HELP! infected with http://antispyspider.us/69 [CLOSED], http://antispyspider.us/69 |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour.
Learn more about Geeks to Go by taking the tour.
  |
 May 11 2008, 11:27 PM
Post
#1
|
|
|
Member  Posts: 54 OS: Windows XP  |
My desktop background has changed to some spyware removal BS and it will not let me change it to something else... plus my internet opens by itself toand some other websites... and I get spyware removal warnings every 10 seconds! PLEASE HELP!! thank you in advance! here's a HJT log...
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:24:42 PM, on 5/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\b2new.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\AOL\1154645244\ee\AOLSoftware.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\lcntqkdm.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing) O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154645244\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [{8E-E4-45-57-DW}] c:\windows\system32\rwwnw64d.exe DWramYB O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntqkdm.exe DWramYB O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [Systray] rundll32.exe sockins32.dll,RunMain O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\lcntqkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rwwnw64d.exe O4 - Global Startup: Digital Line Detect.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12602 bytes This post has been edited by Rorschach112: May 12 2008, 08:17 AM
Reason for edit: Removed live link
|
 |
 
|
|
May 16 2008, 09:08 AM
Post
#2
|
|
 Malware Monger  Posts: 1,070 From: Europe OS: XP Professional SP3 |
Hi there b_diddy510,
Sorry for the delay, the forums are busy and inevitably some logs slip through the cracks. Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply. -------------------- |
|
|
|
|
May 16 2008, 11:37 AM
Post
#3
|
|
|
Member Posts: 54 OS: Windows XP |
Here's main.txt
Deckard's System Scanner v20071014.68 Run by Family on 2008-05-15 22:33:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 91: 2008-05-16 05:33:54 UTC - RP1428 - Deckard's System Scanner Restore Point 90: 2008-05-15 17:38:53 UTC - RP1427 - System Checkpoint 89: 2008-05-14 10:00:15 UTC - RP1426 - Software Distribution Service 3.0 88: 2008-05-13 19:30:55 UTC - RP1425 - System Checkpoint 87: 2008-05-12 18:24:09 UTC - RP1424 - System Checkpoint -- First Restore Point -- 1: 2008-02-16 12:21:40 UTC - RP1338 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Family.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35, on 2008-05-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Common Files\AOL\1154645244\ee\AOLSoftware.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SYSTEM32\lcntqkdm.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Family\Desktop\dss.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Family.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll (file missing) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing) O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154645244\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SYSTEM32\lcntqkdm.exe DWramYB O4 - HKLM\..\RunOnce: [SpybotDeletingA9105] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk_tobedeleted" O4 - HKLM\..\RunOnce: [SpybotDeletingC4535] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk_tobedeleted" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\lcntqkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rwwnw64d.exe O4 - Global Startup: Digital Line Detect.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12809 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 NDISUIOO - c:\windows\system32\drivers\ndisuioo.sys R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface> R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 Aldebaran (Aldebaran - Storage Filter Drivers) - c:\windows\system32\drivers\aldebaran.sys (file missing) S3 catchme - c:\docume~1\family\locals~1\temp\catchme.sys (file missing) S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing) S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\b2new.exe service (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-15 22:32:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-14 11:38:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-15 and 2008-05-15 ----------------------------- 2008-05-11 22:24:38 0 d-------- C:\Program Files\Trend Micro 2008-05-11 10:13:44 861 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-05-11 10:13:36 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-05-11 10:13:36 200768 --a------ C:\WINDOWS\system32\lcntqkdm.exe 2008-05-11 10:13:32 0 d--hs---- C:\WINDOWS\RmFtaWx5 2008-05-11 10:13:18 298311 --a------ C:\WINDOWS\system32\gside.exe 2008-05-11 10:13:09 32768 --a------ C:\WINDOWS\system32\sockins32.dll <Not Verified; ThinkPad; ThinkPad repl> 2008-05-11 10:13:06 0 d-------- C:\Program Files\winvi 2008-05-11 10:13:04 86144 --a------ C:\WINDOWS\system32\drivers\NDISUIOO.sys 2008-05-11 10:13:03 0 d-------- C:\WINDOWS\system32\winRem 2008-05-11 10:13:03 0 d-------- C:\WINDOWS\system32\spoolX 2008-05-11 10:13:03 0 d-------- C:\WINDOWS\system32\MUI2 2008-05-11 10:13:03 0 d-------- C:\WINDOWS\system32\1036a 2008-05-11 10:12:50 0 d-------- C:\WINDOWS\system32\dFrnx06 2008-05-11 10:12:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-05-11 10:12:19 4 --a------ C:\WINDOWS\system32\winfrun32.bin 2008-04-28 18:10:35 0 d-------- C:\Documents and Settings\Family\Application Data\FastStone 2008-04-28 18:10:30 0 d-------- C:\Program Files\FastStone Image Viewer -- Find3M Report --------------------------------------------------------------- 2008-04-14 21:42:52 0 d-------- C:\Documents and Settings\Family\Application Data\AdobeUM 2008-03-19 20:47:50 0 d--h----- C:\Documents and Settings\Family\Application Data\yahoo! 2008-03-19 17:16:46 0 d-------- C:\Documents and Settings\Family\Application Data\Real 2008-02-16 08:48:44 167 --a------ C:\Documents and Settings\Family\Application Data\AVSDVDPlayer.m3u -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}] C:\WINDOWS\system32\mysidesearch_sidebar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 10:23] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52] "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43] "P17Helper"="P17.dll" [2004-06-10 10:51 C:\WINDOWS\SYSTEM32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 17:19] "Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 14:21] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-19 21:54] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-10-31 11:05] "DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 09:56] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 04:42] "HostManager"="C:\Program Files\Common Files\AOL\1154645244\ee\AOLSoftware.exe" [2006-05-09 17:24] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 12:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11] "ExploreUpdSched"="C:\WINDOWS\SYSTEM32\lcntqkdm.exe" [2008-05-11 10:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2005-11-15 19:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43] "WinUpdater"="C:\Program Files\winvi\update.exe" [] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "SpybotDeletingA9105"=command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk_tobedeleted" "SpybotDeletingC4535"=cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk_tobedeleted" C:\Documents and Settings\Family\Start Menu\Programs\Startup\ Deewoo.lnk - C:\WINDOWS\SYSTEM32\lcntqkdm.exe [2008-05-11 10:13:36] DESKTOP.INI [2004-08-10 12:04:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe," [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}] rundll32 sockins32.dll,InitModule -- End of Deckard's System Scanner: finished at 2008-05-15 22:36:34 ------------ |
|
|
|
|
May 16 2008, 11:38 AM
Post
#4
|
|
|
Member Posts: 54 OS: Windows XP |
and extra.txt...
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.20GHz Percentage of Memory in Use: 47% Physical Memory (total/avail): 1022.09 MiB / 538.25 MiB Pagefile Memory (total/avail): 2460.89 MiB / 1983.53 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.84 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 145.46 GiB total, 120.59 GiB free. D: is CDROM (No Media) E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - WDC WD1600JD-75HBB0 - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 145.46 GiB - C: \PARTITION2 - Unknown - 3.5 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. Unable to create WMI object. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Family\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LOPES ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Family LOGONSERVER=\\LOPES NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Family\LOCALS~1\Temp TMP=C:\DOCUME~1\Family\LOCALS~1\Temp USERDOMAIN=LOPES USERNAME=Family USERPROFILE=C:\Documents and Settings\Family windir=C:\WINDOWS __COMPAT_LAYER=DisableNXShowUI -- User Profiles --------------------------------------------------------------- Family (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S --> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S --> C:\PROGRA~1\Yahoo!\Common\unybase.exe --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} AIM 6 --> C:\Program Files\AIM6\uninst.exe AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe AT&T Yahoo! DSL Activation --> C:\PROGRA~1\Yahoo!\Common\unindlk.exe /S ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe" Aurora MPEG To DVD Burner 4.9.24 --> "C:\Program Files\Aurora MPEG To DVD Burner\unins000.exe" AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe" AVS DVD Player version 2.2 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe" Azureus --> C:\Program Files\Azureus\Uninstall.exe Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Dell AIO Printer A960 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960 Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText DV 4100M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B423A661-0726-405A-AFE9-C44CCB8036BA}\Setup.exe" ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} FastStone Image Viewer 3.5 --> C:\Program Files\FastStone Image Viewer\uninst.exe Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hoyle Casino 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{224C47F4-CB95-406C-8AD6-81002FEED0CF} Hoyle Games Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59} Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033 IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kevtris --> C:\Program Files\Microsoft ActiveSync\Kevtris\Uninstall.exe Kevtris kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_29447cc\Setup.exe /APR-REMOVE KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{831B265C-C203-4B72-A8F6-ECA1530957D3} LimeWire 4.14.12 --> "C:\Program Files\LimeWire\LimeWire 4.2.6\uninstall.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9 Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst MySidesearch Search Assistant Bfinding --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe netbrdg --> MsiExec.exe /I{11511E0E-B847-46CD-81EF-1A8C488A042C} Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registrar Registry Manager 5.51 --> "C:\Program Files\Registrar Registry Manager\unins000.exe" Registrar Registry Manager 5.51 (Lite Edition) --> "C:\Program Files\Registrar Registry Manager\unwise.exe" Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} SBC Yahoo! DSL Activation --> C:\PROGRA~1\Yahoo!\Common\undsldlk.exe Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} Theme Generator V2 --> MsiExec.exe /X{4FD05420-333C-4233-94A6-9759430D6C2A} tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Videora iPod Converter 0.91 --> C:\Program Files\VideoraiPodConverter\uninst.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe winvi (remove only) --> "C:\Program Files\winvi\uninst.exe" WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} -- Application Event Log ------------------------------------------------------- Event Record #/Type4040 / Error Event Submitted/Written: 05/15/2008 09:48:56 PM Event ID/Source: 1802 / SecurityCenter Event Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Event Record #/Type4035 / Error Event Submitted/Written: 05/15/2008 00:29:29 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application ybrowser.exe, version 2006.8.11.1, faulting module yuc.dll, version 2006.8.8.2, fault address 0x000178b0. Processing media-specific event for [ybrowser.exe!ws!] Event Record #/Type4034 / Error Event Submitted/Written: 05/15/2008 11:56:58 AM Event ID/Source: 100 / AVG7 Event Description: 2008-05-15 18:56:58,500 LOPES [000380:000592] ERROR 000 AVG7.AM.events.IpReport handling of message reported by Resident Shield failed: Not enough storage is available to process this command. (8) Event Record #/Type4031 / Error Event Submitted/Written: 05/15/2008 05:09:20 AM Event ID/Source: 1802 / SecurityCenter Event Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Event Record #/Type4024 / Error Event Submitted/Written: 05/14/2008 07:30:08 PM Event ID/Source: 1802 / SecurityCenter Event Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type7904 / Error Event Submitted/Written: 05/15/2008 09:50:07 PM Event ID/Source: 7000 / Service Control Manager Event Description: The DV 4100M(Video) service failed to start due to the following error: %%1058 Event Record #/Type7903 / Error Event Submitted/Written: 05/15/2008 09:49:01 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 192.168.1.64 for the Network Card with network address 001111629F66 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Event Record #/Type7898 / Error Event Submitted/Written: 05/15/2008 05:47:49 AM Event ID/Source: 7 / Cdrom Event Description: The device, \Device\CdRom1, has a bad block. Event Record #/Type7897 / Error Event Submitted/Written: 05/15/2008 05:47:43 AM Event ID/Source: 7 / Cdrom Event Description: The device, \Device\CdRom1, has a bad block. Event Record #/Type7896 / Error Event Submitted/Written: 05/15/2008 05:47:36 AM Event ID/Source: 7 / Cdrom Event Description: The device, \Device\CdRom1, has a bad block. -- End of Deckard's System Scanner: finished at 2008-05-15 22:36:34 ------------ |
|
|
|
|
May 16 2008, 12:28 PM
Post
#5
|
|
|
Malware Monger Posts: 1,070 From: Europe OS: XP Professional SP3 |
Hi,
Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out  Preparation I will need you to temporarily disable AVG Spyware Guard as it could conflict with our fixes. AVG Anti-Spyware (formerly ewido) 1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray. 2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'. 3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield". 4. Reply 'no' and set it to 'inactive' for the duration of your cleanup. Step 1. Fixes with Hijack This Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): LimeWire 4.14.12 MySidesearch Search Assistant Bfinding Viewpoint Media Player winvi Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll (file missing) O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing) O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SYSTEM32\lcntqkdm.exe DWramYB O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\lcntqkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rwwnw64d.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing) O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Please only fix the entries in red if you or the administrator of your computer did not set any restrictions on Internet Explorer. Now please close all open windows except HJT and press "Fix checked". Step 2. Combofix Please go here to install the recovery console and for a guide on using combofix. Download ComboFix from one of the locations below, and save it to your Desktop. Link 1Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall In your next reply Please post the log produced by combofix. Please post a new Hijack This log AFTER running combofix. If the logs are to big to fit in one reply please spread them out over multiple replies. -------------------- |
|
|
|
|
May 17 2008, 03:01 AM
Post
#6
|
|
|
Member Posts: 54 OS: Windows XP |
combofix log.... ComboFix 08-05-15.3 - Family 2008-05-16 13:41:03.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT -7:00] Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Family\Application Data\inst.exe C:\temp\tn3 C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\NDISUIOO.sys . ---- Previous Run ------- . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\mainms.vpi C:\WINDOWS\megavid.cdt C:\WINDOWS\muotr.so C:\WINDOWS\system32\adult.txt C:\WINDOWS\system32\din.ip C:\WINDOWS\system32\finance.txt C:\WINDOWS\system32\lt.res C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\other.txt C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pharma.txt C:\WINDOWS\system32\sft.res C:\WINDOWS\system32\winfrun32.bin C:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_MSSECURITY1.209.4 -------\Legacy_NDISUIOO -------\Legacy_NETWORK_MONITOR -------\Service_MsSecurity1.209.4 -------\Service_NDISUIOO ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-15 09:19 . 2008-05-15 09:19 9,662 --a------ C:\WINDOWS\SYSTEM32\vaio3-011.ico 2008-05-14 07:06 . 2008-05-14 07:06 9,662 --a------ C:\WINDOWS\SYSTEM32\pinkip.ico 2008-05-14 03:08 . 2008-05-14 05:36 0 --a------ C:\WINDOWS\SYSTEM32\htbt.flag 2008-05-11 22:24 . 2008-05-11 22:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-11 10:14 . 2008-05-11 10:14 57,546 --a------ C:\WINDOWS\promogif3.gif 2008-05-11 10:14 . 2008-05 |