Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Second Scan Log


  • This topic is locked This topic is locked
17 replies to this topic

#1 rkferris

rkferris

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 12:17 PM

Deckard's System Scanner v20071014.68
Run by Robby on 2008-06-28 10:04:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robby.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:01 AM, on 6/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Robby\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1085031214-1284227242-725345543-1007\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1284227242-725345543-1007\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1284227242-725345543-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3789F890-4CCD-4A2A-84E1-AC8CFCCAAE1A} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: Help - {9F877A9E-FAE2-4485-8ACC-198A13BC8A72} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {C018B859-6196-4B46-85DC-C27443C628CE} - http://www.comcast.net/ (file missing) (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214039334546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214040671921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4420 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080616-062048-174 O3 - Toolbar: rtsplgob - {82CB8960-D26A-49D2-B4CA-AF01B48C7873} - C:\WINDOWS\rtsplgob.dll
backup-20080616-062048-779 R3 - Default URLSearchHook is missing
backup-20080616-062048-957 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080616-062048-989 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080616-062048-999 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080616-062051-288 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080616-062051-770 O21 - SSODL: rnopbfgt - {A8139EA2-B7ED-4A03-B56F-DAFBF352BB57} - C:\WINDOWS\rnopbfgt.dll
backup-20080616-062052-844 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20080616-092110-305 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
backup-20080616-092110-514 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080616-092110-525 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080616-092110-608 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080616-092110-700 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080616-092110-773 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208672197250
backup-20080616-092111-494 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1208723010468
backup-20080616-103712-405 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20080616-104000-151 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080616-104000-361 O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
backup-20080616-104000-547 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
backup-20080616-104000-808 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080616-104000-994 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080616-104103-265 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
backup-20080616-104103-879 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20080616-104103-927 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080616-104103-934 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080626-175135-171 O20 - Winlogon Notify: nnnKdaWN - nnnKdaWN.dll (file missing)
backup-20080626-175135-307 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080626-175135-320 O2 - BHO: (no name) - {B3C58352-0062-4192-A1EB-B47AE9528D66} - C:\WINDOWS\system32\ssqooMDU.dll (file missing)
backup-20080626-175135-352 O20 - Winlogon Notify: byXNddca - byXNddca.dll (file missing)
backup-20080626-175135-529 O4 - HKLM\..\Run: [SMrhc7gkj0egva] C:\Program Files\rhc7gkj0egva\rhc7gkj0egva.exe
backup-20080626-175135-540 O2 - BHO: (no name) - {1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8} - C:\WINDOWS\system32\nnnKdaWN.dll (file missing)
backup-20080626-175135-715 O4 - HKLM\..\Run: [lphc3gkj0egva] C:\Windows\system32\lphc3gkj0egva.exe
backup-20080626-175135-745 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe
3 p2pgasvc (Peer Networking Group Authentication) - c:\windows\system32\svchost.exe
2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe
2 SNMP (SNMP Service) - c:\windows\system32\snmp.exe
2 sp_rssrv (Spyware Terminator Realtime Shield Service) - c:\program files\spyware terminator\sp_rsser.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 07:55:58 330 --ah----- C:\Windows\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 09:28:07 0 d-------- C:\Windows\LastGood
2008-06-27 17:48:49 0 d-------- C:\Documents and Settings\REDROB\Application Data\Adobe
2008-06-27 17:41:27 0 d-------- C:\Documents and Settings\REDROB\Application Data\Real
2008-06-27 17:41:09 0 d-------- C:\Documents and Settings\REDROB\Application Data\Identities
2008-06-27 17:40:57 0 d--h----- C:\Documents and Settings\REDROB\Templates
2008-06-27 17:40:57 0 dr------- C:\Documents and Settings\REDROB\Start Menu
2008-06-27 17:40:57 0 dr-h----- C:\Documents and Settings\REDROB\SendTo
2008-06-27 17:40:57 0 dr-h----- C:\Documents and Settings\REDROB\Recent
2008-06-27 17:40:57 0 d--h----- C:\Documents and Settings\REDROB\PrintHood
2008-06-27 17:40:57 786432 --ah----- C:\Documents and Settings\REDROB\NTUSER.DAT
2008-06-27 17:40:57 0 d--h----- C:\Documents and Settings\REDROB\NetHood
2008-06-27 17:40:57 0 dr------- C:\Documents and Settings\REDROB\My Documents
2008-06-27 17:40:57 0 d--h----- C:\Documents and Settings\REDROB\Local Settings
2008-06-27 17:40:57 0 dr------- C:\Documents and Settings\REDROB\Favorites
2008-06-27 17:40:57 0 d-------- C:\Documents and Settings\REDROB\Desktop
2008-06-27 17:40:57 0 d---s---- C:\Documents and Settings\REDROB\Cookies
2008-06-27 17:40:57 0 dr-h----- C:\Documents and Settings\REDROB\Application Data
2008-06-27 17:40:57 0 d---s---- C:\Documents and Settings\REDROB\Application Data\Microsoft
2008-06-27 15:38:26 0 d-------- C:\Windows\system32\CatRoot_bak
2008-06-27 08:17:20 0 d-------- C:\Documents and Settings\Robby\Application Data\ProDVD
2008-06-27 08:00:25 1570816 --a------ C:\Documents and Settings\Robby\Application Data\tsdnwin.dll <Not Verified; Toshiba Samsung Storage Technology Coporation; TSDNWIN>
2008-06-27 07:59:18 0 d-------- C:\Program Files\SAMSUNG
2008-06-27 07:03:09 0 d-------- C:\SAMSUNG
2008-06-27 06:36:17 4235274 --a------ C:\Dsetup.exe <Not Verified; Macromedia, Inc.; Director 8 Shockwave Studio>
2008-06-27 00:48:09 0 d-------- C:\Program Files\infallsoft
2008-06-27 00:45:50 0 d-------- C:\Temp
2008-06-26 21:28:56 0 d-------- C:\Windows\system32\NtmsData
2008-06-26 16:52:51 0 d-------- C:\Documents and Settings\Robby\Application Data\rhc7gkj0egva
2008-06-26 16:50:57 0 d-------- C:\Program Files\rhc7gkj0egva
2008-06-26 16:50:46 109056 --a------ C:\Windows\system32\lphc3gkj0egva.exe
2008-06-26 16:29:37 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-06-26 16:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-26 09:10:46 0 d-------- C:\Program Files\Windows Defender
2008-06-25 18:12:47 0 d-------- C:\Program Files\Realtek AC97
2008-06-25 17:48:57 0 d-------- C:\DECCHECK
2008-06-25 17:41:30 0 d-------- C:\Windows\Prefetch
2008-06-25 17:34:33 0 d-------- C:\Windows\system32\scripting
2008-06-25 17:34:31 0 d-------- C:\Windows\system32\en
2008-06-25 17:34:31 0 d-------- C:\Windows\l2schemas
2008-06-25 17:29:39 0 d-------- C:\Windows\network diagnostic
2008-06-25 16:39:29 0 d-------- C:\Program Files\FDRLab
2008-06-25 15:37:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 15:36:47 0 d-------- C:\Program Files\Real
2008-06-25 15:36:45 0 d-------- C:\Program Files\Common Files\Real
2008-06-25 15:36:44 0 d-------- C:\Documents and Settings\Robby\Application Data\Real
2008-06-25 03:03:10 0 d-------- C:\Program Files\CamStudio
2008-06-25 02:49:27 0 d-------- C:\Documents and Settings\Robby\Application Data\ACASystems
2008-06-25 02:47:57 0 d-------- C:\Documents and Settings\Robby\Application Data\DNA
2008-06-21 20:48:14 0 d-------- C:\Documents and Settings\Robby\Application Data\Talkback
2008-06-21 20:48:05 0 d-------- C:\Documents and Settings\Robby\Application Data\Thunderbird
2008-06-21 02:08:50 0 d---s---- C:\Documents and Settings\Robby\UserData
2008-06-21 00:20:40 0 d-------- C:\Documents and Settings\Robby\Application Data\BitTorrent
2008-06-20 22:58:11 0 d-------- C:\Documents and Settings\Robby\Application Data\Media Player Classic
2008-06-20 20:45:01 0 d-------- C:\Documents and Settings\Robby\Application Data\Turbine
2008-06-20 20:41:49 0 d-------- C:\Documents and Settings\Robby\Application Data\Macromedia
2008-06-20 19:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 19:40:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 19:40:43 0 d-------- C:\Documents and Settings\Robby\Application Data\SUPERAntiSpyware.com
2008-06-20 19:39:24 0 d--hs---- C:\Windows\Installer
2008-06-20 19:36:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 19:07:13 0 d-------- C:\Program Files\Plugins
2008-06-20 16:37:18 0 d-------- C:\Program Files\ACW
2008-06-20 16:30:33 0 d-------- C:\a97fce1ba80ad02e78b8
2008-06-20 16:11:21 0 d-------- C:\Documents and Settings\Robby\Application Data\Mozilla
2008-06-20 15:47:37 0 d-------- C:\Windows\LogFiles
2008-06-20 15:44:16 93890 ---hs---- C:\COMMAND.COM
2008-06-20 15:44:16 44544 --a------ C:\bootpart.exe
2008-06-20 13:54:14 0 d-------- C:\New Folder <NEWFOL~1>
2008-06-20 08:56:28 47580 --a------ C:\Windows\NTDETECT.COM
2008-06-20 08:56:16 1474560 --a------ C:\Windows\BOOTIMG.BIN
2008-06-20 08:56:13 2048 --a------ C:\Windows\BOOTCAT.BIN
2008-06-20 05:49:43 233632 --a------ C:\Windows\NTLDR
2008-06-17 23:04:01 0 d-------- C:\program transfers
2008-06-17 12:16:31 0 d-------- C:\Program Files\msn gaming zone
2008-06-17 12:08:28 0 d-------- C:\Documents and Settings\Robby\Application Data\MSN6
2008-06-17 02:23:27 0 d-------- C:\WINDOWS.2
2008-06-16 22:30:12 0 d-------- C:\Documents and Settings\Robby\Application Data\ACD Systems
2008-06-16 19:08:17 0 d-------- C:\Program Files\Western Digital
2008-06-16 16:36:45 0 d-------- C:\Program Files\XoftSpySE
2008-06-16 16:36:33 299392 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-06-16 16:10:01 0 d-------- C:\Program Files\support.com
2008-06-16 16:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2008-06-16 16:02:00 0 d-------- C:\Documents and Settings\Robby\Application Data\AdobeUM
2008-06-16 16:01:09 0 d-------- C:\Documents and Settings\Robby\Application Data\Adobe
2008-06-16 14:28:26 0 d-------- C:\Documents and Settings\Robby\Application Data\Spyware Terminator
2008-06-16 13:58:01 0 d-------- C:\Documents and Settings\Robby\Application Data\Identities
2008-06-16 13:52:30 0 d-------- C:\Documents and Settings\Robby\Desktop
2008-06-16 13:52:30 0 d---s---- C:\Documents and Settings\Robby\Cookies
2008-06-16 13:52:30 0 dr-h----- C:\Documents and Settings\Robby\Application Data
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\Templates
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\Start Menu
2008-06-16 13:52:29 0 dr-h----- C:\Documents and Settings\Robby\SendTo
2008-06-16 13:52:29 0 dr-h----- C:\Documents and Settings\Robby\Recent
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\PrintHood
2008-06-16 13:52:29 3145728 --a------ C:\Documents and Settings\Robby\NTUSER.DAT
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\NetHood
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\My Documents
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\Local Settings
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\Favorites
2008-06-16 13:37:01 0 d-------- C:\WINDOWS.1
2008-06-16 13:07:31 0 d-------- C:\WINDOWS.0
2008-06-16 08:58:56 664 --a------ C:\Windows\system32\d3d9caps.dat
2008-06-16 08:19:15 1140 --a------ C:\Windows\system32\tmp.reg
2008-06-16 08:17:45 0 d-------- C:\Program Files\FTP Explorer
2008-06-16 06:26:59 0 d-------- C:\Program Files\RegCleaner
2008-06-16 06:26:21 0 d-------- C:\Program Files\MP3 Rocket
2008-06-16 06:26:11 0 d-------- C:\Program Files\AskSBar
2008-06-16 06:21:54 0 d-------- C:\Program Files\CCleaner
2008-06-16 06:16:34 0 d-------- C:\Program Files\Trend Micro
2008-06-15 20:49:44 242595 --ahs---- C:\Windows\system32\UDMooqss.ini2
2008-06-15 20:44:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-06-15 17:52:18 0 d--hs---- C:\found.000
2008-06-15 05:21:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-06-15 05:20:56 0 d-------- C:\Program Files\ACASystems
2008-06-14 04:54:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-06-14 04:51:02 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-14 04:51:01 0 d-------- C:\Program Files\Gemstar
2008-06-14 04:50:03 56832 --a------ C:\Windows\system32\Iyvu9_32.dll
2008-06-14 04:50:03 66560 --a------ C:\Windows\system32\atiyuv12.dll
2008-06-14 04:49:57 266240 --a------ C:\Windows\system32\vctest.dll <Not Verified; ATI; ATI vctest>
2008-06-14 04:49:53 48640 --a------ C:\Windows\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>
2008-06-14 04:49:53 9136 --a------ C:\Windows\system32\INETWH16.DLL
2008-06-14 04:49:53 45056 --a------ C:\Windows\system32\atimiaaa.dll <Not Verified; ATI Technologies Inc.; ATI Rage 128 DVD Authentication Driver>
2008-06-14 04:49:50 0 d-------- C:\Program Files\ATI Multimedia
2008-06-14 03:22:39 0 d-------- C:\Program Files\BitTorrent
2008-06-14 03:08:53 0 d-------- C:\Program Files\DNA
2008-06-08 14:45:25 2048 --a------ C:\Windows\system32\Tr_sttool.dat
2008-06-08 14:45:24 0 d-------- C:\Program Files\BSR Screen Recorder 4
2008-06-01 17:19:16 78848 --a------ C:\Windows\system32\INLOADER.DLL <Not Verified; Microsoft Corporation; Internet Assistant for Microsoft® Word ™>
2008-06-01 17:19:14 0 d-------- C:\Program Files\PCFriendly
2008-06-01 17:19:07 298496 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-06-28 10:04:48 441 --a------ C:\Documents and Settings\Robby\Application Data\SamsungLiveUpdateConfig.ini
2008-06-27 21:15:24 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-27 19:37:09 0 d-------- C:\Program Files\Spyware Terminator
2008-06-27 18:26:25 0 d-------- C:\Program Files\WinClamAVShield
2008-06-27 08:37:08 0 d-------- C:\Program Files\CyberLink
2008-06-27 08:36:42 0 d-------- C:\Program Files\Common Files
2008-06-27 07:59:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 05:10:19 0 d-------- C:\Program Files\CD Recovery Toolbox Free
2008-06-25 17:47:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-25 17:34:48 0 d-------- C:\Program Files\Messenger
2008-06-25 17:34:30 0 d-------- C:\Program Files\Movie Maker
2008-06-25 16:35:12 0 d-------- C:\Program Files\Easy Video Downloader
2008-06-25 05:03:49 0 d-------- C:\Program Files\SlowView
2008-06-20 19:46:41 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 18:59:30 443 --a------ C:\AUTOEXEC.BAT
2008-06-17 08:52:11 0 d-------- C:\Program Files\RegScrubXP
2008-06-16 06:22:09 0 d-------- C:\Program Files\Yahoo!
2008-06-02 19:31:37 0 d-------- C:\Program Files\InterActual
2008-05-28 10:32:56 10307355 --a------ C:\Program Files\PROCESSLIST.DB
2008-05-28 10:32:46 897066 --a------ C:\Program Files\PROCESSLISTRELATED.DB
2008-05-24 16:16:08 0 d-------- C:\Program Files\GetThis4Free
2008-05-16 19:45:41 0 d-------- C:\Program Files\Activision
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2008-05-11 01:46:25 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-04 17:15:48 0 d-------- C:\Program Files\Sierra On-Line
2008-05-03 09:45:45 0 d-------- C:\Program Files\NovaLogic
2008-05-02 17:23:04 0 d-------- C:\Program Files\AvRack
2008-05-01 20:36:08 23348 --a------ C:\Windows\system32\emptyregdb.dat
2008-05-01 20:30:07 62 --ahs---- C:\Documents and Settings\Robby\Application Data\desktop.ini
2008-04-20 12:47:05 60416 --a------ C:\Windows\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-17 02:52:03 281102 --ahs---- C:\Windows\system32\XHjmnUtv.ini2
2008-04-03 23:43:13 10 --a------ C:\Program Files\.autoreg
2008-03-28 17:11:27 0 --a----c- C:\Windows\nsreg.dat
2008-03-28 14:57:20 0 --a------ C:\CONFIG.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 03:36 PM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [05/23/2008 02:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 05:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}"= C:\WINDOWS\system32\nnnKdaWN.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\Windows\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqooMDU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5db315c-fcdd-11dc-b09f-806d6172696f}]
AutoRun\command- C:\dsetup.exe




-- End of Deckard's System Scanner: finished at 2008-06-28 10:08:22 ------------

happened last week, I thought I actually cleaned it but late thurs night I started losing applications : device manager,search,chkdsk in safe mode, system restore, cannot access MMC ect...didnt hear about this website untill just this morning
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 28 June 2008 - 12:29 PM

Hello rkferris,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 12:29 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 29%
Physical Memory (total/avail): 991.49 MiB / 701.96 MiB
Pagefile Memory (total/avail): 2386.46 MiB / 2213.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.53 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 16.55 GiB free.
D: is Fixed (NTFS) - 34.64 GiB total, 33.08 GiB free.
E: is Fixed (NTFS) - 76.32 GiB total, 17.01 GiB free.
F: is Fixed (NTFS) - 38.15 GiB total, 11.63 GiB free.
G: is CDROM (Unformatted)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robby\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ECS-PMFEWSQ3MM0
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robby
LOGONSERVER=\\ECS-PMFEWSQ3MM0
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
USERDOMAIN=ECS-PMFEWSQ3MM0
USERNAME=Robby
USERPROFILE=C:\Documents and Settings\Robby
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Robby (admin)
REDROB (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\PCHealth.inf
ACA Screen Recorder 3.30 --> "C:\Program Files\ACASystems\ACAScreenRecorder\unins000.exe"
ACDSee Pro 2 --> MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
ATI Multimedia Center 7.9.0.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1AAAB6-C231-4CC4-ACEE-EA4DF80E5987}\setup.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD Recovery Toolbox Free 1.1 --> "C:\Program Files\CD Recovery Toolbox Free\unins000.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Easy Video Downloader v. 2.0 --> "C:\Program Files\Easy Video Downloader\unins000.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
ExplorerXP (remove only) --> C:\Program Files\ExplorerXP\Uninst.exe
EZ Screen Recorder 4.10 --> "C:\Program Files\infallsoft\EZ Screen Recorder\unins000.exe"
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11F5D779-7BD9-465A-BBC4-10701386BCB9}\setup.exe" -l0x9 -removeonly
GetThis4Free v1.40 --> "C:\Program Files\GetThis4Free\unins000.exe"
GUIDE PLUS+™ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld --> C:\Sierra\HOMEWO~1\UNINST~1\UNWISE.EXE C:\Sierra\HOMEWO~1\UNINST~1\INSTALL.LOG
ID_DCRaw Image Decoder Plug-In --> MsiExec.exe /X{DA1876DD-323E-4D78-8F9F-8F4FDE25C010}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
ISO Recorder --> MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
Joint Operations: Escalation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CBBDFD4-E235-4008-842E-7DC2D8A4911B}\setup.exe" -l0x9
Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
NTFS Undelete v0.93 --> "C:\Program Files\NTFS Undelete\unins000.exe"
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PunkBuster for Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegScrubXP 3.2 --> "C:\Program Files\RegScrubXP\unins000.exe"
save2pc Pro Demo 3.40 --> "C:\Program Files\FDRLab\save2pc\unins000.exe"
SlowView --> "C:\Program Files\SlowView\Uninstall.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54 --> "C:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1211 / Warning
Event Submitted/Written: 06/28/2008 09:27:36 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type1210 / Warning
Event Submitted/Written: 06/28/2008 09:27:36 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type1209 / Warning
Event Submitted/Written: 06/28/2008 09:27:36 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type1208 / Warning
Event Submitted/Written: 06/28/2008 09:27:36 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type1206 / Error
Event Submitted/Written: 06/28/2008 07:53:19 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11641 / Error
Event Submitted/Written: 06/28/2008 10:08:11 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type11640 / Error
Event Submitted/Written: 06/28/2008 10:08:11 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type11639 / Error
Event Submitted/Written: 06/28/2008 10:08:11 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type11638 / Error
Event Submitted/Written: 06/28/2008 10:08:11 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type11637 / Error
Event Submitted/Written: 06/28/2008 10:08:11 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-06-28 10:08:22 ------------
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#4 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 03:57 PM

Hello, I used that download you linked to my message, found some stuff, I still cant get device manager, search system restore, computer management, cant scandisk have no access rights to change or fix anything
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 28 June 2008 - 04:32 PM

Hello,

Can you post the log it made please? :thumbsup: If you're going to post DSS, then I need to see the main.txt.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 05:17 PM

Malwarebytes' Anti-Malware 1.18
Database version: 898

12:02:10 PM 6/28/2008
mbam-log-6-28-2008 (12-02-10).txt

Scan type: Quick Scan
Objects scanned: 36232
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{ff36d867-d679-408e-8674-a3c053ada90b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1b6c6cea-b99a-459b-b6dd-2c927c4df9ea} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42136cfd-f297-4f9d-b4c0-0d19d4ef8c1a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b24f5444-9030-44b3-808a-6f31d93cb648} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8a7e7ef0-6167-40dc-9ebe-823665fcf3a1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rtsplgob.bvpk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rtsplgob.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080615214448000.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Robby\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3gkj0egva.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
..........Malwarebytes' Anti-Malware 1.18
Database version: 898

12:07:29 PM 6/28/2008
mbam-log-6-28-2008 (12-07-29).txt
--------------------------------------------------------------------------------------------------------------------------------------
Scan type: Full Scan (C:\|)
Objects scanned: 12722
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
P.S. Thankyou for helping me...it has been a hell of a nightmare...

Edited by rkferris, 28 June 2008 - 05:19 PM.

XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 28 June 2008 - 05:28 PM

Hello,

You're welcome. :thumbsup: Would you please run DSS again and post the main.txt in your reply? Also, I see you're getting error messages......have you been having problems with your CDRom?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 05:58 PM

Hello, will do another scan right after this response...and yes, my dc rom is not working, cdrw/dvd...does not write,read dvds..only reads disks occasionally, I go to try tto fix something, and it just leads to another problem...my cdrw driver was the first sign of problems, when i tried to reload the ISO driver, everything started acting up.....be right back with that scan...im lucky I was able to get my internet back working..lol Thanks....
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#9 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 06:19 PM

Malwarebytes' Anti-Malware 1.18
Database version: 898

4:17:06 PM 6/28/2008
mbam-log-6-28-2008 (16-17-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 63782
Time elapsed: 17 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 28 June 2008 - 07:23 PM

Hello,

That's a Malwarebytes report. I was asking for a Deckard's System Scanner report. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 08:22 PM

oh..sorry about that....be right back
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 28 June 2008 - 08:29 PM

No problem. I know this stuff can be confusing at times. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 June 2008 - 08:29 PM

Deckard's System Scanner v20071014.68
Run by Robby on 2008-06-28 18:23:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robby.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:08 PM, on 6/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\wscntfy.exe
C:\Documents and Settings\Robby\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1085031214-1284227242-725345543-1007\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1284227242-725345543-1007\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe (User '?')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214039334546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214040671921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3713 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 11:53:53 0 d-------- C:\Documents and Settings\Robby\Application Data\Malwarebytes
2008-06-28 11:53:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 11:53:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 15:38:26 0 d-------- C:\Windows\system32\CatRoot_bak
2008-06-27 08:17:20 0 d-------- C:\Documents and Settings\Robby\Application Data\ProDVD
2008-06-27 08:00:25 1570816 --a------ C:\Documents and Settings\Robby\Application Data\tsdnwin.dll <Not Verified; Toshiba Samsung Storage Technology Coporation; TSDNWIN>
2008-06-27 07:59:18 0 d-------- C:\Program Files\SAMSUNG
2008-06-27 07:03:09 0 d-------- C:\SAMSUNG
2008-06-27 06:36:17 4235274 --a------ C:\Dsetup.exe <Not Verified; Macromedia, Inc.; Director 8 Shockwave Studio>
2008-06-27 00:48:09 0 d-------- C:\Program Files\infallsoft
2008-06-27 00:45:50 0 d-------- C:\Temp
2008-06-26 21:28:56 0 d-------- C:\Windows\system32\NtmsData
2008-06-26 16:52:51 0 d-------- C:\Documents and Settings\Robby\Application Data\rhc7gkj0egva
2008-06-26 16:50:57 0 d-------- C:\Program Files\rhc7gkj0egva
2008-06-26 16:29:37 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-06-26 16:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-26 09:10:46 0 d-------- C:\Program Files\Windows Defender
2008-06-25 18:12:47 0 d-------- C:\Program Files\Realtek AC97
2008-06-25 17:48:57 0 d-------- C:\DECCHECK
2008-06-25 17:41:30 0 d-------- C:\Windows\Prefetch
2008-06-25 17:34:33 0 d-------- C:\Windows\system32\scripting
2008-06-25 17:34:31 0 d-------- C:\Windows\system32\en
2008-06-25 17:34:31 0 d-------- C:\Windows\l2schemas
2008-06-25 17:29:39 0 d-------- C:\Windows\network diagnostic
2008-06-25 16:39:29 0 d-------- C:\Program Files\FDRLab
2008-06-25 15:37:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 15:36:47 0 d-------- C:\Program Files\Real
2008-06-25 15:36:45 0 d-------- C:\Program Files\Common Files\Real
2008-06-25 15:36:44 0 d-------- C:\Documents and Settings\Robby\Application Data\Real
2008-06-25 03:03:10 0 d-------- C:\Program Files\CamStudio
2008-06-25 02:49:27 0 d-------- C:\Documents and Settings\Robby\Application Data\ACASystems
2008-06-25 02:47:57 0 d-------- C:\Documents and Settings\Robby\Application Data\DNA
2008-06-21 20:48:14 0 d-------- C:\Documents and Settings\Robby\Application Data\Talkback
2008-06-21 20:48:05 0 d-------- C:\Documents and Settings\Robby\Application Data\Thunderbird
2008-06-21 02:08:50 0 d---s---- C:\Documents and Settings\Robby\UserData
2008-06-21 00:20:40 0 d-------- C:\Documents and Settings\Robby\Application Data\BitTorrent
2008-06-20 22:58:11 0 d-------- C:\Documents and Settings\Robby\Application Data\Media Player Classic
2008-06-20 20:45:01 0 d-------- C:\Documents and Settings\Robby\Application Data\Turbine
2008-06-20 20:41:49 0 d-------- C:\Documents and Settings\Robby\Application Data\Macromedia
2008-06-20 19:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 19:40:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 19:40:43 0 d-------- C:\Documents and Settings\Robby\Application Data\SUPERAntiSpyware.com
2008-06-20 19:39:24 0 d--hs---- C:\Windows\Installer
2008-06-20 19:36:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 19:07:13 0 d-------- C:\Program Files\Plugins
2008-06-20 16:37:18 0 d-------- C:\Program Files\ACW
2008-06-20 16:30:33 0 d-------- C:\a97fce1ba80ad02e78b8
2008-06-20 16:11:21 0 d-------- C:\Documents and Settings\Robby\Application Data\Mozilla
2008-06-20 15:47:37 0 d-------- C:\Windows\LogFiles
2008-06-20 15:44:16 93890 ---hs---- C:\COMMAND.COM
2008-06-20 15:44:16 44544 --a------ C:\bootpart.exe
2008-06-20 13:54:14 0 d-------- C:\New Folder <NEWFOL~1>
2008-06-20 08:56:28 47580 --a------ C:\Windows\NTDETECT.COM
2008-06-20 08:56:16 1474560 --a------ C:\Windows\BOOTIMG.BIN
2008-06-20 08:56:13 2048 --a------ C:\Windows\BOOTCAT.BIN
2008-06-20 05:49:43 233632 --a------ C:\Windows\NTLDR
2008-06-17 23:04:01 0 d-------- C:\program transfers
2008-06-17 12:16:31 0 d-------- C:\Program Files\msn gaming zone
2008-06-17 12:08:28 0 d-------- C:\Documents and Settings\Robby\Application Data\MSN6
2008-06-17 02:23:27 0 d-------- C:\WINDOWS.2
2008-06-16 22:30:12 0 d-------- C:\Documents and Settings\Robby\Application Data\ACD Systems
2008-06-16 19:08:17 0 d-------- C:\Program Files\Western Digital
2008-06-16 16:36:45 0 d-------- C:\Program Files\XoftSpySE
2008-06-16 16:36:33 299392 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-06-16 16:10:01 0 d-------- C:\Program Files\support.com
2008-06-16 16:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2008-06-16 16:02:00 0 d-------- C:\Documents and Settings\Robby\Application Data\AdobeUM
2008-06-16 16:01:09 0 d-------- C:\Documents and Settings\Robby\Application Data\Adobe
2008-06-16 14:28:26 0 d-------- C:\Documents and Settings\Robby\Application Data\Spyware Terminator
2008-06-16 13:58:01 0 d-------- C:\Documents and Settings\Robby\Application Data\Identities
2008-06-16 13:52:30 0 d-------- C:\Documents and Settings\Robby\Desktop
2008-06-16 13:52:30 0 d---s---- C:\Documents and Settings\Robby\Cookies
2008-06-16 13:52:30 0 dr-h----- C:\Documents and Settings\Robby\Application Data
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\Templates
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\Start Menu
2008-06-16 13:52:29 0 dr-h----- C:\Documents and Settings\Robby\SendTo
2008-06-16 13:52:29 0 dr-h----- C:\Documents and Settings\Robby\Recent
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\PrintHood
2008-06-16 13:52:29 3145728 --a------ C:\Documents and Settings\Robby\NTUSER.DAT
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\NetHood
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\My Documents
2008-06-16 13:52:29 0 d--h----- C:\Documents and Settings\Robby\Local Settings
2008-06-16 13:52:29 0 dr------- C:\Documents and Settings\Robby\Favorites
2008-06-16 13:37:01 0 d-------- C:\WINDOWS.1
2008-06-16 13:07:31 0 d-------- C:\WINDOWS.0
2008-06-16 08:58:56 664 --a------ C:\Windows\system32\d3d9caps.dat
2008-06-16 08:19:15 1140 --a------ C:\Windows\system32\tmp.reg
2008-06-16 08:17:45 0 d-------- C:\Program Files\FTP Explorer
2008-06-16 06:26:59 0 d-------- C:\Program Files\RegCleaner
2008-06-16 06:26:21 0 d-------- C:\Program Files\MP3 Rocket
2008-06-16 06:26:11 0 d-------- C:\Program Files\AskSBar
2008-06-16 06:21:54 0 d-------- C:\Program Files\CCleaner
2008-06-16 06:16:34 0 d-------- C:\Program Files\Trend Micro
2008-06-15 20:49:44 242595 --ahs---- C:\Windows\system32\UDMooqss.ini2
2008-06-15 17:52:18 0 d--hs---- C:\found.000
2008-06-15 05:21:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-06-15 05:20:56 0 d-------- C:\Program Files\ACASystems
2008-06-14 04:54:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-06-14 04:51:02 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-14 04:51:01 0 d-------- C:\Program Files\Gemstar
2008-06-14 04:50:03 56832 --a------ C:\Windows\system32\Iyvu9_32.dll
2008-06-14 04:50:03 66560 --a------ C:\Windows\system32\atiyuv12.dll
2008-06-14 04:49:57 266240 --a------ C:\Windows\system32\vctest.dll <Not Verified; ATI; ATI vctest>
2008-06-14 04:49:53 48640 --a------ C:\Windows\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>
2008-06-14 04:49:53 9136 --a------ C:\Windows\system32\INETWH16.DLL
2008-06-14 04:49:53 45056 --a------ C:\Windows\system32\atimiaaa.dll <Not Verified; ATI Technologies Inc.; ATI Rage 128 DVD Authentication Driver>
2008-06-14 04:49:50 0 d-------- C:\Program Files\ATI Multimedia
2008-06-14 03:22:39 0 d-------- C:\Program Files\BitTorrent
2008-06-14 03:08:53 0 d-------- C:\Program Files\DNA
2008-06-08 14:45:25 2048 --a------ C:\Windows\system32\Tr_sttool.dat
2008-06-08 14:45:24 0 d-------- C:\Program Files\BSR Screen Recorder 4
2008-06-01 17:19:16 78848 --a------ C:\Windows\system32\INLOADER.DLL <Not Verified; Microsoft Corporation; Internet Assistant for Microsoft® Word ™>
2008-06-01 17:19:14 0 d-------- C:\Program Files\PCFriendly
2008-06-01 17:19:07 298496 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-06-28 18:01:53 441 --a------ C:\Documents and Settings\Robby\Application Data\SamsungLiveUpdateConfig.ini
2008-06-28 15:12:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-27 19:37:09 0 d-------- C:\Program Files\Spyware Terminator
2008-06-27 18:26:25 0 d-------- C:\Program Files\WinClamAVShield
2008-06-27 08:37:08 0 d-------- C:\Program Files\CyberLink
2008-06-27 08:36:42 0 d-------- C:\Program Files\Common Files
2008-06-27 07:59:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 05:10:19 0 d-------- C:\Program Files\CD Recovery Toolbox Free
2008-06-25 17:47:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-25 17:34:48 0 d-------- C:\Program Files\Messenger
2008-06-25 17:34:30 0 d-------- C:\Program Files\Movie Maker
2008-06-25 16:35:12 0 d-------- C:\Program Files\Easy Video Downloader
2008-06-25 05:03:49 0 d-------- C:\Program Files\SlowView
2008-06-20 19:46:41 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 18:59:30 443 --a------ C:\AUTOEXEC.BAT
2008-06-17 08:52:11 0 d-------- C:\Program Files\RegScrubXP
2008-06-16 06:22:09 0 d-------- C:\Program Files\Yahoo!
2008-06-02 19:31:37 0 d-------- C:\Program Files\InterActual
2008-05-28 10:32:56 10307355 --a------ C:\Program Files\PROCESSLIST.DB
2008-05-28 10:32:46 897066 --a------ C:\Program Files\PROCESSLISTRELATED.DB
2008-05-24 16:16:08 0 d-------- C:\Program Files\GetThis4Free
2008-05-16 19:45:41 0 d-------- C:\Program Files\Activision
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2008-05-11 01:46:25 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-04 17:15:48 0 d-------- C:\Program Files\Sierra On-Line
2008-05-03 09:45:45 0 d-------- C:\Program Files\NovaLogic
2008-05-02 17:23:04 0 d-------- C:\Program Files\AvRack
2008-05-01 20:36:08 23348 --a------ C:\Windows\system32\emptyregdb.dat
2008-05-01 20:30:07 62 --ahs---- C:\Documents and Settings\Robby\Application Data\desktop.ini
2008-04-20 12:47:05 60416 --a------ C:\Windows\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-17 02:52:03 281102 --ahs---- C:\Windows\system32\XHjmnUtv.ini2
2008-04-03 23:43:13 10 --a------ C:\Program Files\.autoreg
2008-03-28 17:11:27 0 --a----c- C:\Windows\nsreg.dat
2008-03-28 14:57:20 0 --a------ C:\CONFIG.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 03:36 PM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [05/23/2008 02:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [04/14/2008 05:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}"= C:\WINDOWS\system32\nnnKdaWN.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\Windows\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqooMDU

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5db315c-fcdd-11dc-b09f-806d6172696f}]
AutoRun\command- C:\dsetup.exe




-- End of Deckard's System Scanner: finished at 2008-06-28 18:25:23 ------------
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:19 AM

Posted 28 June 2008 - 09:57 PM

Hello rkferris,

I have merged your latest topic with your previously existing topic. Please keep all posts regarding this issue to this thread by using the Add Reply button at the bottom of the topic. Starting new topics confuses things and delays the assistance you receive.

Back to you Teacup,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 29 June 2008 - 09:53 PM

Hello,

have no access rights to change or fix anything

Why not? Is this a work machine on a network?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users