Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hjt Log


  • Please log in to reply
1 reply to this topic

#1 ruuf

ruuf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 May 2008 - 07:06 PM

Hello,

I have been having problems using sites that have search engines like google, whenever i go i do a search it just hangs and doesn't display no results. Also i have problems accessing my emails too it also hangs.
I am actually using a different pc to get access to this site as it hangs on my pc, strange

I followed the instructions of how to get help so hopefully someone can tell me whats wrong
thanks

Deckard's System Scanner v20071014.68
Run by Ahmed on 2008-05-19 00:51:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-05-18 23:51:38 UTC - RP77 - Deckard's System Scanner Restore Point
27: 2008-05-18 18:57:06 UTC - RP76 - Software Distribution Service 3.0
26: 2008-05-18 18:44:11 UTC - RP75 - Software Distribution Service 3.0
25: 2008-05-17 22:44:27 UTC - RP74 - Restore Operation
24: 2008-05-17 22:40:47 UTC - RP73 - Restore Operation


-- First Restore Point --
1: 2008-05-11 21:23:04 UTC - RP50 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ahmed.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:01, on 19/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Ahmed\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Ahmed\Desktop\DOWNLO~1\Ahmed.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! §u®„¶C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! §u®„¶C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [BM9b4d2ffd] Rundll32.exe "C:\WINDOWS\system32\qqmifnda.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8666 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Ahmed\Desktop\DOWNLO~1\backups\) ------

backup-20080518-234729-290 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080518-234729-735 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
backup-20080518-234729-955 O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&1FAF5EA3&0&10F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&1FAF5EA3&0&10F0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 00:50:28 0 d-------- C:\WINDOWS\LastGood
2008-05-18 20:58:15 0 d-------- C:\Program Files\Enigma Software Group
2008-05-18 20:35:37 0 d-------- C:\WINDOWS\Prefetch
2008-05-18 20:25:26 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 20:25:26 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 20:25:25 0 d-------- C:\WINDOWS\system32\en
2008-05-18 20:25:25 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 20:23:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-17 23:42:53 0 d-------- C:\Documents and Settings\Ahmed\Application Data\PC Tools
2008-05-17 20:15:39 0 d-------- C:\Documents and Settings\Ahmed\.housecall6.6
2008-05-17 15:58:07 0 d-------- C:\Program Files\Spyware Doctor
2008-05-17 11:18:09 125952 --a------ C:\WINDOWS\system32\qqmifnda.dll
2008-05-17 11:17:25 936066 --ahs---- C:\WINDOWS\system32\aIjPYcfe.ini2
2008-05-17 00:31:18 896358 --ahs---- C:\WINDOWS\system32\CbHPstwa.ini2
2008-05-16 14:47:14 135680 --a------ C:\WINDOWS\system32\gsoafvos.dll
2008-05-16 14:42:09 125952 --a------ C:\WINDOWS\system32\yohmupyi.dll
2008-05-15 15:39:37 77824 --a------ C:\WINDOWS\system32\ODBCTL32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-05-15 15:39:36 403216 --a------ C:\WINDOWS\system32\MsRepl35.dll <Not Verified; Microsoft Corporation; Microsoftģ Access>
2008-05-15 15:39:36 251664 --a------ C:\WINDOWS\system32\MSRD2x35.dll <Not Verified; Microsoft Corporation; Microsoftģ Jet>
2008-05-15 15:39:35 24336 --a------ C:\WINDOWS\system32\MSJtEr35.dll <Not Verified; Microsoft Corporation; Microsoftģ Jet>
2008-05-15 15:39:35 37136 --a------ C:\WINDOWS\system32\MSJInt35.dll <Not Verified; Microsoft Corporation; Microsoftģ Jet>
2008-05-15 15:39:35 1039360 --a------ C:\WINDOWS\system32\MSJet35.dll <Not Verified; Microsoft Corporation; Microsoftģ Jet>
2008-05-15 15:39:28 0 d-------- C:\Program Files\”Š”Š… „‘«ŚŪ— «Šř—«Ń
2008-05-15 14:39:14 116736 --a------ C:\WINDOWS\system32\hkwcxkax.dll
2008-05-15 14:36:14 133120 --a------ C:\WINDOWS\system32\kudcqsbi.dll
2008-05-15 14:27:57 125952 --a------ C:\WINDOWS\system32\lgukppew.dll
2008-05-15 14:27:14 897646 --ahs---- C:\WINDOWS\system32\XwaJQXbc.ini2
2008-05-14 20:01:55 133120 --a------ C:\WINDOWS\system32\avesouxp.dll
2008-05-14 19:55:53 126464 --a------ C:\WINDOWS\system32\ngcawdok.dll
2008-05-13 19:41:14 114176 -----n--- C:\WINDOWS\system32\eyfrbrlq.dll
2008-05-13 19:35:14 133632 --a------ C:\WINDOWS\system32\xmjgwwhu.dll
2008-05-13 19:30:26 123392 --a------ C:\WINDOWS\system32\uypcyamv.dll
2008-05-12 12:55:31 132096 --a------ C:\WINDOWS\system32\ubrvumwa.dll
2008-05-12 12:49:30 125952 --a------ C:\WINDOWS\system32\jhyckwqk.dll
2008-05-11 23:17:13 57344 --a------ C:\WINDOWS\system32\iifefFWn.dll
2008-05-11 22:22:54 638280 --ahs---- C:\WINDOWS\system32\Sttwyccf.ini2
2008-05-11 22:20:22 0 d-------- C:\Program Files\FXhome PhotoKey
2008-05-10 14:36:51 0 d-------- C:\Program Files\Radical Games
2008-05-06 13:28:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2008-05-06 13:17:29 0 d-------- C:\Program Files\Aspyr
2008-05-05 11:58:17 0 d-------- C:\Program Files\TGTSoft
2008-05-04 12:07:56 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-03 15:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-03 15:32:24 0 dr-h----- C:\MSOCache
2008-05-01 10:47:33 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-05-01 10:47:33 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-29 18:18:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-29 00:06:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-28 23:56:50 0 d-------- C:\ADOBE.ILLUSTRATOR.CS3 (with CRACK)
2008-04-28 23:40:10 0 d-------- C:\Program Files\PowerISO
2008-04-27 13:50:17 0 d-------- C:\Program Files\Thomson
2008-04-21 19:56:11 0 d-------- C:\vcs5BGEffects
2008-04-21 19:53:57 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-04-21 12:34:21 0 d-------- C:\Program Files\TVAnts
2008-04-21 12:32:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 12:32:11 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Yahoo!
2008-04-21 11:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-21 11:11:35 0 d-------- C:\Program Files\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-05-19 00:49:43 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Skype
2008-05-18 22:00:34 0 d-------- C:\Documents and Settings\Ahmed\Application Data\uTorrent
2008-05-18 20:25:46 0 d-------- C:\Program Files\Messenger
2008-05-18 20:25:25 0 d-------- C:\Program Files\Movie Maker
2008-05-18 20:22:37 0 d-------- C:\Program Files\Windows NT
2008-05-18 17:09:59 0 d-------- C:\Documents and Settings\Ahmed\Application Data\skypePM
2008-05-17 16:14:43 0 d-------- C:\Program Files\PassportPhoto
2008-05-17 12:42:31 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Canon
2008-05-14 20:15:59 0 d-------- C:\Program Files\TomTom HOME
2008-05-14 14:59:16 0 d-------- C:\Documents and Settings\Ahmed\Application Data\VoipCheapCom
2008-04-29 00:10:36 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Adobe
2008-04-27 17:33:50 5632 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-27 13:50:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 23:33:25 0 d-------- C:\Program Files\VoipCheapCom
2008-04-15 16:13:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-13 15:07:03 0 d-------- C:\Program Files\Creative Zone
2008-04-13 13:12:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 12:39:14 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Real
2008-04-13 12:38:20 0 d-------- C:\Program Files\Common Files
2008-04-13 12:38:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-13 12:38:19 0 d-------- C:\Program Files\Common Files\Real
2008-04-13 12:38:13 0 d-------- C:\Program Files\Real
2008-04-12 20:58:41 0 d--h----- C:\Documents and Settings\Ahmed\Application Data\IFViewer
2008-04-10 19:26:29 0 d-------- C:\Program Files\Stardock
2008-04-10 13:39:15 0 d-------- C:\Program Files\uTorrent
2008-04-10 01:48:46 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-08 18:55:21 0 d-------- C:\Program Files\Humax Digital
2008-04-08 15:18:32 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Sun
2008-04-08 00:32:28 0 d-------- C:\Program Files\FaceMorpher
2008-04-07 15:03:47 0 d-------- C:\Program Files\Java
2008-04-07 15:03:05 0 d-------- C:\Program Files\Common Files\Java
2008-04-06 15:48:14 0 d-------- C:\Program Files\Canon
2008-04-06 12:53:34 0 d-------- C:\Program Files\Tomb Raider - Anniversary
2008-04-06 12:39:42 0 d-------- C:\Program Files\MSXML 4.0
2008-04-06 12:17:31 0 d-------- C:\Program Files\Skype
2008-04-06 12:17:28 0 d-------- C:\Program Files\Common Files\Skype
2008-04-05 21:13:00 0 d-------- C:\Program Files\Bonjour
2008-04-05 21:08:01 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-05 15:33:23 0 d-------- C:\Program Files\EPSON Print CD
2008-04-05 15:33:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 15:05:07 0 d-------- C:\Program Files\TVUPlayer
2008-04-05 15:05:06 0 d-------- C:\Documents and Settings\Ahmed\Application Data\TVU Networks
2008-04-05 12:54:04 0 d-------- C:\Program Files\DAP
2008-04-05 12:53:03 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-04-05 12:44:46 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Nero
2008-04-05 12:44:19 0 d-------- C:\Program Files\Common Files\Nero
2008-04-05 12:43:28 0 d-------- C:\Program Files\Nero
2008-04-05 12:30:33 0 d-------- C:\Program Files\SopCast
2008-04-04 16:42:54 0 dr-h----- C:\Documents and Settings\Ahmed\Application Data\SecuROM
2008-04-04 01:11:30 0 d-------- C:\Program Files\CCleaner
2008-04-03 22:08:34 0 d-------- C:\Program Files\EA SPORTS
2008-04-03 21:15:36 0 d-------- C:\Program Files\Windows Live
2008-04-03 21:15:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 17:40:43 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-03 16:21:12 0 d-------- C:\Program Files\EPSON
2008-04-03 16:18:57 0 d-------- C:\Program Files\Common Files\L&H
2008-04-03 16:18:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-03 16:18:34 0 d-------- C:\Program Files\Microsoft Works
2008-04-03 15:52:45 0 d-------- C:\Program Files\Humax Toolbox
2008-04-03 15:52:43 0 d-------- C:\Program Files\MrDude
2008-04-03 15:14:56 0 d-------- C:\Program Files\Sega
2008-04-03 15:05:48 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Ubisoft
2008-04-03 14:50:22 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Macromedia
2008-04-03 14:50:18 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-03 14:44:08 0 d-------- C:\Program Files\Ubisoft
2008-04-03 14:44:01 0 d-------- C:\Documents and Settings\Ahmed\Application Data\InstallShield
2008-04-03 14:35:28 0 d-------- C:\Program Files\KONAMI
2008-04-03 02:47:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-03 02:47:36 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Mozilla
2008-04-03 02:39:10 0 d-------- C:\Documents and Settings\Ahmed\Application Data\Identities
2008-04-03 02:38:40 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-03 02:38:38 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-03 02:38:21 62 --ahs---- C:\Documents and Settings\Ahmed\Application Data\desktop.ini
2008-04-03 02:26:58 0 d-------- C:\Program Files\DAEMON Tools
2008-04-03 02:23:23 0 d-------- C:\Program Files\Marvell
2008-04-03 02:22:07 0 d-------- C:\Program Files\LIUtilities
2008-04-03 02:21:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 02:20:50 0 d-------- C:\Program Files\Intel
2008-04-03 02:19:49 0 d-------- C:\Program Files\Analog Devices
2008-04-03 01:56:30 0 d-------- C:\Program Files\microsoft frontpage
2008-04-03 01:56:16 0 -rahs---- C:\MSDOS.SYS
2008-04-03 01:56:16 0 -rahs---- C:\IO.SYS
2008-04-03 01:56:16 0 --a------ C:\CONFIG.SYS
2008-04-03 01:56:16 0 --a------ C:\AUTOEXEC.BAT
2008-04-03 01:55:27 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-03 01:54:50 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-03 01:54:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-03 01:53:53 0 d-------- C:\Program Files\Online Services
2008-04-03 01:53:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-11 16:25:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-03-11 16:25:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-03-11 16:25:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-11 16:25:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-03-11 16:25:00 1482752 --a------ C:\WINDOWS\system32\nview.dll
2008-03-11 16:25:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-03-11 16:25:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-11 16:25:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-04 18:52:34 286720 --a------ C:\WINDOWS\system32\libcurl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/03/2008 16:25]
"nwiz"="nwiz.exe" [11/03/2008 16:25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/03/2008 16:25]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21/12/2007 08:21]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [16/03/2007 09:06]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [03/04/2007 20:55]
"EPSON Stylus Photo R340 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.exe" [26/04/2005 04:00]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [09/04/2007 05:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23/01/2008 15:47]
"BM9b4d2ffd"="C:\WINDOWS\system32\qqmifnda.dll" [17/05/2008 11:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24/05/2006 19:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SpeedUpMyPC.lnk - C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe [4/6/2004 12:01:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcYPjIa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM9b4d2ffd]
Rundll32.exe "C:\WINDOWS\system32\qqmifnda.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
msconf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff669c2-21bf-11dd-b8ee-0018f3fe2d14}]
AutoRun\command- J:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7d47e2-1a91-11dd-b8df-0018f3fe2d14}]
AutoRun\command- K:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-05-19 00:54:50 ------------

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:57 AM

Posted 13 June 2008 - 07:55 PM

Hello ruuf

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Dss log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users