Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might Be Infected And Winfix Pop-ups


  • This topic is locked This topic is locked
41 replies to this topic

#1 cramlemmoj

cramlemmoj

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 May 2008 - 02:05 AM

MAIN.txt

Deckard's System Scanner v20071014.68
Run by user1 on 2008-05-03 14:48:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-03 06:48:30 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user1.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:46 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Config\csrss.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {B9212AEA-54DB-49C4-A0AE-D18FCB32C767} - C:\WINDOWS\system32\ljJASkLd.dll
O2 - BHO: (no name) - {E3D5CAF1-2707-40FB-8713-6B4F72E973F8} - C:\WINDOWS\system32\wvUkHWOh.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [846eab65] rundll32.exe "C:\WINDOWS\system32\fvetfhec.dll",b
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: wvUkHWOh - C:\WINDOWS\SYSTEM32\wvUkHWOh.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6607 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


pe386 driver present

msguard driver present

lzx32 driver present

huy32 driver present

xpdt driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Game Port for Creative
Device ID: LEGACY\JOYSTICK\5&27A00D37&0&ENUM&
Manufacturer: Creative Technology Ltd.
Name: Game Port for Creative
PNP Device ID: LEGACY\JOYSTICK\5&27A00D37&0&ENUM&
Service: gameenum


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-03 14:04:41 0 dr-h----- C:\Documents and Settings\user1\Recent
2008-05-03 13:39:10 0 d-------- C:\Program Files\BitLord
2008-05-02 18:39:33 0 d-------- C:\Program Files\Trend Micro
2008-05-02 18:33:11 0 d-------- C:\Program Files\CCleaner
2008-05-02 17:23:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-02 17:22:33 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-01 21:42:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-01 21:42:04 0 d-------- C:\Program Files\McAfee
2008-05-01 21:42:04 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-01 21:38:19 96320 --a------ C:\WINDOWS\system32\fvetfhec.dll
2008-05-01 21:37:58 107072 --a------ C:\WINDOWS\system32\vhuwhwga.dll
2008-05-01 21:32:15 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-01 13:51:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-01 13:32:51 0 d-------- C:\Program Files\LimeWire
2008-05-01 13:17:57 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-01 13:17:53 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-01 11:15:30 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-01 11:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-01 10:53:45 0 d-------- C:\Program Files\AskSBar
2008-05-01 09:30:18 0 d-------- C:\Program Files\Windows Doctor
2008-04-30 23:56:19 0 d-------- C:\WINDOWS\network diagnostic
2008-04-30 21:38:40 104512 --a------ C:\WINDOWS\system32\rpykxgfh.dll
2008-04-30 11:44:07 0 d-------- C:\Program Files\Super Internet TV
2008-04-30 11:30:14 0 d-------- C:\Program Files\PC Optimizer Pro
2008-04-30 11:07:53 0 d-------- C:\Program Files\Satelite tv
2008-04-29 21:37:27 104512 --a------ C:\WINDOWS\system32\ngqijbji.dll
2008-04-29 11:17:42 0 d-------- C:\Documents and Settings\user1\Application Data\LimeWire
2008-04-29 10:58:18 0 d-------- C:\Program Files\Java
2008-04-29 10:53:32 0 d-------- C:\Program Files\Common Files\Java
2008-04-29 09:34:55 216452 --ahs---- C:\WINDOWS\system32\dLkSAJjl.ini2
2008-04-29 09:34:01 281600 --a------ C:\WINDOWS\system32\ljJASkLd.dll
2008-04-29 09:24:46 43520 --a------ C:\WINDOWS\system32\byXRheDw.dll
2008-04-29 09:16:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-29 09:15:58 43520 --a------ C:\WINDOWS\system32\wvUkHWOh.dll
2008-04-29 09:06:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 17:25:04 0 d-------- C:\Documents and Settings\user1\Application Data\Ahead
2008-04-28 17:18:19 0 d-------- C:\Documents and Settings\user1\Application Data\CyberLink
2008-04-28 17:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-28 17:15:55 0 d-------- C:\Program Files\CyberLink
2008-04-28 17:08:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-28 17:05:54 0 d-------- C:\Program Files\Nero
2008-04-28 17:05:54 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-28 17:05:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-28 17:04:48 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-28 09:46:58 0 d-------- C:\Documents and Settings\user1\Application Data\Softplicity
2008-04-28 09:46:43 0 d-------- C:\Program Files\TotalAudioConverter
2008-04-27 11:27:37 0 --a------ C:\WINDOWS\Infob.dat
2008-04-27 11:27:37 0 --a------ C:\WINDOWS\Infoa.dat
2008-04-27 11:16:46 0 d-------- C:\Program Files\Total Video Converter
2008-04-27 10:15:19 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-27 10:15:19 0 d-------- C:\Documents and Settings\user1\Application Data\MegauploadToolbar
2008-04-27 10:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-26 13:05:52 0 d-------- C:\Program Files\WinAVI Video Converter
2008-04-25 23:28:18 0 d-------- C:\downloads
2008-04-25 23:28:18 0 d-------- C:\Documents and Settings\user1\Application Data\FMZilla
2008-04-25 23:28:05 0 d-------- C:\Program Files\Free Music Zilla
2008-04-24 21:07:35 0 d-------- C:\logs
2008-04-24 21:07:34 0 d-------- C:\Documents and Settings\user1\ChikkaDefault
2008-04-24 20:59:45 0 d-------- C:\Program Files\Chikka Messenger
2008-04-24 20:21:35 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-24 20:21:33 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-24 19:54:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-24 18:25:47 0 d-------- C:\Documents and Settings\user1\Application Data\DMCache
2008-04-24 17:45:05 0 d-------- C:\Documents and Settings\user1\Application Data\Thinstall
2008-04-23 21:13:22 0 d-------- C:\Program Files\mIRC
2008-04-23 21:13:22 0 d-------- C:\Documents and Settings\user1\Application Data\mIRC
2008-04-23 17:22:26 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-23 16:57:11 0 d-------- C:\Documents and Settings\user1\Application Data\Yahoo!
2008-04-23 16:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 16:30:10 0 d-------- C:\Documents and Settings\user1\Application Data\Creative
2008-04-23 16:27:51 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-04-23 16:26:29 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-23 16:26:29 0 d-------- C:\Program Files\ArcSoft
2008-04-23 16:26:09 1048576 -ra------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP for WinHelp 2000>
2008-04-23 16:25:37 0 d-------- C:\Program Files\Ulead Systems
2008-04-23 16:24:02 0 d-------- C:\Program Files\Creative
2008-04-23 15:55:02 0 d-------- C:\Program Files\Winamp
2008-04-23 15:28:31 0 d-------- C:\Program Files\EPSON
2008-04-20 22:16:24 0 d--hs---- C:\WINDOWS\Installer
2008-04-20 22:16:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-20 22:16:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-20 22:16:20 0 dr------- C:\Program Files
2008-04-20 22:16:20 0 d-------- C:\Program Files\Common Files
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-20 22:16:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-20 22:16:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-20 22:16:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-20 22:15:48 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-20 22:15:48 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-20 22:15:43 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-20 22:15:43 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-20 22:15:43 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-20 22:15:43 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-20 22:15:25 0 d--hs---- C:\System Volume Information
2008-04-20 22:15:25 0 d-------- C:\Documents and Settings
2008-04-20 22:11:35 0 d-------- C:\WINDOWS
2008-04-20 22:11:35 0 d-------- C:\WINDa


EXTRA.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 2800+
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511.48 MiB / 162.77 MiB
Pagefile Memory (total/avail): 1246.8 MiB / 846.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.95 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 12.85 GiB free.
D: is Fixed (NTFS) - 34.18 GiB total, 31.42 GiB free.
E: is Fixed (NTFS) - 20.81 GiB total, 13.57 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3802110A - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\CS13\\hl.exe"="D:\\CS13\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:猥orrent"
"F:\\CDS\\Nero\\Installation\\SetupX.exe"="F:\\CDS\\Nero\\Installation\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user1\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-02
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user1
LOGONSERVER=\\PC-02
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user1\LOCALS~1\Temp
TMP=C:\DOCUME~1\user1\LOCALS~1\Temp
USERDOMAIN=PC-02
USERNAME=user1
USERPROFILE=C:\Documents and Settings\user1
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
猥orrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ArcSoft Multimedia Email --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\Setup.exe" -l0x9 -uninst
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Audition 0.1.2.0 --> "C:\Program Files\e-Games\Audition\uninstall.exe"
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Chikka Messenger V4 --> C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Vista Pro Driver (1.00.05.0726) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Vf0100.uns -unsext NT -plugin V0100Pin.dll -pluginres V0100Pin.crl
Creative WebCam Vista Pro User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Vista Pro\Creative WebCam Vista Pro User's Guide\English\CTManual.isu"
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Free Music Zilla --> "C:\Program Files\Free Music Zilla\unins000.exe"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{45B3A3BD-F90D-48FE-A147-D74878A51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
PC Optimizer Pro ver.4.5.13 --> "C:\Program Files\PC Optimizer Pro\unins000.exe"
PixiePack Codec Pack --> MsiExec.exe /I{621FCD24-4498-4324-A81E-07D331376EDF}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Super Internet TV v7.11 --> "C:\Program Files\Super Internet TV\unins000.exe"
Total Video Converter 3.12 080307 --> "C:\Program Files\Total Video Converter\unins000.exe"
TotalAudioConverter --> "C:\Program Files\TotalAudioConverter\unins000.exe"
Ulead Photo Express 4.0 My Custom Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BCE515-D5A3-11D4-8E33-0010B53EC668}\Setup.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! 工具列 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type1941 / Error
Event Submitted/Written: 05/01/2008 09:37:22 PM
Event ID/Source: 11308 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1308. Source file not found: C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$DI50.328\msvcp80.dll. Verify that the file exists and that you can access it.

Event Record #/Type1940 / Error
Event Submitted/Written: 05/01/2008 09:37:21 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1309. Error reading from file: C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$DI50.328\Drivers\eamon\eamon.inf. System error 3. Verify that the file exists and that you can access it.

Event Record #/Type1939 / Error
Event Submitted/Written: 05/01/2008 09:37:19 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1309. Error reading from file: C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$DI50.328\Drivers\eamon\eamon.inf. System error 3. Verify that the file exists and that you can access it.

Event Record #/Type1938 / Error
Event Submitted/Written: 05/01/2008 09:37:18 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1309. Error reading from file: C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$DI50.328\Drivers\eamon\eamon.inf. System error 3. Verify that the file exists and that you can access it.

Event Record #/Type1937 / Error
Event Submitted/Written: 05/01/2008 09:37:17 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- Error 1309. Error reading from file: C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$DI50.328\Drivers\eamon\eamon.inf. System error 3. Verify that the file exists and that you can access it.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3317 / Warning
Event Submitted/Written: 05/03/2008 11:43:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3313 / Warning
Event Submitted/Written: 05/03/2008 11:21:02 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3286 / Warning
Event Submitted/Written: 05/03/2008 09:14:24 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3176 / Error
Event Submitted/Written: 05/02/2008 07:18:52 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HTTP SSL service terminated with the following error:
%%2

Event Record #/Type3076 / Error
Event Submitted/Written: 05/02/2008 05:24:40 PM
Event ID/Source: 14302 / WMPNetworkSvc
Event Description:
Service 'WMPNetworkSvc' was not installed because CreateService encountered error '2'. Restart your computer, and then try to reinstall the service.



-- End of Deckard's System Scanner: finished at 2008-05-03 14:51:52 ------------

BC AdBot (Login to Remove)

 


#2 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 May 2008 - 05:17 AM

this logfile is after i used SDFix... help plss :thumbsup:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:40 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [846eab65] rundll32.exe "C:\WINDOWS\system32\fvetfhec.dll",b
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5994 bytes

Edited by Orange Blossom, 04 May 2008 - 11:15 PM.
This was separate topic. Merged to this one. ~ OB


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:38 AM

Posted 03 May 2008 - 11:08 AM

Hello cramlemmoj,

Welcome to Bleeping Computer :thumbsup:


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 May 2008 - 11:40 PM

sir i can't install combofix...

pls help... it says "installation failed"

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:38 AM

Posted 03 May 2008 - 11:44 PM

Try this instead :

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 May 2008 - 11:53 PM

sir i already did that but i'll do it again if u want and by the way sir, this not only happened to combofix but also to alot of app i tried to install... is there any other way??

#7 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 12:15 AM

this the SDFix report that i just did...

SDFix: Version 1.178
Run by user1 on Sun 05/04/2008 at 01:02 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 13:07:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\CS13\\hl.exe"="D:\\CS13\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:潡orrent"
"F:\\CDS\\Nero\\Installation\\SetupX.exe"="F:\\CDS\\Nero\\Installation\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 2 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

And this is the Hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:04 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\user1\Desktop\ComboFix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [846eab65] rundll32.exe "C:\WINDOWS\system32\fvetfhec.dll",b
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6143 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:38 AM

Posted 04 May 2008 - 12:15 AM

One more removal tool to try, then try a new method. :blink:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

By the way, I appreciate that you're so polite, but I'm not a sir. I'm a lady. :thumbsup:

thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 12:21 AM

i'm so sorry mam...

:thumbsup: :blink: :wacko: :) :)

#10 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 12:29 AM

mam i still cant install this app...

C:\program files\malwarebytes'anti-malware\unins000.exe

An error occured while trying to rename a file in the destination directory:

Movefile failed; code 5

Access is denied

click to retry, ignore to skip this file(not recommended), Abort cancel installation


these where stated while i was trying to install the software...

#11 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 01:02 AM

by the way mam, this log now is when i used dss.exe
can you pls check this out???


Deckard's System Scanner v20071014.68
Run by user1 on 2008-05-04 13:56:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user1.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:11 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {DC659D0C-FCF8-4651-8BF5-76B612D0AFEA} - C:\WINDOWS\system32\ljJASkLd.dll
O2 - BHO: (no name) - {E3D5CAF1-2707-40FB-8713-6B4F72E973F8} - C:\WINDOWS\system32\wvUkHWOh.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [846eab65] rundll32.exe "C:\WINDOWS\system32\fvetfhec.dll",b
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: wvUkHWOh - C:\WINDOWS\SYSTEM32\wvUkHWOh.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6476 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 13:51:38 0 dr-h----- C:\Documents and Settings\user1\Recent
2008-05-04 13:04:20 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-04 12:44:20 0 d-------- C:\327882R2FWJFW
2008-05-04 12:35:09 169 --a------ C:\Start_.cmd
2008-05-03 17:42:17 0 d-------- C:\WINDOWS\ERUNT
2008-05-03 13:39:10 0 d-------- C:\Program Files\BitLord
2008-05-02 18:39:33 0 d-------- C:\Program Files\Trend Micro
2008-05-02 17:23:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-02 17:22:33 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-01 21:42:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-01 21:42:04 0 d-------- C:\Program Files\McAfee
2008-05-01 21:42:04 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-01 21:38:19 96320 --a------ C:\WINDOWS\system32\fvetfhec.dll
2008-05-01 21:37:58 107072 --a------ C:\WINDOWS\system32\vhuwhwga.dll
2008-05-01 21:32:15 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-01 13:51:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-01 13:32:51 0 d-------- C:\Program Files\LimeWire
2008-05-01 13:17:57 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-01 13:17:53 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-01 11:15:30 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-01 11:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-01 10:53:45 0 d-------- C:\Program Files\AskSBar
2008-05-01 09:30:18 0 d-------- C:\Program Files\Windows Doctor
2008-04-30 23:56:19 0 d-------- C:\WINDOWS\network diagnostic
2008-04-30 21:38:40 104512 --a------ C:\WINDOWS\system32\rpykxgfh.dll
2008-04-29 21:37:27 104512 --a------ C:\WINDOWS\system32\ngqijbji.dll
2008-04-29 11:17:42 0 d-------- C:\Documents and Settings\user1\Application Data\LimeWire
2008-04-29 10:58:18 0 d-------- C:\Program Files\Java
2008-04-29 10:53:32 0 d-------- C:\Program Files\Common Files\Java
2008-04-29 09:34:55 208333 --ahs---- C:\WINDOWS\system32\dLkSAJjl.ini2
2008-04-29 09:34:01 281600 --a------ C:\WINDOWS\system32\ljJASkLd.dll
2008-04-29 09:24:46 43520 --a------ C:\WINDOWS\system32\byXRheDw.dll
2008-04-29 09:16:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-29 09:15:58 43520 --a------ C:\WINDOWS\system32\wvUkHWOh.dll
2008-04-29 09:06:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 17:25:04 0 d-------- C:\Documents and Settings\user1\Application Data\Ahead
2008-04-28 17:18:19 0 d-------- C:\Documents and Settings\user1\Application Data\CyberLink
2008-04-28 17:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-28 17:15:55 0 d-------- C:\Program Files\CyberLink
2008-04-28 17:08:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-28 17:05:54 0 d-------- C:\Program Files\Nero
2008-04-28 17:05:54 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-28 17:05:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-28 17:04:48 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-28 09:46:58 0 d-------- C:\Documents and Settings\user1\Application Data\Softplicity
2008-04-28 09:46:43 0 d-------- C:\Program Files\TotalAudioConverter
2008-04-27 11:27:37 0 --a------ C:\WINDOWS\Infob.dat
2008-04-27 11:27:37 0 --a------ C:\WINDOWS\Infoa.dat
2008-04-27 11:16:46 0 d-------- C:\Program Files\Total Video Converter
2008-04-27 10:15:19 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-27 10:15:19 0 d-------- C:\Documents and Settings\user1\Application Data\MegauploadToolbar
2008-04-27 10:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-26 13:05:52 0 d-------- C:\Program Files\WinAVI Video Converter
2008-04-25 23:28:18 0 d-------- C:\downloads
2008-04-25 23:28:18 0 d-------- C:\Documents and Settings\user1\Application Data\FMZilla
2008-04-25 23:28:05 0 d-------- C:\Program Files\Free Music Zilla
2008-04-24 21:07:35 0 d-------- C:\logs
2008-04-24 21:07:34 0 d-------- C:\Documents and Settings\user1\ChikkaDefault
2008-04-24 20:59:45 0 d-------- C:\Program Files\Chikka Messenger
2008-04-24 20:21:35 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-24 20:21:33 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-24 19:54:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-24 18:25:47 0 d-------- C:\Documents and Settings\user1\Application Data\DMCache
2008-04-24 17:45:05 0 d-------- C:\Documents and Settings\user1\Application Data\Thinstall
2008-04-23 21:13:22 0 d-------- C:\Program Files\mIRC
2008-04-23 21:13:22 0 d-------- C:\Documents and Settings\user1\Application Data\mIRC
2008-04-23 17:22:26 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-23 16:57:11 0 d-------- C:\Documents and Settings\user1\Application Data\Yahoo!
2008-04-23 16:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 16:30:10 0 d-------- C:\Documents and Settings\user1\Application Data\Creative
2008-04-23 16:27:51 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-04-23 16:26:29 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-23 16:26:29 0 d-------- C:\Program Files\ArcSoft
2008-04-23 16:26:09 1048576 -ra------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP for WinHelp 2000>
2008-04-23 16:25:37 0 d-------- C:\Program Files\Ulead Systems
2008-04-23 16:24:02 0 d-------- C:\Program Files\Creative
2008-04-23 15:55:02 0 d-------- C:\Program Files\Winamp
2008-04-23 15:28:31 0 d-------- C:\Program Files\EPSON
2008-04-20 22:16:24 0 d--hs---- C:\WINDOWS\Installer
2008-04-20 22:16:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-20 22:16:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-20 22:16:20 0 dr------- C:\Program Files
2008-04-20 22:16:20 0 d-------- C:\Program Files\Common Files
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-20 22:16:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-20 22:16:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-20 22:16:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-20 22:16:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-20 22:16:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-20 22:16:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-20 22:15:48 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-20 22:15:48 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-20 22:15:43 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-20 22:15:43 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-20 22:15:43 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-20 22:15:43 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-20 22:15:25 0 d--hs---- C:\System Volume Information
2008-04-20 22:15:25 0 d-------- C:\Documents and Settings
2008-04-20 22:11:35 0 d-------- C:\WINDOWS
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\WinSxS
2008-04-20 22:11:35 0 dr------- C:\WINDOWS\Web
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\twain_32
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\wins
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\wbem
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\usmt
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\spool
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\Setup
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\ras
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\oobe
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\npp
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\mui
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\IME
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\ias
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\export
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\drivers
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-20 22:11:35 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\config
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\3076
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\2052
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1054
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1042
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1041
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1037
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1033
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1031
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1028
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system32\1025
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\system
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\security
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Resources
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\repair
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Provisioning
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\PeerNet
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\pchealth
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\mui
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\msapps
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\msagent
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Media
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\java
2008-04-20 22:11:35 0 d--h----- C:\WINDOWS\inf
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\ime
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Help
2008-04-20 22:11:35 0 dr--s---- C:\WINDOWS\Fonts
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\ehome
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Driver Cache
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Debug
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Cursors
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\Config
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\AppPatch
2008-04-20 22:11:35 0 d-------- C:\WINDOWS\addins
2008-04-20 18:16:40 231936 --a------ C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2008-04-20 18:16:40 1022976 --a------ C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2008-04-20 18:16:38 0 d-------- C:\SIERRA
2008-04-20 18:16:38 0 d-------- C:\Program Files\Sierra On-Line
2008-04-20 18:16:16 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield unInstaller>
2008-04-20 18:16:13 0 d-------- C:\Documents and Settings\user1\WINDOWS
2008-04-20 17:25:18 0 d-------- C:\Program Files\e-Games
2008-04-20 15:48:23 0 d-------- C:\QUARANTINE
2008-04-20 15:46:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-20 15:46:44 0 d-------- C:\Documents and Settings\user1\Application Data\Mozilla
2008-04-20 15:43:18 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-04-20 15:43:18 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-20 15:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-04-20 15:29:37 0 d-------- C:\Program Files\Realtek Sound Manager
2008-04-20 15:29:35 0 d-------- C:\Program Files\AvRack
2008-04-20 15:29:32 40960 -----n--- C:\WINDOWS\system32\ChCfg.exe
2008-04-20 15:29:27 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2008-04-20 15:29:27 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2008-04-20 15:29:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 15:25:24 0 d-------- C:\WINDOWS\system32\Tools
2008-04-20 15:14:59 0 d-------- C:\WINDOWS\nview
2008-04-20 15:14:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-20 15:13:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-20 15:12:35 0 d-------- C:\Tmp
2008-04-20 14:30:51 0 d-------- C:\Documents and Settings\user1\Application Data\Identities
2008-04-20 14:30:43 0 d--h----- C:\Documents and Settings\user1\Templates
2008-04-20 14:30:43 0 dr------- C:\Documents and Settings\user1\Start Menu
2008-04-20 14:30:43 0 dr-h----- C:\Documents and Settings\user1\SendTo
2008-04-20 14:30:43 0 d--h----- C:\Documents and Settings\user1\PrintHood
2008-04-20 14:30:43 2359296 --ah----- C:\Documents and Settings\user1\NTUSER.DAT
2008-04-20 14:30:43 0 d--h----- C:\Documents and Settings\user1\NetHood
2008-04-20 14:30:43 0 dr------- C:\Documents and Settings\user1\My Documents
2008-04-20 14:30:43 0 d--h----- C:\Documents and Settings\user1\Local Settings
2008-04-20 14:30:43 0 dr------- C:\Documents and Settings\user1\Favorites
2008-04-20 14:30:43 0 d-------- C:\Documents and Settings\user1\Desktop
2008-04-20 14:30:43 0 d--hs---- C:\Documents and Settings\user1\Cookies
2008-04-20 14:30:43 0 d--h----- C:\Documents and Settings\user1\Application Data
2008-04-20 14:29:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-20 14:29:52 0 d-------- C:\WINDOWS\Prefetch
2008-04-20 14:29:51 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-20 14:29:50 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-20 14:29:50 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-20 14:29:50 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-20 14:29:50 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-20 14:29:50 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-20 14:29:43 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-20 14:29:43 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-20 14:29:43 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-20 14:29:43 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-20 14:29:42 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-20 14:26:30 0 d-------- C:\WINDOWS\system32\xircom
2008-04-20 14:26:30 0 d-------- C:\Program Files\microsoft frontpage
2008-04-20 14:26:18 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-20 14:25:58 0 -rahs---- C:\MSDOS.SYS
2008-04-20 14:25:58 0 -rahs---- C:\IO.SYS
2008-04-20 14:24:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-20 14:24:47 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-20 14:24:47 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-20 14:24:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-20 14:24:21 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-20 14:23:57 0 d---s---- C:\WINDOWS\Tasks
2008-04-20 14:23:56 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-20 14:23:53 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-20 14:23:53 0 d-------- C:\WINDOWS\srchasst
2008-04-20 14:23:47 0 d-------- C:\Program Files\Movie Maker
2008-04-20 14:23:41 0 d-------- C:\WINDOWS\system32\Restore
2008-04-20 14:23:07 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-20 14:22:55 0 d-------- C:\WINDOWS\Registration
2008-04-20 14:22:50 0 d-------- C:\Program Files\Online Services
2008-04-20 14:22:45 0 d-------- C:\Program Files\Messenger
2008-04-20 14:22:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-20 14:22:14 0 d-------- C:\Program Files\Windows NT
2008-04-20 14:22:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-20 14:22:11 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-03 17:29:02 0 d-------- C:\Program Files\Yahoo!
2008-04-29 09:17:16 0 d-------- C:\Documents and Settings\user1\Application Data\Adobe
2008-04-20 22:16:00 62 --ahs---- C:\Documents and Settings\user1\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC659D0C-FCF8-4651-8BF5-76B612D0AFEA}]
04/29/2008 09:34 AM 281600 --a------ C:\WINDOWS\system32\ljJASkLd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3D5CAF1-2707-40FB-8713-6B4F72E973F8}]
04/29/2008 09:15 AM 43520 --a------ C:\WINDOWS\system32\wvUkHWOh.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [05/01/2008 10:53 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"nwiz"="nwiz.exe" [06/01/2006 05:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/01/2006 05:22 PM]
"SoundMan"="SOUNDMAN.EXE" [01/20/2005 08:04 PM C:\WINDOWS\SOUNDMAN.EXE]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [02/01/2005 07:28 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [11/26/2007 02:54 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [11/26/2007 02:54 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/14/2007 09:01 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/08/2007 10:17 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"846eab65"="C:\WINDOWS\system32\fvetfhec.dll" [05/01/2008 09:38 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E3D5CAF1-2707-40FB-8713-6B4F72E973F8}"= C:\WINDOWS\system32\wvUkHWOh.dll [04/29/2008 09:15 AM 43520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWOh]
wvUkHWOh.dll 04/29/2008 09:15 AM 43520 C:\WINDOWS\system32\wvUkHWOh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJASkLd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21ec4286-0eaa-11dd-b5f2-dcbce92ca6dc}]
AutoRun\command- bar311.exe %1
Explore\command- bar311.exe %1
Open\command- bar311.exe %1


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-05-04 14:00:47 ------------

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:38 AM

Posted 04 May 2008 - 01:15 AM

No need to be sorry!! It happens. :thumbsup:

See if you can run this scan :

http://housecall.trendmicro.com/

Post the report for me if you get it to run. :blink:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 01:19 AM

mam its currently scanning...


:thumbsup: :blink: :wacko: :) :)

#14 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 01:20 AM

mam can i ask one thing???

what av would you prefer for me to use?

#15 cramlemmoj

cramlemmoj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 May 2008 - 01:36 AM

the scan is a bit long...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users