Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 morth

morth

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 05 July 2008 - 11:48 PM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\Integrator.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Morth\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Morth.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {46ed8aa4-3352-4f7c-9945-43a2f4080859} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {7479295f-f1e4-4c7a-ac4b-2c757677b501} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {acaa1f2b-0e48-411a-8cb5-eaca78c19606} - (no file)
O2 - BHO: (no name) - {D67DC603-AE1D-4D62-80C5-D9E8A0851056} - (no file)
O2 - BHO: (no name) - {E09D770C-BDB1-48FC-88F4-080B210033EE} - (no file)
O2 - BHO: (no name) - {E893AD02-9D96-4AA2-9C42-9EE1A102D7FC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.cogeco.com/en/OLS3/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat??o?5.1,avgrsstx.dll,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10083 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 00:32:46 0 d-------- C:\Program Files\Trend Micro
2008-07-05 23:32:31 0 d-------- C:\Documents and Settings\Morth\Application Data\Auslogics
2008-07-05 23:31:58 0 d-------- C:\Program Files\Auslogics
2008-07-05 23:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-05 15:54:54 0 dr-h----- C:\Documents and Settings\Morth\Recent
2008-06-21 05:10:06 0 d-------- C:\Program Files\TibiaBot NG 8.0
2008-06-18 22:06:47 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-18 21:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 01:00:53 256 --a------ C:\Documents and Settings\Morth\pool.bin
2008-06-06 17:07:19 0 d-------- C:\WINDOWS\.file_store_32


-- Find3M Report ---------------------------------------------------------------

2008-07-05 23:47:57 53 --a------ C:\biosinfo
2008-07-05 14:34:59 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-07-04 22:26:27 0 d-------- C:\Program Files\Incomplete
2008-07-04 22:26:24 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-04 22:02:16 0 d-------- C:\Program Files\LimeWire
2008-07-04 22:01:22 0 d-------- C:\Documents and Settings\Morth\Application Data\LimeWire
2008-07-03 18:01:09 0 d---s---- C:\Program Files\Xfire
2008-07-03 05:51:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 01:57:34 0 d-------- C:\Documents and Settings\Morth\Application Data\Xfire
2008-07-03 01:57:09 0 d-------- C:\Program Files\Tibia
2008-07-02 23:13:12 0 d-------- C:\Program Files\World of Warcraft
2008-06-29 06:06:52 0 d-------- C:\Documents and Settings\Morth\Application Data\Tibia
2008-06-29 03:49:00 0 d-------- C:\Program Files\Steam
2008-06-28 18:50:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 06:15:04 0 d-------- C:\Program Files\TibiaBot NG
2008-06-22 03:25:35 0 d-------- C:\Program Files\Tibia2
2008-06-18 22:40:52 0 d-------- C:\Program Files\Tibia Auto
2008-06-18 22:09:25 0 d-------- C:\Program Files\QuickTime
2008-06-18 21:21:37 0 d-------- C:\Program Files\Lavasoft
2008-06-18 21:20:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 18:10:16 0 d-------- C:\Program Files\Yahoo!
2008-06-18 18:08:07 0 d-------- C:\Program Files\Tortun
2008-06-18 18:07:00 0 d-------- C:\Program Files\MAIET
2008-06-18 18:05:37 0 d-------- C:\Program Files\AVS4YOU
2008-06-18 18:05:32 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-18 18:05:02 0 d-------- C:\Program Files\Anyplace Control 4
2008-06-18 18:04:34 0 d-------- C:\Program Files\Common Files\AOL
2008-06-18 18:03:55 0 d-------- C:\Program Files\4Musics WMA to WAV Converter
2008-06-10 02:06:59 0 d-------- C:\Documents and Settings\Morth\Application Data\Roxio
2008-06-05 00:34:37 0 d-------- C:\Program Files\Conquer 2.0
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Macromedia
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Adobe
2008-05-23 21:23:02 0 d-------- C:\Documents and Settings\Morth\Application Data\InstallShield
2008-05-21 21:48:49 0 d-------- C:\Program Files\LimeWiremusic
2008-05-21 20:39:44 0 d-------- C:\Documents and Settings\Morth\Application Data\Research In Motion
2008-05-21 20:30:47 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-21 20:30:06 0 d-------- C:\Program Files\Roxio
2008-05-21 20:29:25 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-21 20:28:19 0 d-------- C:\Program Files\Common Files
2008-05-21 20:28:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 20:22:02 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-05-21 20:21:40 0 d-------- C:\Program Files\Research In Motion
2008-05-21 18:44:55 2528 --a------ C:\Documents and Settings\Morth\Application Data\$_hpcst$.hpc
2008-05-21 18:44:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-07 02:50:42 0 d-------- C:\Program Files\AIM Search
2008-05-07 02:50:39 0 d-------- C:\Program Files\Viewpoint
2008-05-06 23:40:09 0 d-------- C:\Program Files\Windows Journal Viewer
2008-05-06 20:27:48 0 d-------- C:\Program Files\Tibia3
2008-05-04 02:02:16 165123 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe
2008-04-17 00:22:17 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-15 04:20:21 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-14 03:07:13 60522 --a------ C:\Program Files\tibiaauto-debug-cavebot.txt
2008-04-12 02:56:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46ed8aa4-3352-4f7c-9945-43a2f4080859}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
03/25/2008 04:49 PM 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7479295f-f1e4-4c7a-ac4b-2c757677b501}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{acaa1f2b-0e48-411a-8cb5-eaca78c19606}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D67DC603-AE1D-4D62-80C5-D9E8A0851056}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E09D770C-BDB1-48FC-88F4-080B210033EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E893AD02-9D96-4AA2-9C42-9EE1A102D7FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 06:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 09:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"SW20"="C:\WINDOWS\system32\sw20.exe" [12/14/2006 10:58 PM]
"SW24"="C:\WINDOWS\system32\sw24.exe" [12/14/2006 10:58 PM]
"Microsoft Updates"="svehost.exe" []
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [01/17/2007 05:01 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 02:49 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"@"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 06:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/22/2008 05:43 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat??o?5.1,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8e489a-5998-11dc-9fb6-001731bea650}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - WEBNTACCESS

BC AdBot (Login to Remove)

 


#2 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 July 2008 - 03:39 AM

bump...

#3 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 July 2008 - 08:00 AM

bump

#4 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 July 2008 - 03:58 PM

Bump =)

#5 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 July 2008 - 09:47 PM

really not sure what the problem is but really need help :thumbsup:

#6 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 07 July 2008 - 03:28 PM

bump

#7 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 07 July 2008 - 11:33 PM

B U M P

#8 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:06 PM

Posted 23 July 2008 - 11:39 PM

Hi morth,

I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:

Please make new reports with DSS, if you need to download the program again you can do so from here:
http://www.techsupportforum.com/sectools/Deckard/dss.exe
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked press Scan!
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
Teacher at Malware Removal University | ASAP & UNITE Member

#9 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 July 2008 - 07:44 AM

Deckard's System Scanner v20071014.68
Run by Morth on 2008-07-24 08:43:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Morth.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:12 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Morth\Local Settings\Temporary Internet Files\Content.IE5\QB0N6P6I\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Morth.exe

O2 - BHO: (no name) - {1CADBE98-1F06-4E11-B0B3-9EFDB455CDED} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {46ed8aa4-3352-4f7c-9945-43a2f4080859} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7479295f-f1e4-4c7a-ac4b-2c757677b501} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {acaa1f2b-0e48-411a-8cb5-eaca78c19606} - (no file)
O2 - BHO: (no name) - {D67DC603-AE1D-4D62-80C5-D9E8A0851056} - (no file)
O2 - BHO: (no name) - {E09D770C-BDB1-48FC-88F4-080B210033EE} - (no file)
O2 - BHO: (no name) - {E893AD02-9D96-4AA2-9C42-9EE1A102D7FC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://www.cogeco.com/en/OLS3/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat??o?5.1,avgrsstx.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 7383 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 08:04:32 0 d-------- C:\Program Files\Steam
2008-07-22 21:30:33 0 dr-h----- C:\Documents and Settings\Morth\Recent
2008-07-17 04:25:53 0 d-------- C:\Program Files\RivaTuner v2.09
2008-07-14 00:24:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-13 23:37:45 0 d-------- C:\Documents and Settings\Morth\DoctorWeb
2008-07-13 18:42:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 18:42:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 18:42:22 0 d-------- C:\Documents and Settings\Morth\Application Data\SUPERAntiSpyware.com
2008-07-12 23:30:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-12 23:23:02 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-07-12 04:16:35 0 d-------- C:\WINDOWS\ERUNT
2008-07-12 04:12:35 2038 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 04:12:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 04:12:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-12 04:12:00 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-12 04:12:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-12 04:12:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-12 04:12:00 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-12 04:12:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 04:12:00 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-12 04:07:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-11 04:08:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-11 01:37:03 0 d-------- C:\Documents and Settings\Morth\Application Data\TmpRecentIcons
2008-07-10 04:06:45 0 d-------- C:\Program Files\ManyCam 2.22
2008-07-09 03:54:45 0 d-------- C:\BSHackerReplayUnlimited
2008-07-08 04:24:34 0 d-------- C:\Documents and Settings\Morth\Application Data\mIRC
2008-07-08 04:24:33 0 d-------- C:\Program Files\mIRC
2008-07-07 08:03:31 0 d-------- C:\Program Files\a-squared Anti-Dialer
2008-07-07 07:46:29 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-06 00:32:46 0 d-------- C:\Program Files\Trend Micro
2008-07-05 23:32:31 0 d-------- C:\Documents and Settings\Morth\Application Data\Auslogics
2008-07-05 23:31:58 0 d-------- C:\Program Files\Auslogics


-- Find3M Report ---------------------------------------------------------------

2008-07-24 08:30:19 53 --a------ C:\biosinfo
2008-07-20 21:15:36 0 d-------- C:\Program Files\Incomplete
2008-07-20 09:48:43 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-20 09:45:12 0 d-------- C:\Program Files\LimeWire
2008-07-20 09:15:03 0 d-------- C:\Program Files\LimeWiremusic
2008-07-20 08:50:30 0 d-------- C:\Documents and Settings\Morth\Application Data\LimeWire
2008-07-18 17:31:09 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-07-17 05:55:02 0 d-------- C:\Documents and Settings\Morth\Application Data\Xfire
2008-07-17 05:55:01 0 d---s---- C:\Program Files\Xfire
2008-07-17 04:38:52 0 d-------- C:\Program Files\ATITool
2008-07-15 16:47:54 0 d-------- C:\Program Files\World of Warcraft
2008-07-14 22:35:00 0 d-------- C:\Program Files\Tibia
2008-07-14 22:17:09 0 d-------- C:\Program Files\Tibia Auto
2008-07-13 03:21:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 03:03:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 04:03:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 07:40:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-07 06:45:26 0 d-------- C:\Program Files\Setup Files
2008-07-07 05:54:21 0 d-------- C:\Program Files\Guitar Pro 5
2008-06-29 06:06:52 0 d-------- C:\Documents and Settings\Morth\Application Data\Tibia
2008-06-25 06:15:04 0 d-------- C:\Program Files\TibiaBot NG
2008-06-22 23:03:32 0 d-------- C:\Program Files\TibiaBot NG 8.0
2008-06-22 03:25:35 0 d-------- C:\Program Files\Tibia2
2008-06-18 22:09:25 0 d-------- C:\Program Files\QuickTime
2008-06-18 21:21:37 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:10:16 0 d-------- C:\Program Files\Yahoo!
2008-06-18 18:08:07 0 d-------- C:\Program Files\Tortun
2008-06-18 18:07:00 0 d-------- C:\Program Files\MAIET
2008-06-18 18:05:37 0 d-------- C:\Program Files\AVS4YOU
2008-06-18 18:05:32 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-18 18:04:34 0 d-------- C:\Program Files\Common Files\AOL
2008-06-18 18:03:55 0 d-------- C:\Program Files\4Musics WMA to WAV Converter
2008-06-10 02:06:59 0 d-------- C:\Documents and Settings\Morth\Application Data\Roxio
2008-06-05 00:34:37 0 d-------- C:\Program Files\Conquer 2.0
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Macromedia
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Adobe
2008-05-21 18:44:55 2528 --a------ C:\Documents and Settings\Morth\Application Data\$_hpcst$.hpc
2008-05-04 02:02:16 165123 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CADBE98-1F06-4E11-B0B3-9EFDB455CDED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46ed8aa4-3352-4f7c-9945-43a2f4080859}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7479295f-f1e4-4c7a-ac4b-2c757677b501}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{acaa1f2b-0e48-411a-8cb5-eaca78c19606}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D67DC603-AE1D-4D62-80C5-D9E8A0851056}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E09D770C-BDB1-48FC-88F4-080B210033EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E893AD02-9D96-4AA2-9C42-9EE1A102D7FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 09:11 PM]
"SW20"="C:\WINDOWS\system32\sw20.exe" [12/14/2006 10:58 PM]
"SW24"="C:\WINDOWS\system32\sw24.exe" [12/14/2006 10:58 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/22/2008 05:43 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [07/24/2008 08:05 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat??o?5.1,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"aawservice"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"a2AntiDialer"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8e489a-5998-11dc-9fb6-001731bea650}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-24 08:43:36 ------------

#10 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:06 PM

Posted 24 July 2008 - 11:12 PM

Hi morth,

The report posted wasn't the full main.txt and the extra.txt was missing, this is likely to be because you ran dss.exe from the download location rather than downloading it to your desktop as per the instructions, please follow these exactly and post both reports:

Please make new reports with DSS, if you need to download the program again you can do so from here: (right-click the link, select Save Target As..., select your Desktop and press Save)
http://www.techsupportforum.com/sectools/Deckard/dss.exe
  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked press Scan!
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c dir "c:\cru629.dat" /a /s >> "%userprofile%\desktop\look.txt" 2>>&1

A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes before opening look.txt
Post the contents of look.txt in your next response.


Once complete, please post the look.txt output and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
Teacher at Malware Removal University | ASAP & UNITE Member

#11 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 27 July 2008 - 05:20 AM

Deckard's System Scanner v20071014.68
Run by Morth on 2008-07-27 06:17:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2008-07-27 10:17:17 UTC - RP287 - Deckard's System Scanner Restore Point
103: 2008-07-26 21:22:58 UTC - RP286 - Installed DirectX
102: 2008-07-25 20:22:42 UTC - RP285 - System Checkpoint
101: 2008-07-24 13:02:41 UTC - RP284 - Installed TweakXP
100: 2008-07-24 12:04:31 UTC - RP283 - Installed Steam


-- First Restore Point --
1: 2008-07-11 05:45:46 UTC - RP184 - Installed Kaspersky Anti-Virus 7.0.


Performed disk cleanup.



-- HijackThis (run as Morth.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:48 AM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Morth\Desktop\Yod'm 3D\Yodm3D.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Morth\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Morth.exe

O2 - BHO: (no name) - {1CADBE98-1F06-4E11-B0B3-9EFDB455CDED} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {46ed8aa4-3352-4f7c-9945-43a2f4080859} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7479295f-f1e4-4c7a-ac4b-2c757677b501} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {acaa1f2b-0e48-411a-8cb5-eaca78c19606} - (no file)
O2 - BHO: (no name) - {D67DC603-AE1D-4D62-80C5-D9E8A0851056} - (no file)
O2 - BHO: (no name) - {E09D770C-BDB1-48FC-88F4-080B210033EE} - (no file)
O2 - BHO: (no name) - {E893AD02-9D96-4AA2-9C42-9EE1A102D7FC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Morth\Desktop\Yod'm 3D\Yodm3D.exe
O4 - Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://www.cogeco.com/en/OLS3/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat??o?5.1,avgrsstx.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 9275 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080724-083945-296 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080724-083945-471 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080724-083945-753 R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
backup-20080724-084015-550 O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 ntiowp - c:\windows\system32\drivers\ntiowp.sys <Not Verified; ; NT IO driver>
R2 nxsIO32 (NextSensor Kernel I/O Driver) - c:\windows\system32\drivers\nxsio32.sys
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>

S3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 catchme - c:\docume~1\morth\locals~1\temp\catchme.sys (file missing)
S3 cpuz - c:\docume~1\morth\locals~1\temp\temporary directory 1 for a64tweaker_v0.6beta.zip\cpuz.sys (file missing)
S3 cwgsf - c:\documents and settings\morth\desktop\glider\cwgsf.sys (file missing)
S3 dnfbnf - c:\documents and settings\morth\desktop\glidor\dnfbnf.sys (file missing)
S3 exampledriver - c:\documents and settings\morth\desktop\stuff\game\gamehacks\pewpew\exampledriver.sys
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 gtqeg - c:\documents and settings\morth\desktop\glider\gtqeg.sys (file missing)
S3 multi - c:\documents and settings\morth\desktop\glidor\multi.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 NTProcDrv (Process creation detector for NT.) - c:\documents and settings\morth\desktop\2moon bot\ntprocdrv.sys (file missing)
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 qhxop - c:\documents and settings\morth\desktop\glider\qhxop.sys (file missing)
S3 RivaTuner32 - c:\program files\rivatuner v2.09\rivatuner32.sys
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 XDva120 - c:\windows\system32\xdva120.sys (file missing)
S3 xlbedahyfb - c:\documents and settings\morth\desktop\wow\xlbedahyfb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\B5A0FF11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\B5A0FF11D800
Service: NIC1394


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 676)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1108)
2004-12-07 23:21:10 65536 --a------ C:\WINDOWS\system32\xfire_lsp_10650.dll
2006-02-17 13:39:14 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter>

C:\WINDOWS\explorer.exe (pid 1840)
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-03-24 19:04:00 35328 --a------ C:\Documents and Settings\Morth\Desktop\Yod'm 3D\Yodm3d.dll <Not Verified; Christian Salmon; Yod'm 3D>
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>

C:\WINDOWS\system32\rundll32.exe (pid 2024)
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll

C:\WINDOWS\system32\rundll32.exe (pid 1136)
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-04-02 01:43:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 17:22:28 0 d-------- C:\WINDOWS\Logs
2008-07-26 17:22:25 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-26 17:22:21 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-26 17:22:20 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-26 17:22:15 0 d-------- C:\Program Files\ffdshow
2008-07-26 17:21:59 0 d--h---c- C:\Documents and Settings\All Users\Application Data\{ECF27DA6-61FA-4DDA-870F-1766B3B8A74E}
2008-07-26 17:17:23 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-07-26 10:07:15 0 d-------- C:\WINDOWS\NV24921300.TMP
2008-07-26 10:05:35 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-26 09:01:11 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-07-26 08:48:56 0 d-------- C:\Program Files\Prime95
2008-07-25 09:17:46 0 dr-h----- C:\Documents and Settings\Morth\Recent
2008-07-24 09:01:52 0 d-------- C:\Program Files\TweakXP 2
2008-07-24 08:04:32 0 d-------- C:\Program Files\Steam
2008-07-17 04:25:53 0 d-------- C:\Program Files\RivaTuner v2.09
2008-07-14 00:24:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-13 23:37:45 0 d-------- C:\Documents and Settings\Morth\DoctorWeb
2008-07-13 18:42:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 18:42:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 18:42:22 0 d-------- C:\Documents and Settings\Morth\Application Data\SUPERAntiSpyware.com
2008-07-12 23:30:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-12 23:23:02 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-07-12 04:16:35 0 d-------- C:\WINDOWS\ERUNT
2008-07-12 04:12:35 2038 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 04:12:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 04:12:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-12 04:12:00 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-12 04:12:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-12 04:12:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-12 04:12:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 04:12:00 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-12 04:07:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-11 04:08:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-11 01:37:03 0 d-------- C:\Documents and Settings\Morth\Application Data\TmpRecentIcons
2008-07-10 04:06:45 0 d-------- C:\Program Files\ManyCam 2.22
2008-07-09 03:54:45 0 d-------- C:\BSHackerReplayUnlimited
2008-07-08 04:24:34 0 d-------- C:\Documents and Settings\Morth\Application Data\mIRC
2008-07-08 04:24:33 0 d-------- C:\Program Files\mIRC
2008-07-07 08:03:31 0 d-------- C:\Program Files\a-squared Anti-Dialer
2008-07-07 07:46:29 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-06 00:32:46 0 d-------- C:\Program Files\Trend Micro
2008-07-05 23:32:31 0 d-------- C:\Documents and Settings\Morth\Application Data\Auslogics
2008-07-05 23:31:58 0 d-------- C:\Program Files\Auslogics


-- Find3M Report ---------------------------------------------------------------

2008-07-27 02:26:00 53 --a------ C:\biosinfo
2008-07-27 02:14:40 0 d-------- C:\Documents and Settings\Morth\Application Data\Xfire
2008-07-27 02:07:02 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-07-26 08:59:14 0 d-------- C:\Program Files\SpeedFan
2008-07-25 12:44:34 0 d-------- C:\Program Files\LimeWire
2008-07-25 10:34:55 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-25 10:10:09 0 d-------- C:\Program Files\Incomplete
2008-07-25 09:59:29 0 d-------- C:\Documents and Settings\Morth\Application Data\LimeWire
2008-07-25 09:43:38 0 d---s---- C:\Program Files\Xfire
2008-07-20 09:15:03 0 d-------- C:\Program Files\LimeWiremusic
2008-07-17 04:38:52 0 d-------- C:\Program Files\ATITool
2008-07-15 16:47:54 0 d-------- C:\Program Files\World of Warcraft
2008-07-14 22:35:00 0 d-------- C:\Program Files\Tibia
2008-07-14 22:17:09 0 d-------- C:\Program Files\Tibia Auto
2008-07-13 03:21:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 03:03:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 04:03:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 07:40:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-07 06:45:26 0 d-------- C:\Program Files\Setup Files
2008-07-07 05:54:21 0 d-------- C:\Program Files\Guitar Pro 5
2008-06-29 06:06:52 0 d-------- C:\Documents and Settings\Morth\Application Data\Tibia
2008-06-25 06:15:04 0 d-------- C:\Program Files\TibiaBot NG
2008-06-22 23:03:32 0 d-------- C:\Program Files\TibiaBot NG 8.0
2008-06-22 03:25:35 0 d-------- C:\Program Files\Tibia2
2008-06-18 22:09:25 0 d-------- C:\Program Files\QuickTime
2008-06-18 21:21:37 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:10:16 0 d-------- C:\Program Files\Yahoo!
2008-06-18 18:08:07 0 d-------- C:\Program Files\Tortun
2008-06-18 18:07:00 0 d-------- C:\Program Files\MAIET
2008-06-18 18:05:37 0 d-------- C:\Program Files\AVS4YOU
2008-06-18 18:05:32 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-18 18:04:34 0 d-------- C:\Program Files\Common Files\AOL
2008-06-18 18:03:55 0 d-------- C:\Program Files\4Musics WMA to WAV Converter
2008-06-10 02:06:59 0 d-------- C:\Documents and Settings\Morth\Application Data\Roxio
2008-06-05 00:34:37 0 d-------- C:\Program Files\Conquer 2.0
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Macromedia
2008-06-03 20:57:16 0 d-------- C:\Documents and Settings\Morth\Application Data\Adobe
2008-05-21 18:44:55 2528 --a------ C:\Documents and Settings\Morth\Application Data\$_hpcst$.hpc
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-04 02:02:16 165123 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CADBE98-1F06-4E11-B0B3-9EFDB455CDED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46ed8aa4-3352-4f7c-9945-43a2f4080859}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7479295f-f1e4-4c7a-ac4b-2c757677b501}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{acaa1f2b-0e48-411a-8cb5-eaca78c19606}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D67DC603-AE1D-4D62-80C5-D9E8A0851056}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E09D770C-BDB1-48FC-88F4-080B210033EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E893AD02-9D96-4AA2-9C42-9EE1A102D7FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 09:11 PM]
"SW20"="C:\WINDOWS\system32\sw20.exe" [12/14/2006 10:58 PM]
"SW24"="C:\WINDOWS\system32\sw24.exe" [12/14/2006 10:58 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/22/2008 05:43 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [07/24/2008 08:05 AM]
"Yodm3D"="C:\Documents and Settings\Morth\Desktop\Yod'm 3D\Yodm3D.exe" [04/21/2007 09:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat??o?5.1,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2AntiMalware"=2 (0x2)
"a2AntiDialer"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8e489a-5998-11dc-9fb6-001731bea650}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-27 06:18:47 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.42 MiB / 1531.23 MiB
Pagefile Memory (total/avail): 4961.86 MiB / 4548.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 16.7 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"="C:\\Program Files\\Xfire\\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Documents and Settings\\Morth\\Local Settings\\Temporary Internet Files\\Content.IE5\\C9MR056V\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Morth\\Local Settings\\Temporary Internet Files\\Content.IE5\\C9MR056V\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMPP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMPP.exe:*:Enabled:CoDMPP"
"C:\\Program Files\\World of Warcraft\\WoW-2.2.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Morth\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MORTH-99E4908D4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Morth
LOGONSERVER=\\MORTH-99E4908D4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Morth\LOCALS~1\Temp
TMP=C:\DOCUME~1\Morth\LOCALS~1\Temp
USERDOMAIN=MORTH-99E4908D4
USERNAME=Morth
USERPROFILE=C:\Documents and Settings\Morth
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Morth (admin)
GetRaped (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Anti-Dialer 3.0 --> "C:\Program Files\a-squared Anti-Dialer\unins000.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS_Ai_Proactive_Screensaver (E) --> C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr /u
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
AutoIt v3.2.8.1 --> C:\Program Files\AutoIt3\Uninstall.exe
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
BS Hacker (remove only) --> "C:\BSHackerReplayUnlimited\uninstall.exe"
Call of Duty Game of the Year Edition --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch --> C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch --> C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
Conquer 2.0 --> C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
CPUFSB (remove only) --> "C:\Program Files\CPUFSB\CPUFSB-uninst.exe"
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Vista IM Driver (1.01.03.1104) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy File Joiner --> "C:\Program Files\Ashkon Software\Easy File Joiner\unins000.exe"
EVEREST Corporate Edition v4.00 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
ffdshow [rev 1909] [2008-03-20] --> "C:\Program Files\ffdshow\unins000.exe"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
iTunes Lyrics Importer --> C:\Program Files\iLyrics\Uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic Speed v3.1 --> "C:\Program Files\Smart PC Solutions\Magic Speed\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.2 (remove only) --> "C:\Program Files\ManyCam 2.22\uninstall.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
NSIS Example2 --> "C:\Program Files\Tibia Auto\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
PowerHEX --> C:\WINDOWS\PowerHEX Uninstaller.exe
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Protected Music Converter 0.99b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Recorder --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.LOG"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RivaTuner v2.09 --> "C:\Program Files\RivaTuner v2.09\uninstall.exe"
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SplitCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tibia --> "C:\Program Files\Tibia3\unins000.exe"
Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
TibiaBot NG 4.6.4 --> "C:\Program Files\TibiaBot NG 8.0\unins000.exe"
TuneSleeve --> MsiExec.exe /X{09DC4B52-EAF7-48F6-8163-4BB98C2B706F}
TuneXP 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweakXP Tweaking Utility 2 --> "C:\Program Files\TweakXP 2\unins000.exe"
Utherverse 3D Client --> "C:\Documents and Settings\All Users\Application Data\{ECF27DA6-61FA-4DDA-870F-1766B3B8A74E}\UtherverseSetup.exe" REMOVE=TRUE MODIFY=FALSE
Utherverse 3D Client --> C:\Documents and Settings\All Users\Application Data\{ECF27DA6-61FA-4DDA-870F-1766B3B8A74E}\UtherverseSetup.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual Zip Password Recovery Processor --> C:\Program Files\Visual Zip Password Recovery Processor\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Workspace Macro 4.6 --> "C:\Program Files\Workspace Macro 4.6\Uninstall.exe" "C:\Program Files\Workspace Macro 4.6\install.log"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type9730061 / Success
Event Submitted/Written: 07/27/2008 02:26:27 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9730045 / Success
Event Submitted/Written: 07/27/2008 02:22:27 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9730029 / Warning
Event Submitted/Written: 07/27/2008 00:35:19 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'

Event Record #/Type9730028 / Warning
Event Submitted/Written: 07/27/2008 00:35:19 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature', component '{9F47ECA8-A740-EC80-1AE2-C48048D83AA4}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Journal Viewer\' does not exist.

Event Record #/Type9730027 / Warning
Event Submitted/Written: 07/27/2008 00:35:19 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16307 / Error
Event Submitted/Written: 07/27/2008 06:12:12 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type16291 / Error
Event Submitted/Written: 07/27/2008 02:26:00 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type16269 / Error
Event Submitted/Written: 07/27/2008 02:20:22 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type16268 / Error
Event Submitted/Written: 07/27/2008 02:20:22 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.

Event Record #/Type16259 / Warning
Event Submitted/Written: 07/26/2008 11:48:24 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-07-27 06:18:47 ------------

#12 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:06 PM

Posted 27 July 2008 - 11:22 PM

Hi morth,

The DSS report shows that you have NVIDIA ActiveArmor firewall installed but it is disabled, as is the Windows firewall. Please re-enable the NVIDIA firewall or activate the Windows firewall as follows:
  • Press Start->Run, type wscui.cpl and press OK
  • Click Windows Firewall, make sure On is selected and press OK
------------------------------------------------------------------------

Please open Start->Control Panel->Add/Remove Programs, and remove the following:

J2SE Runtime Environment 5.0 Update 3
JavaT 6 Update 3

These are out of date and now a security risk, you can get the latest update (Java Runtime Environment (JRE) 6 Update 7) from here

You have a program called Messenger Plus! Live installed. When installing it offers a choice either to Install the sponsor program or I refuse to give my support, don't install the sponsor. The sponsor program is malware so if you installed it or are unsure we must remove it. Even if you didn't install the sponsor program I recommend you remove this program anyway as the developer is spreading malware for profit - read more information about this here.
You can remove Messenger Plus! Live via Add/Remove Programs

Viewpoint Media Player is not malware but is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.

You have BitLord and LimeWire, P2P file sharing programs installed on your computer. These programs do not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I strongly recommend you remove these via Add/Remove Programs.

------------------------------------------------------------------------

Open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: (no name) - {1CADBE98-1F06-4E11-B0B3-9EFDB455CDED} - (no file)
O2 - BHO: (no name) - {46ed8aa4-3352-4f7c-9945-43a2f4080859} - (no file)
O2 - BHO: (no name) - {7479295f-f1e4-4c7a-ac4b-2c757677b501} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {acaa1f2b-0e48-411a-8cb5-eaca78c19606} - (no file)
O2 - BHO: (no name) - {D67DC603-AE1D-4D62-80C5-D9E8A0851056} - (no file)
O2 - BHO: (no name) - {E09D770C-BDB1-48FC-88F4-080B210033EE} - (no file)
O2 - BHO: (no name) - {E893AD02-9D96-4AA2-9C42-9EE1A102D7FC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Restrictions have been placed on Internet Explorer control panel options, probably for security reasons by Spybot S&D. If however you wish to remove these restrictions then please check this line also:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
FOR %%G IN (
"%userprofile%\Start Menu\Programs\Startup\autorunsdisabled"
C:\cru629.dat
"c:\documents and settings\morth\desktop\glider\cwgsf.sys"
"c:\documents and settings\morth\desktop\glidor\dnfbnf.sys"
"c:\documents and settings\morth\desktop\glider\gtqeg.sys"
"c:\documents and settings\morth\desktop\glidor\multi.sys"
"c:\documents and settings\morth\desktop\glider\qhxop.sys"
"c:\documents and settings\morth\desktop\wow\xlbedahyfb.sys"
"c:\documents and settings\morth\desktop\stuff\game\gamehacks\pewpew\exampledriver.sys"
"c:\documents and settings\morth\desktop\2moon bot\ntprocdrv.sys"
"c:\windows\system32\xdva120.sys"
) DO (
echo %%G >> results.txt 2>>&1
dir %%G /a /s >> results.txt 2>>&1
)
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled" >> results.txt 2>>&1
del runme.bat
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Open the ESET Online Scanner in Internet Explorer
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start->Run, copy/paste the following command into the box and press OK:

    notepad "C:\Program Files\EsetOnlineScanner\log.txt"

  • The log file should now appear in Notepad, copy and paste the contents in your next response.
------------------------------------------------------------------------

Once complete, please post the results.txt output, the Eset scan report and a new HijackThis log.
Also, tell me how your computer is behaving currently.

Edited by silver, 27 July 2008 - 11:23 PM.

Teacher at Malware Removal University | ASAP & UNITE Member

#13 morth

morth
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 28 July 2008 - 12:17 PM

Alright i removed the programs that you said, updated Java- did the HiJack but the Glidor stuff is safe its used with my one game.

#14 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:06 PM

Posted 28 July 2008 - 11:55 PM

The batch file I posted for you does not make any changes, it merely looks to see what files/entries are present.
If the Glidor stuff is not malware and you don't want to remove it that's completely up to you.

If you have any further concerns let me know, otherwise please complete the instructions and post the logs requested.
Teacher at Malware Removal University | ASAP & UNITE Member

#15 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:06 PM

Posted 02 August 2008 - 10:50 PM

Do you still need help with your machine?
Teacher at Malware Removal University | ASAP & UNITE Member




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users