Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware I Can't Get Rid Of


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rellium Prime

Rellium Prime

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 16 June 2008 - 09:40 PM

I have the same exact problem as this guy

http://www.bleepingcomputer.com/forums/t/152543/spyware-i-cant-get-rid-off/ <
Keep getting the same exact pop ups and messages as him. and my background changed too

I did what the guy who replied said to do. I used the deckard's system scanner.
The Main.txt and extra.txt both popped up and I copied them. they say this....

Main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-16 20:58:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-06-17 01:58:32 UTC - RP841 - Deckard's System Scanner Restore Point
28: 2008-06-16 22:59:00 UTC - RP840 - Last known good configuration
27: 2008-06-16 22:58:46 UTC - RP839 - Restore Operation
26: 2008-06-16 22:58:46 UTC - RP838 - Last known good configuration
25: 2008-06-16 22:58:46 UTC - RP837 - System Checkpoint


-- First Restore Point --
1: 2008-06-16 22:58:41 UTC - RP813 - Removed Network Magic


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.85 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 21:01:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\444.470
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Documents and Settings\Administrator\lsass.exe
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {393D097B-570F-455F-94AC-183373D073C8} - C:\WINDOWS\system32\hgGyvWmJ.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: (no name) - {AB268D16-3B58-482F-91EB-8D305534302F} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cb5a26c3-d9b3-4ab0-9efc-443595518284} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {E48A2EA0-F506-4817-A3F9-FB342CAD41D8} - C:\WINDOWS\system32\ssqQgghF.dll
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: (no name) - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - (no file)
O3 - Toolbar: (no name) - {6e4cc754-caa4-4576-9af1-68323d5760d4} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Administrator\lsass.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntaxdn.exe DWram1FF
O4 - HKLM\..\Run: [f8001566] rundll32.exe "C:\WINDOWS\system32\yfwysewd.dll",b
O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} () -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139390933264
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139391059576
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} () - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzled...aploader_v7.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: hgGyvWmJ - C:\WINDOWS\system32\hgGyvWmJ.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 14436 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 hsfdpsp22 - c:\windows\system32\drivers\hsfdpsp22.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys
R3 E1000 (Intel® PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S2 UFZAIAFD - c:\windows\system32\ufzaiafd.trg (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 PRISM_A02 (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\prismaxp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 FastTrackInstallerService (M-Audio Fast Track Installer) - c:\program files\m-audio\fast track usb\mausbftinst.exe
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"

S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 17:44:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 19:34:21 10752 --a------ C:\WINDOWS\sistem.exe
2008-06-16 19:34:20 15872 --a------ C:\WINDOWS\notepad32.exe
2008-06-16 19:34:20 17408 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-16 19:34:19 21760 --a------ C:\WINDOWS\iexplorer.exe
2008-06-16 19:34:18 28928 --a------ C:\WINDOWS\explore.exe
2008-06-16 19:34:17 17152 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-16 19:34:16 24832 --a------ C:\WINDOWS\avpcc.dll
2008-06-16 18:24:09 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-16 18:23:56 0 d-------- C:\Program Files\Spyware Doctor
2008-06-16 18:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-16 18:23:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-16 18:06:54 0 d-------- C:\Program Files\AntispyStorm
2008-06-16 18:00:35 13824 --a------ C:\WINDOWS\svcinit.exe
2008-06-16 18:00:35 14080 --a------ C:\WINDOWS\svchost32.exe
2008-06-16 18:00:35 18688 --a------ C:\WINDOWS\searchword.dll
2008-06-16 18:00:34 24832 --a------ C:\WINDOWS\rundll16.exe
2008-06-16 18:00:34 32000 --a------ C:\WINDOWS\quicken.exe
2008-06-16 18:00:33 32256 --a------ C:\WINDOWS\qttasks.exe
2008-06-16 18:00:33 22784 --a------ C:\WINDOWS\mswsc20.dll
2008-06-16 18:00:33 11264 --a------ C:\WINDOWS\mswsc10.dll
2008-06-16 18:00:33 15104 --a------ C:\WINDOWS\msupdate.exe
2008-06-16 18:00:32 17664 --a------ C:\WINDOWS\mssys.exe
2008-06-16 18:00:32 29440 --a------ C:\WINDOWS\msspi.dll
2008-06-16 18:00:32 27648 --a------ C:\WINDOWS\msconfd.dll
2008-06-16 18:00:31 22528 --a------ C:\WINDOWS\loader.exe
2008-06-16 18:00:31 27392 --a------ C:\WINDOWS\internet.exe
2008-06-16 18:00:30 32256 --a------ C:\WINDOWS\inetinf.exe
2008-06-16 18:00:29 27904 --a------ C:\WINDOWS\iedll.exe
2008-06-16 18:00:29 26624 --a------ C:\WINDOWS\helpcvs.exe
2008-06-16 18:00:28 29952 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-16 18:00:28 21760 --a------ C:\WINDOWS\funny.exe
2008-06-16 18:00:28 16896 --a------ C:\WINDOWS\funniest.exe
2008-06-16 18:00:28 26112 --a------ C:\WINDOWS\explorer32.exe
2008-06-16 18:00:27 17152 --a------ C:\WINDOWS\editpad.exe
2008-06-16 18:00:27 16640 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-16 18:00:27 13568 --a------ C:\WINDOWS\directx32.exe
2008-06-16 18:00:27 8448 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-16 18:00:08 123392 --a------ C:\WINDOWS\system32\yfwysewd.dll
2008-06-16 17:53:49 0 d-------- C:\Program Files\Network Monitor
2008-06-16 17:53:47 0 d-------- C:\Program Files\Tencent
2008-06-16 17:53:43 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-16 15:58:51 19475 --ahs---- C:\WINDOWS\system32\FhggQqss.ini2
2008-06-16 15:58:46 300544 --a------ C:\WINDOWS\system32\ssqQgghF.dll
2008-06-16 15:57:27 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-16 15:54:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-16 15:54:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-16 15:54:30 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-16 15:54:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-16 15:54:19 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-16 15:54:18 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-16 15:54:15 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-06-16 15:54:11 90073 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-16 15:54:11 90073 --a------ C:\WINDOWS\lfn.exe
2008-06-16 15:54:10 200768 --a------ C:\WINDOWS\system32\tcntaxdn.exe
2008-06-16 15:54:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-06-16 15:54:02 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-06-16 15:54:02 0 d--hs---- C:\WINDOWS\SmVzc2UgR3JhdmVz
2008-06-16 15:53:53 86144 --a------ C:\WINDOWS\system32\drivers\hsfdpsp22.sys
2008-06-16 15:53:48 0 d-------- C:\WINDOWS\system32\xc
2008-06-16 15:53:48 0 d-------- C:\WINDOWS\system32\pb109
2008-06-16 15:53:48 0 d-------- C:\WINDOWS\system32\dgi
2008-06-16 15:53:48 0 d-------- C:\WINDOWS\system32\3039a
2008-06-16 15:53:48 52224 ---hs---- C:\Documents and Settings\Administrator\lsass.exe
2008-06-16 15:53:46 0 d-------- C:\WINDOWS\system32\netrax18
2008-06-16 15:53:45 0 d-------- C:\Temp
2008-06-16 15:53:42 89600 --a------ C:\WINDOWS\system32\hgGyvWmJ.dll
2008-06-16 15:15:01 0 d-------- C:\My Downloads
2008-06-16 15:14:14 0 d-------- C:\Program Files\BearShare
2008-06-15 09:39:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-14 17:23:52 0 d-------- C:\WINDOWS\pss
2008-06-14 16:59:02 0 d-------- C:\Program Files\CCleaner
2008-06-14 15:52:33 0 d-------- C:\Program Files\Lavasoft
2008-06-14 15:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 15:50:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 16:26:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-13 16:20:36 0 d-------- C:\Inetpub
2008-05-29 14:24:08 18560 --a------ C:\WINDOWS\system32\drivers\vtcdrv.sys
2008-05-29 14:22:15 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-29 14:22:13 0 d-------- C:\Program Files\ArcSoft
2008-05-29 14:18:40 0 d-------- C:\Program Files\Philips
2008-05-29 14:18:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield


-- Find3M Report ---------------------------------------------------------------

2008-06-16 18:24:09 0 d-------- C:\Program Files\Common Files
2008-06-15 09:40:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-15 09:40:46 0 d-------- C:\Program Files\Yahoo!
2008-06-14 18:22:48 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2008-06-14 17:20:07 0 d-------- C:\Program Files\iPod
2008-06-13 17:20:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-08 05:40:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-05-29 14:30:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Arcsoft
2008-05-29 14:22:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 15:12:13 0 d-------- C:\Program Files\MySpace
2008-05-27 12:16:01 0 d-------- C:\Program Files\Common Files\AOL
2008-05-27 11:51:36 0 d-------- C:\Program Files\Google
2008-05-27 11:41:55 0 d-------- C:\Program Files\AIM
2008-05-27 11:40:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-27 11:35:36 0 d-------- C:\Program Files\Trillian
2008-05-27 11:28:08 0 d-------- C:\Program Files\iWin
2008-05-27 11:22:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-05-27 11:18:08 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-27 11:15:39 0 d-------- C:\Program Files\WildTangent
2008-05-27 10:29:55 0 d-------- C:\Program Files\FYE Download Zone
2008-05-27 10:26:19 0 d-------- C:\Program Files\MSN Games
2008-05-27 10:24:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 14:52:22 0 d-------- C:\Program Files\MSECache
2008-04-23 22:03:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11904ce8-632a-4856-a7cc-00b33fe71bd8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15ACE85C-0BB1-42d1-9E32-07EB0506675A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393D097B-570F-455F-94AC-183373D073C8}]
06/16/2008 03:53 PM 89600 --a------ C:\WINDOWS\system32\hgGyvWmJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a7e6d97-b492-4884-9abb-c31281dcc4f2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{860c2f6b-ca82-4282-9187-beccbb66f0af}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87185e78-a61b-4db3-965a-3235bbd7a622}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dc8f96d-34f7-1501-a2a4-631341aa3ac1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5875b8-93f3-429d-ff34-660b206d897a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6f42cad-2559-48df-af30-89e480af5dfa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB268D16-3B58-482F-91EB-8D305534302F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b212d577-05b7-4963-911e-4a8588160dfa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb5a26c3-d9b3-4ab0-9efc-443595518284}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1ac752e-883f-4ed8-8828-b618c3a72152}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2b2b5a1-b48c-4886-a318-723916a01024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48A2EA0-F506-4817-A3F9-FB342CAD41D8}]
06/16/2008 03:58 PM 300544 --a------ C:\WINDOWS\system32\ssqQgghF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d5237d-a6c7-4c83-a67f-f9f15586fa62}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 09:59 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 09:59 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/2006 06:02 PM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01/10/2007 12:15 PM]
"LSA Shellu"="C:\Documents and Settings\Administrator\lsass.exe" [06/16/2008 03:53 PM]
"ExploreUpdSched"="C:\WINDOWS\system32\tcntaxdn.exe" [06/16/2008 03:54 PM]
"f8001566"="C:\WINDOWS\system32\yfwysewd.dll" [06/16/2008 06:00 PM]
"AntispyStorm"="C:\Program Files\AntispyStorm\AntispyStorm.exe" [06/16/2008 06:06 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 03:59 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{393D097B-570F-455F-94AC-183373D073C8}"= C:\WINDOWS\system32\hgGyvWmJ.dll [06/16/2008 03:53 PM 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyvWmJ]
hgGyvWmJ.dll 06/16/2008 03:53 PM 89600 C:\WINDOWS\system32\hgGyvWmJ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\ssqQgghF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e424a0-906a-11db-8289-00038a000015}]
AutoRun\command- E:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

localhost 127.0.0.1


-- End of Deckard's System Scanner: finished at 2008-06-16 21:06:31 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 510.99 MiB / 192.62 MiB
Pagefile Memory (total/avail): 1249.09 MiB / 756.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 0.85 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Spyware Doctor with AntiVirus v5.5.1.2 (PC Tools)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESSE-N1V9DV62B
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\JESSE-N1V9DV62B
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=JESSE-N1V9DV62B
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AntispyStorm 1.01.0093 --> "C:\Program Files\AntispyStorm\uninstall.exe" -u
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{BD1236D8-9B9E-4702-B067-FF11A8121E18}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Charter High Speed Internet Self-Installation Wizard --> MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
Command --> wscript "C:\WINDOWS\SmVzc2UgR3JhdmVz\mApWwZo0laL1xApW.vbs"
Deewoo Network Manager removal --> C:\WINDOWS\system32\tcntaxdn.exe -UPop
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fast Track USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}\setup.exe" -l0x9 -removeonly
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Media Converter for Philips --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}\Setup.exe" -l0x9
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{33705B76-43F9-44D3-8EB4-02409BE01033}
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
Palm --> MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recordpad --> C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SA60xx Device Manager --> C:\Program Files\InstallShield Installation Information\{8A6AD979-8170-49ED-8529-14174317B281}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony ACID Music Studio 6.0 --> MsiExec.exe /X{805B2966-0CFB-4DD2-9307-B397C1EA4D14}
Sony Preset Manager 2.0d --> MsiExec.exe /X{89486DE4-7CE1-4E2D-BBF0-734F85ACD108}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 0.91 --> C:\Program Files\VideoraiPodConverter\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type15333 / Error
Event Submitted/Written: 06/16/2008 07:54:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type15330 / Error
Event Submitted/Written: 06/16/2008 07:02:39 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.

Event Record #/Type15329 / Error
Event Submitted/Written: 06/16/2008 07:02:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type15328 / Error
Event Submitted/Written: 06/16/2008 06:31:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application pctsGui.exe, version 5.5.1.322, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type15322 / Warning
Event Submitted/Written: 06/16/2008 05:53:10 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type115760 / Error
Event Submitted/Written: 06/16/2008 01:35:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type115759 / Error
Event Submitted/Written: 06/16/2008 01:35:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type115758 / Error
Event Submitted/Written: 06/16/2008 01:34:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type115757 / Error
Event Submitted/Written: 06/16/2008 01:34:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type115756 / Error
Event Submitted/Written: 06/16/2008 01:34:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}



-- End of Deckard's System Scanner: finished at 2008-06-16 21:06:31 ------------



what am i suppose to do? please help!

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 21 June 2008 - 09:33 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer... Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.





Please post the following logs in your next reply.. Please post each log in separate post..

1. SDFix
2. ComboFix
3. a fresh HijackThis log (after ComboFix step)



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 06 July 2008 - 04:45 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users