Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe Not Sure What It Is. Comp Hits 100% Usage Constantly. Don't Know How To Solve It


  • This topic is locked This topic is locked
37 replies to this topic

#1 w0lfm4n

w0lfm4n

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 06 June 2008 - 06:52 AM

Hey guys.
I have a fair few scanners and such on my pc as you should see in the hjt log, but even though when I look at that speedupmypc3 program from uniblue, everything is "high" BUT... my computer doesn't get below 50% cpu usage. I can't find the problem. I have ran uniblue spyeraser and registry booster, spybot, reg mech, reg cure, c cleaner stuff like that, and it all comes up clean... besides a few bad registry keys and such, unknown files, missing files and what not.
Any help would be HIGHLY appreciated.
Thanx

Deckard's System Scanner v20071014.68
Run by w0lfm4n on 2008-06-06 21:18:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-06-06 11:19:17 UTC - RP139 - Deckard's System Scanner Restore Point
74: 2008-06-06 10:44:48 UTC - RP138 - SpyEraser 06_06_2008_20_44_38
73: 2008-06-06 08:45:27 UTC - RP137 - Uniblue RegistryBooster
72: 2008-06-05 08:14:35 UTC - RP136 - Unsigned driver install
71: 2008-06-05 08:11:35 UTC - RP135 - Installed Speed S8800i


-- First Restore Point --
1: 2008-04-15 05:47:09 UTC - RP65 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as w0lfm4n.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:57 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesCACA Internet Security Suitecctraycctray.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
C:Program FilesRegistry MechanicRegMech.exe
C:WINDOWSFixCamera.exe
C:WINDOWStsnp2std.exe
C:WINDOWSvsnp2std.exe
C:Program FilesTrojanHunter 5.0THGuard.exe
C:Program FilesCACA Internet Security Suiteccprovsp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe
C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe
C:Program FilesUniblueSpyEraserSpyEraser.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywareCAPPActiveProtection.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
C:Program FilesSlySoftAnyDVDAnyDVD.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCAGlobal.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Documents and Settingsw0lfm4nDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1w0lfm4n.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCallingIDIE.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [cctray] "C:Program FilesCACA Internet Security Suitecctraycctray.exe"
O4 - HKLM..Run: [CAVRID] "C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe"
O4 - HKLM..Run: [cafw] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe -cl
O4 - HKLM..Run: [capfasem] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
O4 - HKLM..Run: [capfupgrade] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe
O4 - HKLM..Run: [RegistryMechanic] C:Program FilesRegistry MechanicRegMech.exe /H
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [FixCamera] C:WINDOWSFixCamera.exe
O4 - HKLM..Run: [tsnp2std] C:WINDOWStsnp2std.exe
O4 - HKLM..Run: [snp2std] C:WINDOWSvsnp2std.exe
O4 - HKLM..Run: [THGuard] "C:Program FilesTrojanHunter 5.0THGuard.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [SP2 Connection Patcher] "C:Program FilesSP2 Connection PatcherSP2ConnPatcher.exe" -n=200
O4 - HKCU..Run: [AnyDVD] C:Program FilesSlySoftAnyDVDAnyDVD.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Uniblue RegistryBooster 2] C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe /S
O4 - HKCU..Run: [Uniblue SpeedUpMyPC] C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe -s
O4 - HKCU..Run: [Uniblue SpyEraser] "C:Program FilesUniblueSpyEraserSpyEraser.exe" -m
O4 - HKUSS-1-5-21-484763869-1343024091-839522115-500..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Administrator')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194426542953
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ljjjkhi - C:WINDOWS
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:Program FilesCACA Internet Security Suiteccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe

--
End of file - 10925 bytes

-- HijackThis Fixed Entries (C:PROGRA~1TRENDM~1HIJACK~1backups) -----------

backup-20080329-165408-801 O4 - HKCU..Run: [MapEDC] C:Program FilesMapEDCMapEDC.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:windowssystem32driverspcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:windowssystem32driverssnp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCIVEN_10EC&DEV_8139&SUBSYS_813910EC&REV_104&11C9F252&0&28F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCIVEN_10EC&DEV_8139&SUBSYS_813910EC&REV_104&11C9F252&0&28F0
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 21:01:41 442 --a------ C:WINDOWSTasksRegCure Program Check.job
2008-06-05 05:10:56 376 --a------ C:WINDOWSTasksRegCure.job
2008-06-04 21:33:02 274 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC Nag.job
2008-06-04 21:20:04 268 --a------ C:WINDOWSTasksUniblue SpyEraser Nag.job
2008-05-29 17:41:28 518 --a------ C:WINDOWSTasksCAAntiSpywareScan_Daily as w0lfm4n at 2 10 PM.job
2008-05-25 21:20:52 342 --a------ C:WINDOWSTasksUniblue SpyEraser.job
2008-05-25 20:50:26 396 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 20:57:02 0 dr-h----- C:Documents and Settingsw0lfm4nRecent
2008-06-06 04:47:40 0 d-------- C:Documents and Settingsw0lfm4nApplication DataTrojanHunter
2008-06-05 18:57:00 0 d-------- C:Program FilesTrojanHunter 5.0
2008-06-05 18:12:02 94208 --a------ C:WINDOWSamcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2008-06-05 18:11:49 20480 --a------ C:WINDOWSFixCamera.exe <Not Verified; ; CameraFixer Application>
2008-06-05 18:11:48 344064 --a------ C:WINDOWSvsnp2std.exe <Not Verified; Sonix; CameraMonitor Application>
2008-06-05 18:11:48 110592 --a------ C:WINDOWStsnp2std.exe <Not Verified; ; tsnp2std>
2008-06-05 18:11:45 24960 --a------ C:WINDOWSsystem32driverssncamd.sys <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
2008-06-05 18:11:43 10305664 --a------ C:WINDOWSsystem32driverssnp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-06-05 18:11:39 61440 --a------ C:WINDOWSvsnp2std.dll <Not Verified; Sonix; >
2008-06-05 18:11:39 53248 --a------ C:WINDOWSsystem32csnp2std.dll <Not Verified; ; InstallUtil>
2008-06-05 18:11:39 147456 --a------ C:WINDOWSrsnp2std.dll <Not Verified; ; ResourceDLL>
2008-06-05 18:11:39 0 d-------- C:Program FilesCommon Filessnp2std
2008-06-05 17:49:10 0 d-------- C:Program FilesDriverGuide Toolkit
2008-06-04 17:51:32 0 d-------- C:Program FilesCCleaner
2008-06-03 18:09:35 105292 --a------ C:WINDOWSrestart.exe
2008-06-02 19:51:38 1160 --a------ C:WINDOWSmozver.dat
2008-06-02 18:39:53 0 d-------- C:Documents and Settingsw0lfm4nApplication DataTalkback
2008-06-02 18:39:13 0 --a------ C:WINDOWSnsreg.dat
2008-06-02 18:38:58 0 d-------- C:Documents and Settingsw0lfm4nApplication DataMozilla
2008-06-01 18:03:03 0 d-------- C:Program FilesOpera
2008-06-01 17:49:14 0 d-------- C:Documents and Settingsw0lfm4nApplication DataOpera
2008-06-01 17:48:56 0 d-------- C:Program FilesOpera 9.5 beta
2008-05-31 13:33:08 0 d-------- C:Programs
2008-05-25 21:09:05 0 d-------- C:Documents and SettingsAll UsersApplication DataUniblue
2008-05-25 20:50:10 0 d-------- C:Program FilesUniblue
2008-05-20 16:43:30 0 d-------- C:Documents and Settingsw0lfm4nApplication Datavlc
2008-05-20 16:41:02 0 d-------- C:Program FilesVideoLAN
2008-05-18 06:00:18 0 d-------- C:Program FilesNokia
2008-05-17 17:05:07 0 d-------- C:Documents and Settingsw0lfm4nApplication DataUniblue
2008-05-17 16:59:56 0 d-------- C:WINDOWSsystem32Adobe
2008-05-15 21:11:58 2560 --a------ C:WINDOWSsystem32bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>


-- Find3M Report ---------------------------------------------------------------

2008-06-06 21:03:04 0 d-------- C:Program FilesSP2 Connection Patcher
2008-06-06 18:10:13 0 d-------- C:Documents and Settingsw0lfm4nApplication DataCallingID
2008-06-05 19:28:31 0 d-------- C:Documents and Settingsw0lfm4nApplication DataLimeWire
2008-06-05 18:11:39 0 d-------- C:Program FilesCommon Files
2008-06-05 18:11:35 0 d--h----- C:Program FilesInstallShield Installation Information
2008-06-05 18:10:38 0 d-------- C:Program FilesCommon FilesInstallShield
2008-06-04 05:22:48 16 --a------ C:WINDOWSpopcinfo.dat
2008-06-01 13:38:35 0 d-------- C:Program FilesLavasoft
2008-06-01 13:37:20 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-05-30 18:04:56 0 d-------- C:Documents and Settingsw0lfm4nApplication DataVso
2008-05-26 02:24:03 664 --a------ C:WINDOWSsystem32d3d9caps.dat
2008-05-23 22:57:43 0 d-------- C:Documents and Settingsw0lfm4nApplication DatamIRC
2008-05-18 05:57:36 0 d-------- C:Documents and Settingsw0lfm4nApplication DataPC Suite
2008-05-14 17:04:07 0 d-------- C:Program Fileslimewire
2008-05-08 04:55:16 0 d-------- C:Program FilesJava
2008-05-03 15:09:01 720896 --a------ C:WINDOWSiun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-03 13:46:17 0 d-------- C:Program FilesDisk Games
2008-04-27 16:42:17 0 d-------- C:Program FilesDivX
2008-04-24 20:21:51 0 d-------- C:Program FilesWinLemm
2008-04-18 04:57:07 0 d-------- C:Program FilesCommon FilesScanner
2008-04-01 07:25:48 823296 --a------ C:WINDOWSsystem32divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 07:25:48 823296 --a------ C:WINDOWSsystem32divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 07:25:46 802816 --a------ C:WINDOWSsystem32divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 07:25:46 831488 --a------ C:WINDOWSsystem32divx_xx0a.dll
2008-04-01 07:25:46 682496 --a------ C:WINDOWSsystem32DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-22 06:30:08 3596288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-03-22 06:28:54 196608 --a----c- C:WINDOWSsystem32dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 06:28:54 81920 --a------ C:WINDOWSsystem32dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 06:28:20 12288 --a----c- C:WINDOWSsystem32DivXWMPExtType.dll
2008-03-07 17:19:04 2544 --a----c- C:WINDOWSunins000.dat
2008-03-07 17:15:38 691545 --a----c- C:WINDOWSunins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"IgfxTray"="C:WINDOWSsystem32igfxtray.exe" [06/21/2005 03:48 PM]
"HotKeysCmds"="C:WINDOWSsystem32hkcmd.exe" [06/21/2005 03:44 PM]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [07/09/2001 10:50 AM]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [02/22/2008 04:25 AM]
"cctray"="C:Program FilesCACA Internet Security Suitecctraycctray.exe" [05/22/2008 12:05 PM]
"CAVRID"="C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe" [04/15/2008 01:39 PM]
"cafw"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe" [04/15/2008 01:39 PM]
"capfasem"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe" [04/15/2008 01:39 PM]
"capfupgrade"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe" [04/15/2008 01:39 PM]
"RegistryMechanic"="C:Program FilesRegistry MechanicRegMech.exe" [08/20/2007 10:58 AM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [06/29/2007 06:24 AM]
"FixCamera"="C:WINDOWSFixCamera.exe" [06/01/2006 11:26 AM]
"tsnp2std"="C:WINDOWStsnp2std.exe" [01/06/2006 05:39 PM]
"snp2std"="C:WINDOWSvsnp2std.exe" [01/06/2006 01:57 PM]
"THGuard"="C:Program FilesTrojanHunter 5.0THGuard.exe" [03/25/2008 07:08 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 10:00 PM]
"NBJ"="C:Program FilesAheadNero BackItUpNBJ.exe" [10/11/2005 06:25 PM]
"SP2 Connection Patcher"="C:Program FilesSP2 Connection PatcherSP2ConnPatcher.exe" [07/11/2005 09:51 PM]
"AnyDVD"="C:Program FilesSlySoftAnyDVDAnyDVD.exe" [08/12/2007 09:28 PM]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [01/28/2008 10:43 AM]
"Uniblue RegistryBooster 2"="C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe" [05/14/2008 10:12 AM]
"Uniblue SpeedUpMyPC"="C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe" [05/25/2008 08:59 PM]
"Uniblue SpyEraser"="C:Program FilesUniblueSpyEraserSpyEraser.exe" [04/02/2008 09:50 AM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyljjjkhi]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyPFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:WINDOWSsystem32UmxWNP.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
"C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWireLessKeyboard ]
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWireLessMouse ]
C:Program FilesMultimedia Combo SetMouseDrv.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYahoo! Pager]
"C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8073 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-06 21:34:24 ------------
------------
Sorry guys,
This wasm also meant to be poseted with the hjt. Deckard told me so as you can see lol.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.80GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 503.48 MiB / 148.49 MiB
Pagefile Memory (total/avail): 1229.28 MiB / 664.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.12 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 14.44 GiB free.
D: is CDROM (No Media)

.PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: CA Personal Firewall v10.0.0.157 (CA)
AV: CA Anti-Virus v9.0.0.170 (CA, Inc.)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesBitCometBitComet.exe"="C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:mIRCmirc.exe"="C:mIRCmirc.exe:*:Enabled:mIRC"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:Program FilesICQ6ICQ.exe"="C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and Settingsw0lfm4nApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_02libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=W0LFM4N
ComSpec=C:WINDOWSsystem32cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and Settingsw0lfm4n
LOGONSERVER=W0LFM4N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSsystem32wbem;C:Program FilesIntelDMIX;C:Program FilesCommon FilesTeleca Shared;C:Program FilesQuickTimeQTSystem;C:WINDOWSMicrosoft.NETFrameworkv1.1.4322
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_02libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1w0lfm4nLOCALS~1Temp
TMP=C:DOCUME~1w0lfm4nLOCALS~1Temp
USERDOMAIN=W0LFM4N
USERNAME=w0lfm4n
USERPROFILE=C:Documents and Settingsw0lfm4n
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

w0lfm4n (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:Program FilesCACA Internet Security SuiteCA Personal Firewallsetupccinstaller.exe" /u /silent /module="fw"
--> C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11 --> C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
AnyDVD --> "C:Program FilesSlySoftAnyDVDAnyDVD-uninst.exe" /D="C:Program FilesSlySoftAnyDVD"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Bejeweled 2 Deluxe --> C:WINDOWSiun6002ev.exe "C:GamesBejewelled_2irunin.ini"
BitComet 1.01 --> C:Program FilesBitCometuninst.exe
CA Anti-Spyware --> "C:Program FilesCACA Internet Security SuiteCA Anti-Spywaresetupccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus --> C:Program FilesCACA Internet Security SuiteCA Anti-Virusunvet32.exe
CA Desktop DNA Migrator --> C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{41F61614-9978-4313-854E-B18ABA753EF6} /l1033 /s /f1"C:Program FilesCACA Internet Security SuiteCA Desktop DNA Migratordnaunset.iss"
CA Internet Security Suite --> "C:Program FilesCACA Internet Security Suitecaunst.exe" /u
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CA Website Inspector --> MsiExec.exe /X{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}
Canasta for Windows --> C:GamesCanastaUNWISE.EXE C:GamesCanastaINSTALL.LOG
CCleaner (remove only) --> "C:Program FilesCCleaneruninst.exe"
CloneDVD2 --> "C:Program FilesCloneDVD2CloneDVD2-uninst.exe" /D="C:Program FilesCloneDVD2"
ConvertXtoDVD 2.2.3.258h --> "C:Program FilesVSOConvertXtoDVDunins000.exe"
coolbuddy screensaver vin diesel --> "C:Program Filescoolbuddy screensaver vin dieselunins000.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter --> C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Dolphin Pocket Cam --> C:WINDOWSrestart.exe /U D:Cameradisk1INSTALL.LOG
DriverGuide Toolkit --> C:Program FilesDriverGuide Toolkituninstall.exe
DVD Shrink 3.2 --> "C:Program FilesDVD Shrinkunins000.exe"
Free Solitaire --> C:GamesFREESO~1UNWISE.EXE C:GamesFREESO~1INSTALL.LOG
Free WMA to MP3 Converter 1.08 --> "C:Program FilesFree WMA to MP3 Converterunins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
ICQ6 --> C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe -runfromtemp -l0x0009 -removeonly
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_2562
Intel® PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
InterActual Player --> C:Program FilesInterActualInterActual Playerinuninst.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
LimeWire 4.16.7 --> "C:Program FilesLimeWireuninstall.exe"
LimeWire Download Accelerator 4.12.11 --> C:Program FilesLimeWire Download AcceleratorUninstall.exe
Mega Solitaire --> C:WINDOWSIsUninst.exe -f"C:Program FilesDisk GamesMega SolitaireUninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
Multimedia Combo Set --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}
Nero OEM --> C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Network Play System (Patching) --> C:WINDOWSIsUninst.exe -f"C:Program FilesElectronic ArtsNetwork Play SystemNPSPatch.isu"
Nokia Multimedia Player --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}
Pop'em v1.1 --> c:GamesPopEmunins000.exe
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PSP Max Media Manager --> "C:Program FilesPSP Max Media Managerunins000.exe"
Pumpkin Patch Screen Saver --> "C:PROGRA~1Freeze.comPumpkin PatchUNINSTAL.EXE"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RegCure 1.3.0.2 --> C:Program FilesRegCureuninst.exe
Registry Mechanic 7.0 --> "C:Program FilesRegistry Mechanicunins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SP2 Connection Patcher --> C:Program FilesSP2 Connection Patcheruninstall.exe
Speed S8800i --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{75438C0E-9925-412E-AD85-D0E71C6CE2ED}Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:Program FilesSpybot - Search & Destroyunins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:WINDOWSunins000.exe"
Swann ProSurfer External Modem Installer --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFPROSRFR.INF, DefaultUninstall.ntx86
TeamViewer 3 --> C:Program FilesTeamViewer3uninstall.exe
The Sims Vacation --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3D9231F6-A287-4222-9EBC-519BB206F590}setup.exe" -l0009
Trixoid --> C:GamesTrixoidunins000.exe
TrojanHunter 5.0 --> "C:Program FilesTrojanHunter 5.0unins000.exe"
Uniblue RegistryBooster 2 --> "C:Program FilesUniblueRegistryBooster 2unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:Program FilesUniblueSpeedUpMyPC 3unins000.exe"
Uniblue SpyEraser --> "C:Program FilesUniblueSpyEraserunins000.exe"
VideoLAN VLC media player 0.8.6f --> C:Program FilesVideoLANVLCuninstall.exe
Windows Imaging Component --> "C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Install Manager --> C:WINDOWSsystem32regsvr32 /u C:PROGRA~1Yahoo!CommonYINSTH~1.DLL
Yahoo! Messenger --> C:PROGRA~1Yahoo!MESSEN~1UNWISE.EXE /U C:PROGRA~1Yahoo!MESSEN~1INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type8688 / Error
Event Submitted/Written: 06/06/2008 09:24:18 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type8686 / Success
Event Submitted/Written: 06/06/2008 09:02:46 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe registered successfully

Event Record #/Type8684 / Success
Event Submitted/Written: 06/06/2008 09:01:43 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type8683 / Success
Event Submitted/Written: 06/06/2008 09:01:40 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0

Event Record #/Type8682 / Success
Event Submitted/Written: 06/06/2008 09:01:40 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27150 / Error
Event Submitted/Written: 06/06/2008 09:03:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP SSL service failed to start due to the following error:
%%1053

Event Record #/Type27149 / Error
Event Submitted/Written: 06/06/2008 09:03:18 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 58.107.193.55,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type27148 / Error
Event Submitted/Written: 06/06/2008 09:03:17 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Event Record #/Type27123 / Error
Event Submitted/Written: 06/06/2008 06:24:14 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 58.107.193.55,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type27122 / Error
Event Submitted/Written: 06/06/2008 06:23:05 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 169.254.251.149,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.



-- End of Deckard's System Scanner: finished at 2008-06-06 21:34:24 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 06 June 2008 - 01:31 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:49 PM

Posted 01 July 2008 - 07:08 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 05 July 2008 - 04:15 AM

Here is the log. Please, I just want to find out if there are any problems on this pc I need to know about. Not taking too much of your time, as I thing I maybe clean... but I want an exp[ert opinion... that is it. Thanx. I am sick of posting logs, and not having them answered at all... even though viewed by god knows how many :thumbsup: It is a real frustration, and depressing.
Any help would be good.

Deckard's System Scanner v20071014.68
Run by oneness on 2008-07-05 19:04:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as oneness.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:01 PM, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\oneness.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213184645593
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 9385 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 19:02:12 0 dr-h----- C:\Documents and Settings\oneness\Recent
2008-07-04 08:56:19 421640 --a------ C:\WINDOWS\taz.exe <Not Verified; Macromedia, Inc.; Flash 5.0>
2008-07-04 08:56:19 18192 --a------ C:\WINDOWS\taz.dat <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-04 08:56:18 464112 --a------ C:\WINDOWS\taz.scr <Not Verified; MacSourcery; ScreenTime for Flash>
2008-07-04 08:56:18 40960 --a------ C:\WINDOWS\taz.dll <Not Verified; MacSourcery; Saver DLL>
2008-07-02 05:11:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 05:11:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 05:11:23 0 d-------- C:\Documents and Settings\oneness\Application Data\SUPERAntiSpyware.com
2008-07-01 18:55:39 0 d-------- C:\Frost
2008-07-01 18:55:24 0 d-------- C:\Documents and Settings\oneness\Application Data\FrostWire
2008-07-01 18:52:10 0 d-------- C:\Program Files\FrostWire
2008-07-01 18:49:58 0 d-------- C:\Documents and Settings\oneness\Incomplete
2008-07-01 18:49:36 0 d-------- C:\Documents and Settings\oneness\Application Data\MP3Rocket
2008-07-01 18:47:39 0 d-------- C:\Program Files\AskSBar
2008-07-01 17:35:04 0 d-------- C:\Documents and Settings\oneness\DoctorWeb
2008-06-29 00:43:16 4096 --a------ C:\WINDOWS\system32\crash
2008-06-28 20:28:17 0 d-------- C:\Documents and Settings\oneness\Application Data\SecondLife
2008-06-28 17:28:52 0 d-------- C:\Program Files\SecondLife
2008-06-27 22:01:47 44224 -ra------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
2008-06-26 12:25:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\TeamViewer
2008-06-25 18:31:20 0 d-------- C:\Documents and Settings\oneness\Application Data\TeamViewer
2008-06-25 18:29:59 0 d-------- C:\Program Files\TeamViewer3
2008-06-25 18:25:53 0 d-------- C:\Documents and Settings\oneness\temp
2008-06-23 19:26:11 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-23 19:24:09 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-06-23 19:23:51 290964 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-06-23 19:22:51 0 d-------- C:\WINDOWS\system32\PAV
2008-06-23 19:22:08 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-06-23 19:21:57 0 d-------- C:\Program Files\Panda Security
2008-06-23 19:16:33 0 d-------- C:\Program Files\Common Files\Panda Software
2008-06-22 11:23:31 0 d-------- C:\Documents and Settings\oneness\.unlimitedftp
2008-06-22 11:02:22 0 d-------- C:\Webpage
2008-06-22 10:36:27 235600 --a------ C:\WINDOWS\uninstall Kung_Fu_.exe
2008-06-22 10:36:26 5981830 --a------ C:\WINDOWS\Kung_Fu_.scr
2008-06-21 19:32:51 389100 --a------ C:\WINDOWS\Simpsons.scr <Not Verified; MacSourcery; CineMac for Director>
2008-06-21 19:32:51 2305670 --a------ C:\WINDOWS\Simpsons.exe <Not Verified; Macromedia, Inc.; Director 8 Shockwave Studio>
2008-06-21 19:32:51 29696 --a------ C:\WINDOWS\mickey32.dll <Not Verified; MacSourcery; Mickey DLL>
2008-06-21 13:34:20 0 d-------- C:\WINDOWS\Performance
2008-06-21 13:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-21 13:33:26 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-20 19:30:57 0 d-------- C:\Program Files\CCleaner
2008-06-20 19:27:21 0 d-------- C:\Program Files\Elaborate Bytes
2008-06-20 18:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-20 13:28:31 0 d-------- C:\Program Files\common
2008-06-20 13:28:30 0 d-------- C:\Program Files\ConvertXtoDVD
2008-06-20 13:08:18 47360 --a------ C:\Documents and Settings\oneness\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-20 13:08:17 0 d-------- C:\Documents and Settings\oneness\Application Data\Vso
2008-06-20 13:08:04 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-06-20 13:08:04 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-06-20 13:08:04 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-06-20 13:08:04 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-06-18 22:44:18 0 d-------- C:\WINDOWS\Do
2008-06-18 17:44:56 16 --a------ C:\WINDOWS\popcinfo.dat
2008-06-18 04:55:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-15 17:39:42 0 d-------- C:\Documents and Settings\oneness\Application Data\ImgBurn
2008-06-15 17:37:05 0 d-------- C:\Program Files\ImgBurn
2008-06-15 17:28:21 0 d-------- C:\Notepad
2008-06-15 17:22:15 0 d-------- C:\Program Files\ProcessExplorer
2008-06-15 17:18:44 0 d-------- C:\Program Files\TcpView
2008-06-14 12:17:41 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-06-14 12:17:40 0 d-------- C:\WINDOWS\system32\Lang
2008-06-14 12:09:29 744 -----n--- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-06-14 12:09:29 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2008-06-14 12:09:29 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2008-06-14 11:21:38 0 d-------- C:\Documents and Settings\oneness\Application Data\Malwarebytes
2008-06-14 11:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 11:21:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 10:50:58 0 d-------- C:\Program Files\Trend Micro
2008-06-14 02:29:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-14 02:24:25 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-14 01:40:02 0 d-------- C:\CloneDVDTemp
2008-06-13 21:55:44 0 d-------- C:\Program Files\CloneDVD2
2008-06-13 21:55:04 0 d-------- C:\Program Files\SlySoft
2008-06-13 20:20:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-13 20:12:39 0 d--h----- C:\Program Files\Creative Installation Information
2008-06-13 20:12:39 0 d-------- C:\Program Files\Common Files\Creative
2008-06-13 20:10:48 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-13 18:13:09 0 d-------- C:\Program Files\Intel
2008-06-13 17:23:18 0 d-------- C:\Documents and Settings\oneness\Application Data\Google
2008-06-13 17:22:31 0 d-------- C:\Program Files\Google
2008-06-13 17:20:48 0 d-------- C:\Games
2008-06-13 15:56:20 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-13 15:56:05 0 d-------- C:\Documents and Settings\oneness\WINDOWS
2008-06-13 15:37:07 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-13 15:37:07 0 d-------- C:\Program Files\Belarc
2008-06-13 15:09:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-13 13:59:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-06-13 13:57:37 0 d-------- C:\Documents and Settings\oneness\Application Data\SlySoft
2008-06-13 13:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-13 13:45:26 0 d-------- C:\Program Files\AnyDVD
2008-06-13 12:55:05 0 d-------- C:\Music
2008-06-11 23:51:09 0 d-------- C:\Incomplete
2008-06-11 23:50:55 0 d-------- C:\LimeWireDownloads
2008-06-11 23:49:44 0 d-------- C:\Documents and Settings\oneness\Application Data\LimeWire
2008-06-11 23:49:09 0 d-------- C:\Program Files\LimeWire
2008-06-11 23:07:16 0 d-------- C:\WINDOWS\Prefetch
2008-06-11 22:57:36 0 d-------- C:\WINDOWS\system32\scripting
2008-06-11 22:57:35 0 d-------- C:\WINDOWS\l2schemas
2008-06-11 22:57:33 0 d-------- C:\WINDOWS\system32\en
2008-06-11 22:57:33 0 d-------- C:\WINDOWS\system32\bits
2008-06-11 22:54:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-11 22:51:54 0 d-------- C:\WINDOWS\network diagnostic
2008-06-11 21:56:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-11 21:52:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-11 21:52:38 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-11 21:45:17 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-11 21:17:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 21:09:14 0 d-------- C:\Themes
2008-06-11 20:33:37 0 d-------- C:\Downloads
2008-06-11 19:48:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-11 19:36:31 0 d-------- C:\Documents and Settings\oneness\Application Data\Uniblue
2008-06-11 19:05:52 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-11 19:05:32 0 d-------- C:\Program Files\Nokia
2008-06-11 19:03:27 0 d-------- C:\Program Files\Uniblue
2008-06-11 18:58:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-11 18:56:08 0 d-------- C:\Program Files\Yahoo!
2008-06-11 18:50:54 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2008-06-11 18:50:51 344064 --a------ C:\WINDOWS\vsnp2std.exe <Not Verified; Sonix; CameraMonitor Application>
2008-06-11 18:50:51 110592 --a------ C:\WINDOWS\tsnp2std.exe <Not Verified; ; tsnp2std>
2008-06-11 18:50:49 24960 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
2008-06-11 18:50:46 61440 --a------ C:\WINDOWS\vsnp2std.dll <Not Verified; Sonix; >
2008-06-11 18:50:46 10305664 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-06-11 18:50:46 53248 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-06-11 18:50:46 147456 --a------ C:\WINDOWS\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-06-11 18:50:46 0 d-------- C:\Program Files\Common Files\snp2std


-- Find3M Report ---------------------------------------------------------------

2008-07-04 08:54:05 0 d-------- C:\Documents and Settings\oneness\Application Data\Real
2008-07-02 05:10:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 20:09:28 0 d-------- C:\Program Files\DAEMON Tools
2008-06-23 19:22:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-23 19:16:33 0 d-------- C:\Program Files\Common Files
2008-06-21 11:47:08 5164 --a------ C:\Documents and Settings\oneness\Application Data\CleanUp!.log
2008-06-20 19:03:27 33 --a------ C:\Documents and Settings\oneness\Application Data\pcouffin.log
2008-06-20 19:03:24 1144 --a------ C:\Documents and Settings\oneness\Application Data\pcouffin.inf
2008-06-20 19:03:24 7887 --a------ C:\Documents and Settings\oneness\Application Data\pcouffin.cat
2008-06-20 19:02:08 668 --a------ C:\Documents and Settings\oneness\Application Data\vso_ts_preview.xml
2008-06-20 13:08:00 0 d-------- C:\Program Files\vso
2008-06-18 17:36:07 0 d-------- C:\Documents and Settings\oneness\Application Data\VSO_HWE
2008-06-18 04:55:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-18 04:53:14 0 d-------- C:\Documents and Settings\oneness\Application Data\AdobeUM
2008-06-13 20:24:59 0 d-------- C:\Documents and Settings\oneness\Application Data\Creative
2008-06-13 20:12:47 0 d-------- C:\Program Files\Creative
2008-06-13 20:10:48 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-12 09:34:26 0 d-------- C:\Program Files\Java
2008-06-11 22:58:14 0 d-------- C:\Program Files\Messenger
2008-06-11 22:57:32 0 d-------- C:\Program Files\Movie Maker
2008-06-11 22:53:57 0 d-------- C:\Program Files\Windows NT
2008-06-11 18:57:34 0 d-------- C:\Documents and Settings\oneness\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [06/18/2003 01:00 AM]
"CTHelper"="CTHELPER.EXE" [03/19/2004 06:33 PM C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [01/06/2006 05:39 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [01/06/2006 01:57 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"P17Helper"="P17.dll" [12/28/2007 06:32 PM C:\WINDOWS\system32\P17.dll]
"SoundMan"="SOUNDMAN.EXE" [01/09/2004 02:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [10/04/2007 03:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [04/02/2008 09:50 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [05/14/2008 10:12 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [04/02/2008 09:50 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 10:12 AM]
"SetDefaultMIDI"="MIDIDef.exe" [12/03/2002 07:16 PM C:\WINDOWS\MIDIDEF.EXE]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [11/17/2006 07:42 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [05/28/2008 04:10 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 07:02 PM 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-05 19:11:31 ------------

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:49 PM

Posted 05 July 2008 - 03:15 PM

Hello w0lfm4n,

I have merged your latest HJT topic with your previously existing topic, which received a response on July 1. Please note that we are all volunteers here and that there are a large number of logs, over 400 right now, and limited personnel to handle them. Also, the number of views does not mean that the topic was viewed that many times by HJT Team members. Guest views are counted as are the views of anyone who reads the topic including people with similar infections looking for answers.

Please keep all posts regarding this issue to this topic by using the Add Reply button at the bottom of the topic. Starting new topics confuses things and delays the assistance you receive. Please be sure to subscribe to this topic so you are notified when you get a response.

Back to you suebaby41.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 06 July 2008 - 12:45 AM

*sighs*
Y thanx orange blossom. If you had seen the logs, you would notice, that they are two different comps.
The first log, is from my other pc that is sitting right beside me, I gave up on it, and bought a new pc. The log you merged is from a pc I just recently bought second hand. The two pc's are not merged, y should their logs be?
So now... the volunteer is even MORE confused. Lookin at two diff comps. The first one, there could be a whole bunch wrong with it, but it is pointless lookin at that now. Okay Sue, forget the first log. Look at the second log. That is the only one that matters right now. All I want to know is, if it is clean or if it is not. Just a few niggles due to files not leaving that have me worried... but yeah...

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:49 PM

Posted 06 July 2008 - 12:21 PM

Thanks for clearing that up. I did not realize you were referring to two computers. I am looking at the last log so that is the one I will use.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:49 PM

Posted 06 July 2008 - 02:35 PM

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

I noticed that you have some programs that need to be updated.

Step 1

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right. When a new window opens, you will see
    NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
    Required: You must accept the license agreement to download the product.
  • Click to place a check mark by Accept License Agreement.
  • Make the selection corresponding to your computer platform. For Windows, click on Windows Offline Installation, Multi-languagelink to download. Save it to your desktop.
  • On your desktop, double-click on jre-6u6-windows-i586-p.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the Welcome To Java and Verify Installation page.

Step 2

Your "Adobe Reader" is out of date.
You may want to download the latest version, Adobe® Reader® 8.

Step 3

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 4

Please download Ad-Aware 2008.
Please check this link, Ad-Aware 2007/ 2008 for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 5

I recommend using Spyware Blaster.
Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 6

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 7

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 8

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Step 9
  • Please disable Spybot - Search and Destroy TeaTimer, as it will prevent HijackThis from fixing the infection. You can enable it after you're clean. To disable Spybot - Search and Destroy TeaTimer:
    • Open Spybot - Search and Destroy
    • Click on Mode and check Advanced Mode
    • Check yes to next window.
    • Click on Tools in bottom left hand corner.
    • Click on System Startup icon.
    • Uncheck Teatimer box.
    • Click Allow Change box.
  • If needed, How To Disable Spybot Search and Destroy TeaTimer.
Step 10

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 11

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would not be removing the program itself, just removing them from your startup.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would not be removing the program itself, just removing them from your startup.

Step 12

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 13

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of file names and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.

Edited by suebaby41, 06 July 2008 - 02:51 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 07 July 2008 - 08:15 AM

Thanx Sue,
When I ran hjt, it done bout 4 things, and then came up with an error, I attatched the jpg dso you can see. I clicked no... here is the rest of the log after doing all you said...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:39 PM, on 7/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\oneness\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213184645593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215324571625
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 8648 bytes

Thanx again

Attached Files



#9 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 07 July 2008 - 08:18 AM

Ps, when i ran the piriform CCleaner... i still see...
ANALYSIS COMPLETE - (0.124 secs)
------------------------------------------------------------------------------------------
493 bytes to be removed. (Approximate size)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
C:\Documents and Settings\oneness\Local Settings\Temp\CB82C842.TMP 185 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 308 bytes
------------------------------------------------------------------------------------------

Dunno if that helps you identify anything tho...

Thanx again

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:49 PM

Posted 07 July 2008 - 10:28 AM

I did not see any obvious malware. Let's do one more cleaning.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Tips To Protect Your Computer
  • Avoid inviting the monsters in by clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • There are horrible critters out there just waiting to pounce on your system if you only pass by where they are lurking, which may be at some seemingly innocent web site. Be careful because some of these monsters are so vicious that no one can possibly save you once you let them in.
  • Remember that new bad stuff emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
Tools Downloaded To Clean Your Computer

I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware 2007/2008 scans, detects, and removes spyware on your computer.
  • ATF-Cleaner features include:
    • Cleaning of all user temp folders, administrator only can use this feature.
    • Cleaning of the Java cache, which seems to be harboring more and more malware.
    • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
    • Scan weekly if you have high Internet use.
  • HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
Restore the default settings for files/folders.
  • Go to My Computer.
  • Select the Tools menu and click Folder Options.
  • Click the View tab.
  • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  • Click Apply and then the OK and close My Computer.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

Steps To Keep Your Computer Clean And Secure:

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2007/2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Ad-Aware 2007/2008.
  • Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 07 July 2008 - 02:24 PM

Hey Sue,
When I clicked on the IE-Spyad, I got this, so downloaded what it said to download....
Please Note: the original IE-SPYAD format that used .REG files to load and unload the Restricted Sites list is no longer available and will not be maintained. The same holds true for IE-SPYAD2. Both are replaced by what used to be called IE-SPYAD for ZonedOut. ZonedOut is a free utility that loads and unloads a plain text list of domains into the Restricted sites zone. You can think of ZonedOut as an improved replacement for the .BAT file utility used in the "original" IE-SPYAD. This new version of IE-SPYAD provides the same protection as the old version, but is easier to use and maintain.

http://www.funkytoad.com/content/view/15/33/
I did the hjt, still came up with that same error for some reason, but did as you said to.
When using that cclean, I am still geting those two things staying behind, I can't get rid of them. It should get rid of everything, not leave something behind. When I use the prog on my other pc, there was nothing left behind, hence wy I think it isn't a legit file or something. The userenv,log saeems a legit file, but the CB82C842.TMP... cos it is a tmp, could be a dropper virus or something? But yeah... i not sure.
Thank you for everything tho hey. Cheers

#12 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 07 July 2008 - 02:26 PM

The new HJT for you to have a look at. Cheers
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:19 AM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\oneness\Desktop\Scanners\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213184645593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215324571625
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 9313 bytes

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:49 PM

Posted 07 July 2008 - 08:40 PM

You can always delete .tmp files. They are just temporary and can be deleted. Use ATF-Cleaner to delete .tmp files. I recommend running it weekly or more often.
  • Please download ResetTeaTimer.bat.
  • Double click the file to remove all entries set by TeaTimer.
  • Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -


  • Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
  • Turn TeaTimer back on after we finish cleaning your HijackThis log.
Please post a new HijackThis log.

Edited by suebaby41, 07 July 2008 - 08:41 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 08 July 2008 - 01:58 AM

Hey Sue,

You can always delete .tmp files. They are just temporary and can be deleted. Use ATF-Cleaner to delete .tmp files. I recommend running it weekly or more often.

I know I can delete temps at any times, but what happens is, I delete that certain one, and 2 seconds later it is back. Even if I am doing nothing, it appears.
I go to the actual location

C:\Documents and Settings\oneness\Local Settings\Temp\CB82C842.TMP 185 bytes

and delete it, refresh page, and it is back again.
I clicked on the resetTeaTimer.bat and it took me too

http://forums.net-integration.net/index.ph...t&id=141095

which was a bad link, saying That internet explorer can't display the page...
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
That error. I will have a search on the main site of it, for ResetTeaTmer.bat... could be in a new post. Nope, seems the site is havin probs or something....?

#15 w0lfm4n

w0lfm4n
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 08 July 2008 - 04:53 AM

http://downloads.subratam.org/ResetTeaTimer.bat <=-- I ended up getting the resetteatimer.bat from that sight, from a sight that is pretty much exactly the same as this forum, I mean colours and EVERYthing... but it was http://www.lavasoftsupport.com lol. copyright or what :thumbsup:
New HJT post, though, I am still getting that error msg that I attached to a previous post. Is there a way to make HJT run without that error please?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:21 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\oneness\Desktop\Scanners\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213184645593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215324571625
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 9156 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users