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\IMVU
2008-04-13 10:36:41 0 d-------- C:\Program Files\IMVU
2008-04-08 15:47:39 0 d-------- C:\Program Files\Windows NT
2008-04-08 14:53:34 0 d-------- C:\Program Files\Messenger
2008-04-07 17:00:08 0 d-------- C:\Program Files\DivX
2008-04-07 16:59:15 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-07 16:56:43 0 d-------- C:\Program Files\Oberon Media
2008-04-07 16:44:29 0 d-------- C:\Program Files\Paint.NET
2008-04-07 16:40:45 0 d-------- C:\Program Files\The Rosetta Stone
2008-04-07 16:40:33 0 d-------- C:\Program Files\The Rosetta Stone v2.0.8.1
2008-04-07 16:39:14 0 d-------- C:\Program Files\Viewpoint
2008-04-07 16:38:18 0 d-------- C:\Program Files\Yahoo!
2008-03-25 16:37:09 0 d-------- C:\Program Files\MSECache
2008-03-25 16:27:52 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\OfficeUpdate12
2008-03-25 10:49:28 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-03-25 10:23:15 0 d-------- C:\Program Files\Alcohol Soft
2008-03-22 13:55:22 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\Diino
2008-03-21 11:28:04 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\Adobe
2008-03-21 11:27:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-20 00:48:41 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\Yahoo!
2008-03-18 15:41:08 0 d-------- C:\Program Files\Online Services
2008-03-17 14:49:26 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-03-17 11:45:34 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-11 14:28:58 0 d-------- C:\Documents and Settings\Anthony-Baba\Application Data\AVSMedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B9CD57-3043-442F-8DFF-F9924AF056BD}]
C:\WINDOWS\system32\opnlKAro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27879976-5DEC-42C8-888D-065EB285D2E7}]
C:\WINDOWS\system32\qoMEvWOF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 06:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 06:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 06:23 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 07:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [02/28/2008 05:57 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/06/2007 08:51 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/20/2007 04:25 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [03/20/2008 12:39 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/11/2008 01:44 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [09/17/2007 03:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"p2p networking"=p2pnetworking.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Anthony-Baba\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 5:54:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/3/2007 11:10:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=0 (0x0)
"NoDispCPL"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoMultiIE"=0 (0x0)
"LWA"=0 (0x0)
"LWB"=0 (0x0)
"LWC"=0 (0x0)
"LWD"=0 (0x0)
"LWE"=0 (0x0)
"LWF"=0 (0x0)
"LWG"=0 (0x0)
"LWH"=0 (0x0)
"LWI"=0 (0x0)
"LWJ"=0 (0x0)
"LWK"=0 (0x0)
"LWL"=0 (0x0)
"LWM"=0 (0x0)
"LWN"=0 (0x0)
"LWO"=0 (0x0)
"LWP"=0 (0x0)
"LWQ"=0 (0x0)
"LWR"=0 (0x0)
"LWS"=0 (0x0)
"LWT"=0 (0x0)
"LWU"=0 (0x0)
"LWV"=0 (0x0)
"LWW"=0 (0x0)
"LWX"=0 (0x0)
"LWY"=0 (0x0)
"LWZ"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{44AD4D11-09DF-1033-0103-060416200001}"="C:\Program Files\Common Files\{44AD4D11-09DF-1033-0103-060416200001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
"{19B9CD57-3043-442F-8DFF-F9924AF056BD}"= C:\WINDOWS\system32\opnlKAro.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlKAro]
opnlKAro.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMEvWOF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - TMCOMM



-- End of Deckard's System Scanner: finished at 2008-04-30 20:57:49 ------------

and I submitted the file extra.txt as an attachment

Thanks again!!

Attached Files



#3 zwhitlock

zwhitlock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brooklyn
  • Local time:05:16 PM

Posted 02 May 2008 - 05:33 PM

You know what... Never mind... I just used my Win XP CD to repair my installation. So it fixed all the bugs and left my files in tact. I just have to customize my desktop and settings again... No big deal...

Thanks anyway... :thumbsup:

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,051 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:16 PM

Posted 05 May 2008 - 01:03 AM

Thanks for letting us know. I'll go ahead and close this topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users