Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cleaning up


  • Please log in to reply

#1
Infectedlie^.^

Infectedlie^.^

    Member

  • Member
  • PipPip
  • 33 posts
just wanting to clean up this computer i have

FRESH HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 7:59:36 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Matt\Desktop\EndlessOnline\endless.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.34.205.146:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!xSpeed] C:\!xSpeednet\!xSpeednet.exe reg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe





FRESH DSS


Deckard's System Scanner v20070426.43
Run by Matt on 2007-05-02 at 20:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Matt.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:00:22 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Matt\Desktop\EndlessOnline\endless.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\Desktop\Virus scanners\dss.exe
C:\PROGRA~1\HIJACK~1\Matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.34.205.146:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!xSpeed] C:\!xSpeednet\!xSpeednet.exe reg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2007-05-02 13:21:46 0 d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2007-05-02 13:21:30 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-05-02 13:21:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-05-02 13:21:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-05-02 12:52:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-05-02 12:52:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-02 12:52:13 0 d-------- C:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com
2007-05-02 12:51:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-01 15:36:25 0 d-------- C:\Program Files\Game Speed Changer
2007-04-28 02:18:25 111227 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-22 01:03:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-04-21 19:08:28 0 d-------- C:\Program Files\DarkEvil Online
2007-04-17 20:00:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2007-05-02 16:29:48 0 d-------- C:\Documents and Settings\Matt\Application Data\Xfire
2007-05-02 16:29:13 0 d---s---- C:\Program Files\Xfire
2007-05-02 14:44:32 0 d-------- C:\Program Files\Symantec
2007-05-02 14:44:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-02 14:44:29 0 d-------- C:\Program Files\Symantec AntiVirus
2007-05-02 14:13:15 0 d-------- C:\Program Files\Java
2007-05-02 14:07:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-02 14:00:32 0 d-------- C:\Program Files\IrfanView
2007-05-02 13:57:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-02 13:44:08 0 d-------- C:\Program Files\Bonjour
2007-05-02 10:22:19 0 d-------- C:\Documents and Settings\Matt\Application Data\LimeWire
2007-05-01 21:48:05 0 d-------- C:\Program Files\SwiftSwitch
2007-04-17 20:03:05 0 d-------- C:\Program Files\Cheat Engine
2007-04-13 22:46:14 0 d-------- C:\Program Files\WarRock
2007-04-03 15:28:47 0 d-------- C:\Program Files\LimeWire
2007-03-30 08:02:51 0 d--h----- C:\Documents and Settings\Matt\Application Data\Hangame
2007-03-28 19:23:31 0 d-------- C:\Documents and Settings\Matt\Application Data\InstallShield
2007-03-19 19:50:18 0 d-------- C:\Program Files\aspeeder
2007-03-15 20:04:09 0 d-------- C:\Program Files\Google
2007-03-15 19:34:14 0 d-------- C:\Program Files\MSN Messenger
2007-03-14 12:55:25 0 d-------- C:\Documents and Settings\Matt\Application Data\Google
2007-03-11 15:15:06 0 d-------- C:\Program Files\Speed Gear 5
2007-03-07 13:41:02 0 d-------- C:\Documents and Settings\Matt\Application Data\WinRAR


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!xSpeed"="C:\\!xSpeednet\\!xSpeednet.exe reg"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="!xSpeednet"
"hkey"="HKLM"
"command"="c:\\!xSpeednet\\!xSpeednet.exe reg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon.exe"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"hkey"="HKCU"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKCU"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpyNoMore\\SNM.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHeal]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyHeal"
"hkey"="HKLM"
"command"="C:\\Program Files\\SpyHeal\\SpyHeal.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-02 at 20:00:45 ---------





EXTRA FROM DSS



Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.3 MiB / 535.47 MiB
Pagefile Memory (total/avail): 2460.57 MiB / 2054.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.56 GiB total, 28.79 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Matt\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-30AE992KU9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matt
LOGONSERVER=\\HOME-30AE992KU9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Matt\LOCALS~1\Temp
TMP=C:\DOCUME~1\Matt\LOCALS~1\Temp
USERDOMAIN=HOME-30AE992KU9
USERNAME=Matt
USERPROFILE=C:\Documents and Settings\Matt
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rebecca Vautour (admin)
Matt (admin)
Tom (admin)
Administrator.HOME-30AE992KU9.000 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
!xSpeed --> c:\!xSpeed\uninstal.exe
!xSpeed.net 2.0 --> c:\!xSpeednet\uninstal.exe
A Speeder (remove only) --> "C:\Program Files\aspeeder\uninstall.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3 --> MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3 --> MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting --> MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps --> MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3 --> MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe Device Central CS3 --> MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1 --> MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3 --> MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files --> MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Setup --> MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support --> MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3 --> MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
CrazySpeeder_eng --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534A9921-59CC-425D-A62F-F2461DA957CA}\Setup.exe"
DarkEvil Online --> C:\Program Files\DarkEvil Online\Uninstal.exe
Dora's Carnival Adventure (remove only) --> C:\Program Files\Doras Carnival Adventure\Uninstall.exe
Endless Online 0.27 b --> C:\Program Files\EndlessOnline\Uninstall.exe
Feeding Frenzy 2 Shipwreck Showdown (remove only) --> C:\Program Files\Feeding Frenzy 2 Shipwreck Showdown\Uninstall.exe
Game Speed Changer 6.3 --> "C:\Program Files\Game Speed Changer\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Gunbound Revolution --> "C:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
Hangame --> C:\Hangame\JAPANESE\HanUninstallJp.exe
Hey Arnold Runaway Bus 3D Game (remove only) --> "C:\Program Files\Hey Arnold Runaway Bus 3D Game\Uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nicktoons Challenge! (remove only) --> C:\Program Files\Nicktoons Challenge!\Uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Puppy Luv (remove only) --> C:\Program Files\Puppy Luv\Uninstall.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RYL2 - Incomplete Union v1.6.7.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81493ECE-6BD4-4972-B7DB-A0134C0A0D3F}\Setup.exe" -l0x9
Special Force --> C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0011 -removeonly
Speed Gear 5.00 --> "C:\Program Files\Speed Gear 5\unins000.exe"
SpongeBob SquarePants Diner Dash (remove only) --> C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Employee of the Month --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu"
SpongeBob SquarePants Krabby Quest (remove only) --> C:\Program Files\SpongeBob SquarePants Krabby Quest\Uninstall.exe
SpongeBob SquarePants Obstacle Odyssey (remove only) --> C:\Program Files\SpongeBob SquarePants Obstacle Odyssey\Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Wild Thornberrys Movie - Chopper Chase (remove only) --> "C:\Program Files\The Wild Thornberrys Movie - Chopper Chase\Uninstall.exe"
Type To Learn --> C:\PROGRA~1\SCHOLA~1\TYPETO~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\TYPETO~1\INSTALL.LOG
Type To Learn Jr --> C:\PROGRA~1\SCHOLA~1\TYPETO~2\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\TYPETO~2\INSTALL.LOG
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- End of Deckard's System Scanner: finished at 2007-05-02 at 13:02:33 ---------


SUPERANTISPYWARE LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/02/2007 at 02:30 PM

Application Version : 3.7.1018

Core Rules Database Version : 3229
Trace Rules Database Version: 1240

Scan type : Complete Scan
Total Scan Time : 01:21:16

Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 4877
Registry threats detected : 101
File items scanned : 38338
File threats detected : 42

Trojan.Media-Codec
HKLM\Software\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}\InprocServer32
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\PCODEC\ISADDON.DLL
HKLM\Software\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\Implemented Categories
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\InprocServer32
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\PCODEC\IESPLUGIN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#homepage.monitor.exe [ C:\Program Files\PCODEC\isamonitor.exe ]

Adware.Tracking Cookie
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt

Malware.SpyHeal
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\0
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\0\win32
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\FLAGS
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\HELPDIR
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\ProxyStubClsid
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\ProxyStubClsid32
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\TypeLib
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\TypeLib#Version
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\ProxyStubClsid
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\ProxyStubClsid32
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\TypeLib
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\TypeLib#Version
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\ProxyStubClsid
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\ProxyStubClsid32
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\TypeLib
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\TypeLib#Version
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\ProxyStubClsid
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\ProxyStubClsid32
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\TypeLib
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\TypeLib#Version
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\ProxyStubClsid
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\ProxyStubClsid32
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\TypeLib
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\TypeLib#Version
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\ProxyStubClsid
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\ProxyStubClsid32
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\TypeLib
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\TypeLib#Version
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\ProxyStubClsid
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\ProxyStubClsid32
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\TypeLib
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\TypeLib#Version
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\ProxyStubClsid
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\ProxyStubClsid32
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\TypeLib
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\TypeLib#Version
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\ProxyStubClsid
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\ProxyStubClsid32
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\TypeLib
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\TypeLib#Version
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\ProxyStubClsid
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\ProxyStubClsid32
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\TypeLib
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\TypeLib#Version
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\ProxyStubClsid
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\ProxyStubClsid32
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\TypeLib
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\TypeLib#Version
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\ProxyStubClsid
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\ProxyStubClsid32
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\TypeLib
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\TypeLib#Version
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\ProxyStubClsid
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\ProxyStubClsid32
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\TypeLib
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\TypeLib#Version
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\ProxyStubClsid
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\ProxyStubClsid32
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\TypeLib
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\TypeLib#Version
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\ProxyStubClsid
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\ProxyStubClsid32
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\TypeLib
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\TypeLib#Version
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\ProxyStubClsid
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\ProxyStubClsid32
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\TypeLib
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\TypeLib#Version

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\REBECCA VAUTOUR\FAVORITES\ONLINE SECURITY TEST.URL



I will post a avg log tomorrowi will also renew the hijackthis log and the dss log(although they are currently up to date) and defrag my computer maybe

Edited by Infectedlie^.^, 02 May 2007 - 09:02 PM.

  • 0

Advertisements


#2
Infectedlie^.^

Infectedlie^.^

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
umm i havent gotten any help... in a while ... so ill post a new hijackthis log( my connection has gotten TONS worse and it lags every second now..
Logfile of HijackThis v1.99.1
Scan saved at 12:37:02 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.34.205.146:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!xSpeed] C:\!xSpeednet\!xSpeednet.exe reg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP