Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Http 404 And Other Pop Ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 krazymanyac

krazymanyac

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 15 May 2008 - 01:10 AM

I turn on the internet explorer and there's no problem at first then I start going into sites and the pop ups start especially HTTP 404 which say I am not connected . then all the others start



Deckard's System Scanner v20071014.68
Run by Sonji&Alex on 2008-05-14 22:48:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-05-07 13:04:32 UTC - RP397 - Windows Update
6: 2008-05-05 02:22:28 UTC - RP396 - Windows Update
5: 2008-05-02 14:00:56 UTC - RP395 - Windows Update
4: 2008-04-30 07:26:02 UTC - RP394 - Scheduled Checkpoint
3: 2008-04-28 04:21:00 UTC - RP393 - Restore Operation


-- First Restore Point --
1: 2008-04-28 04:18:10 UTC - RP391 - 4/15/08


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 22:51:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Windows\System32\cthelper.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Windows\BCMSMMSG.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Sonji&Alex\AppData\Local\bzjsfxec.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sonji&Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EEJR5T8\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09410A74-393D-44C5-A1E7-3D3424436B0A} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {11682196-5BC2-425B-B3FA-7C3CAC771569} - (no file)
O2 - BHO: (no name) - {3D6E42BA-722A-4754-AAD2-67B7CCF5D208} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6396B795-6A6C-4639-872E-77141C9B1BB4} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
O2 - BHO: (no name) - {96521836-417A-4025-BC4E-BC843010891B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {B4E48119-0DCE-45EA-94F2-F8BB8826B388} - (no file)
O2 - BHO: (no name) - {B712DF81-EDF9-404D-9EB5-679F3A490B7B} - (no file)
O2 - BHO: (no name) - {C6DF2294-975B-4BEA-93AB-AD6DB4D03EE5} - (no file)
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\Windows\System32\yaYSMeba.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Manolito] C:\Program Files\Manolito\Manolito.exe SILENT
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaYSMeba.dll,#1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dfmstvlx] C:\Windows\system32\jovarqtq.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\geBtRheE.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\khfFVMCv.dll,c
O4 - HKCU\..\Run: [10ccf75e] rundll32.exe "C:\Users\SONJI&~1\AppData\Local\Temp\thkxkpnn.dll",b
O4 - HKCU\..\Run: [bzjsfxec] c:\users\sonji&alex\appdata\local\bzjsfxec.exe bzjsfxec
O4 - HKLM\..\Policies\Explorer\Run: [NawSxcxrlh] C:\ProgramData\hitklyzk\zezsfgpu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} () - http://update.microsoft.com/windowsupdate/...b?1183584972750
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.Exe
O23 - Service: PictureTaker - LANovation - C:\Windows\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\Windows\System32\YPcservice.exe


--
End of file - 9876 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>

S1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
S3 NMSCFG (NIC Management Service Configuration Driver) - \??\c:\windows\system32\drivers\nmscfg.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
S3 YPCService - c:\windows\system32\ypcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 21:37:30 0 d-------- C:\Program Files\iMesh Applications
2008-04-29 04:42:38 691545 --a------ C:\Windows\unins000.exe
2008-04-29 04:42:37 2552 --a------ C:\Windows\unins000.dat
2008-04-21 16:36:21 38912 --a------ C:\Windows\system32\ssQkIaWq.dll
2008-04-21 16:12:40 39936 --a------ C:\Windows\system32\yaYSMeba.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\winsystem.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\vcatchpi.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\vbsys2.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\thun32.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\thun.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\temp#01.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\taack.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\taack.dat
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\sysreq.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssvchost.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssvchost.com
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssurf022.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\sncntr.exe
2008-04-21 16:12:20 0 d-------- C:\Windows\system32\smp
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\regm64.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\regc64.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\psoft1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\psof1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ps1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\newsd32.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\netode.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mwin32.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mtr2.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msvchost.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mssecu.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msnbho.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msgp.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\medup012.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\emesx.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\bsva-egihsg52.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\bdn.com
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\anticipator.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\akttzn.exe
2008-04-21 16:12:13 106496 --a------ C:\Windows\system32\jovarqtq.exe
2008-04-21 16:12:05 110096 --a------ C:\Windows\system32\crack.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-14 22:53:01 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\uTorrent
2008-05-14 12:02:23 288 --a------ C:\Windows\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-00581102}.dat
2008-05-14 12:02:23 288 --a------ C:\Windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00581102}.dat
2008-04-27 07:26:12 0 d--hs---- C:\Program Files\outlook
2008-04-22 22:35:37 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\Vso
2008-04-22 22:35:37 33 --a------ C:\Users\Sonji&Alex\AppData\Roaming\pcouffin.log
2008-04-22 22:35:35 7887 --a------ C:\Users\Sonji&Alex\AppData\Roaming\pcouffin.cat
2008-03-26 16:58:27 0 d-------- C:\Program Files\Common Files
2008-03-26 16:26:01 0 d-------- C:\Program Files\MSN Games
2008-03-26 13:37:35 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-03-26 09:51:32 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\Shareaza


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09410A74-393D-44C5-A1E7-3D3424436B0A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11682196-5BC2-425B-B3FA-7C3CAC771569}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6E42BA-722A-4754-AAD2-67B7CCF5D208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6396B795-6A6C-4639-872E-77141C9B1BB4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96521836-417A-4025-BC4E-BC843010891B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E48119-0DCE-45EA-94F2-F8BB8826B388}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B712DF81-EDF9-404D-9EB5-679F3A490B7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6DF2294-975B-4BEA-93AB-AD6DB4D03EE5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
04/21/2008 04:12 PM 39936 --a------ C:\Windows\system32\yaYSMeba.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{196C3A46-4758-433D-A600-802C804AF39C}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/02/2006 05:34 AM]
"602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [12/06/2004 11:10 AM]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [04/03/2007 02:02 PM]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [04/03/2007 02:02 PM]
"CTHelper"="CTHELPER.EXE" [04/03/2007 12:48 PM C:\Windows\System32\cthelper.exe]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 10:43 AM]
"BCMSMMSG"="BCMSMMSG.exe" [04/04/2003 08:40 PM C:\Windows\BCMSMMSG.exe]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Manolito"="C:\Program Files\Manolito\Manolito.exe" []
"MSServer"="C:\Windows\system32\yaYSMeba.dll" [04/21/2008 04:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM]
"dfmstvlx"="C:\Windows\system32\jovarqtq.exe" [04/21/2008 04:12 PM]
"MSServer"="C:\Users\SONJI&~1\AppData\Local\Temp\geBtRheE.dll,#1" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"cmds"="C:\Users\SONJI&~1\AppData\Local\Temp\khfFVMCv.dll,c" []
"10ccf75e"="C:\Users\SONJI&~1\AppData\Local\Temp\thkxkpnn.dll,b" []
"bzjsfxec"="c:\users\sonji&alex\appdata\local\bzjsfxec.exe" [05/07/2008 05:58 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 2:56:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"NawSxcxrlh"=C:\ProgramData\hitklyzk\zezsfgpu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\Windows\system32\yaYSMeba.dll [04/21/2008 04:12 PM 39936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - NMSCFG

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-14 22:53:59 ------------


extra v20071014.68
Run by Sonji&Alex on 2008-05-14 22:48:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-05-07 13:04:32 UTC - RP397 - Windows Update
6: 2008-05-05 02:22:28 UTC - RP396 - Windows Update
5: 2008-05-02 14:00:56 UTC - RP395 - Windows Update
4: 2008-04-30 07:26:02 UTC - RP394 - Scheduled Checkpoint
3: 2008-04-28 04:21:00 UTC - RP393 - Restore Operation


-- First Restore Point --
1: 2008-04-28 04:18:10 UTC - RP391 - 4/15/08


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 22:51:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Windows\System32\cthelper.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Windows\BCMSMMSG.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Sonji&Alex\AppData\Local\bzjsfxec.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sonji&Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EEJR5T8\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09410A74-393D-44C5-A1E7-3D3424436B0A} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {11682196-5BC2-425B-B3FA-7C3CAC771569} - (no file)
O2 - BHO: (no name) - {3D6E42BA-722A-4754-AAD2-67B7CCF5D208} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6396B795-6A6C-4639-872E-77141C9B1BB4} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
O2 - BHO: (no name) - {96521836-417A-4025-BC4E-BC843010891B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {B4E48119-0DCE-45EA-94F2-F8BB8826B388} - (no file)
O2 - BHO: (no name) - {B712DF81-EDF9-404D-9EB5-679F3A490B7B} - (no file)
O2 - BHO: (no name) - {C6DF2294-975B-4BEA-93AB-AD6DB4D03EE5} - (no file)
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\Windows\System32\yaYSMeba.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Manolito] C:\Program Files\Manolito\Manolito.exe SILENT
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaYSMeba.dll,#1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dfmstvlx] C:\Windows\system32\jovarqtq.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\geBtRheE.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\khfFVMCv.dll,c
O4 - HKCU\..\Run: [10ccf75e] rundll32.exe "C:\Users\SONJI&~1\AppData\Local\Temp\thkxkpnn.dll",b
O4 - HKCU\..\Run: [bzjsfxec] c:\users\sonji&alex\appdata\local\bzjsfxec.exe bzjsfxec
O4 - HKLM\..\Policies\Explorer\Run: [NawSxcxrlh] C:\ProgramData\hitklyzk\zezsfgpu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} () - http://update.microsoft.com/windowsupdate/...b?1183584972750
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.Exe
O23 - Service: PictureTaker - LANovation - C:\Windows\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\Windows\System32\YPcservice.exe


--
End of file - 9876 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>

S1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
S3 NMSCFG (NIC Management Service Configuration Driver) - \??\c:\windows\system32\drivers\nmscfg.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
S3 YPCService - c:\windows\system32\ypcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 21:37:30 0 d-------- C:\Program Files\iMesh Applications
2008-04-29 04:42:38 691545 --a------ C:\Windows\unins000.exe
2008-04-29 04:42:37 2552 --a------ C:\Windows\unins000.dat
2008-04-21 16:36:21 38912 --a------ C:\Windows\system32\ssQkIaWq.dll
2008-04-21 16:12:40 39936 --a------ C:\Windows\system32\yaYSMeba.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\winsystem.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\vcatchpi.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\vbsys2.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\thun32.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\thun.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\temp#01.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\taack.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\taack.dat
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\sysreq.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssvchost.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssvchost.com
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ssurf022.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\sncntr.exe
2008-04-21 16:12:20 0 d-------- C:\Windows\system32\smp
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\regm64.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\regc64.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\psoft1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\psof1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\ps1.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\newsd32.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\netode.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mwin32.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mtr2.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msvchost.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\mssecu.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msnbho.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\msgp.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\medup012.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\emesx.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\bsva-egihsg52.exe
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\bdn.com
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\anticipator.dll
2008-04-21 16:12:20 4096 --a------ C:\Windows\system32\akttzn.exe
2008-04-21 16:12:13 106496 --a------ C:\Windows\system32\jovarqtq.exe
2008-04-21 16:12:05 110096 --a------ C:\Windows\system32\crack.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-14 22:53:01 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\uTorrent
2008-05-14 12:02:23 288 --a------ C:\Windows\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-00581102}.dat
2008-05-14 12:02:23 288 --a------ C:\Windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00581102}.dat
2008-04-27 07:26:12 0 d--hs---- C:\Program Files\outlook
2008-04-22 22:35:37 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\Vso
2008-04-22 22:35:37 33 --a------ C:\Users\Sonji&Alex\AppData\Roaming\pcouffin.log
2008-04-22 22:35:35 7887 --a------ C:\Users\Sonji&Alex\AppData\Roaming\pcouffin.cat
2008-03-26 16:58:27 0 d-------- C:\Program Files\Common Files
2008-03-26 16:26:01 0 d-------- C:\Program Files\MSN Games
2008-03-26 13:37:35 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-03-26 09:51:32 0 d-------- C:\Users\Sonji&Alex\AppData\Roaming\Shareaza


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09410A74-393D-44C5-A1E7-3D3424436B0A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11682196-5BC2-425B-B3FA-7C3CAC771569}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6E42BA-722A-4754-AAD2-67B7CCF5D208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6396B795-6A6C-4639-872E-77141C9B1BB4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96521836-417A-4025-BC4E-BC843010891B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E48119-0DCE-45EA-94F2-F8BB8826B388}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B712DF81-EDF9-404D-9EB5-679F3A490B7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6DF2294-975B-4BEA-93AB-AD6DB4D03EE5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
04/21/2008 04:12 PM 39936 --a------ C:\Windows\system32\yaYSMeba.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{196C3A46-4758-433D-A600-802C804AF39C}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/02/2006 05:34 AM]
"602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [12/06/2004 11:10 AM]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [04/03/2007 02:02 PM]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [04/03/2007 02:02 PM]
"CTHelper"="CTHELPER.EXE" [04/03/2007 12:48 PM C:\Windows\System32\cthelper.exe]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 10:43 AM]
"BCMSMMSG"="BCMSMMSG.exe" [04/04/2003 08:40 PM C:\Windows\BCMSMMSG.exe]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Manolito"="C:\Program Files\Manolito\Manolito.exe" []
"MSServer"="C:\Windows\system32\yaYSMeba.dll" [04/21/2008 04:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM]
"dfmstvlx"="C:\Windows\system32\jovarqtq.exe" [04/21/2008 04:12 PM]
"MSServer"="C:\Users\SONJI&~1\AppData\Local\Temp\geBtRheE.dll,#1" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"cmds"="C:\Users\SONJI&~1\AppData\Local\Temp\khfFVMCv.dll,c" []
"10ccf75e"="C:\Users\SONJI&~1\AppData\Local\Temp\thkxkpnn.dll,b" []
"bzjsfxec"="c:\users\sonji&alex\appdata\local\bzjsfxec.exe" [05/07/2008 05:58 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 2:56:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"NawSxcxrlh"=C:\ProgramData\hitklyzk\zezsfgpu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\Windows\system32\yaYSMeba.dll [04/21/2008 04:12 PM 39936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - NMSCFG

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-14 22:53:59 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:12 AM

Posted 16 May 2008 - 01:09 AM

Hello krazymanyac,

Welcome to Bleeping Computer :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {09410A74-393D-44C5-A1E7-3D3424436B0A} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {11682196-5BC2-425B-B3FA-7C3CAC771569} - (no file)
O2 - BHO: (no name) - {3D6E42BA-722A-4754-AAD2-67B7CCF5D208} - (no file)
O2 - BHO: (no name) - {6396B795-6A6C-4639-872E-77141C9B1BB4} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
O2 - BHO: (no name) - {96521836-417A-4025-BC4E-BC843010891B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {B4E48119-0DCE-45EA-94F2-F8BB8826B388} - (no file)
O2 - BHO: (no name) - {B712DF81-EDF9-404D-9EB5-679F3A490B7B} - (no file)
O2 - BHO: (no name) - {C6DF2294-975B-4BEA-93AB-AD6DB4D03EE5} - (no file)
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\Windows\System32\yaYSMeba.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaYSMeba.dll,#1
O4 - HKCU\..\Run: [dfmstvlx] C:\Windows\system32\jovarqtq.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\geBtRheE.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SONJI&~1\AppData\Local\Temp\khfFVMCv.dll,c
O4 - HKCU\..\Run: [10ccf75e] rundll32.exe "C:\Users\SONJI&~1\AppData\Local\Temp\thkxkpnn.dll",b
O4 - HKCU\..\Run: [bzjsfxec] c:\users\sonji&alex\appdata\local\bzjsfxec.exe bzjsfxec
O4 - HKLM\..\Policies\Explorer\Run: [NawSxcxrlh] C:\ProgramData\hitklyzk\zezsfgpu.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:12 AM

Posted 29 May 2008 - 12:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users