Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RUNDLL Error Loading C:\WINDOWS\System32\gunfneaj.dll [


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

I have now gotten 2 Porn pop ups this morning.

Post me a new DSS log there, some site could be responsible so may not be malware

In my task bar at the bottom left it shows that I currently have Norton 360, Spyware Guard and AVG Anti-spyware open. Should I have something else open and running in the background or am I fine?

That is perfect

Even when I am on the internet it will pop up and if it does it will not allow you to browse until it is closed. Very strange.

Strange, have never come across that problem before. Maybe post in the Windows XP forum after I see your DSS log if it persists.
  • 0

Advertisements


#17
cubacheski

cubacheski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-24 08:38:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:39 AM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120317738000
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132207029843
O16 - DPF: {845C260B-A44B-49A3-86A6-71430B3000A0} (TeleVoxAudioPlayer.TVoxAudioPlayer) - https://www.mytelevo...AudioPlayer.CAB
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpu.../ScanFilexp.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://72.240.51.211...sCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://standrewslink...MJPEGRender.ocx
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.cus...l/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12422 bytes

-- Files created between 2008-01-24 and 2008-02-24 -----------------------------

2008-02-23 19:21:39 0 d-------- C:\Program Files\ABC Amber EPS Converter
2008-02-23 19:03:27 0 d-------- C:\Vectors
2008-02-23 00:09:24 0 d-------- C:\Program Files\Opera
2008-02-23 00:03:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-22 23:55:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-22 23:36:26 0 d-------- C:\Program Files\Xilisoft
2008-02-22 22:25:22 21312 --a------ C:\WINDOWS\choice.exe
2008-02-22 22:24:51 0 d-------- C:\ie-spyad
2008-02-22 22:24:05 0 d-------- C:\Program Files\SpywareBlaster
2008-02-22 20:19:22 0 d-------- C:\Program Files\Common Files\Java
2008-02-22 18:11:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-22 18:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-22 18:11:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-22 17:30:04 0 d-------- C:\New Folder
2008-02-20 20:27:01 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-02-20 20:26:10 0 d-------- C:\Program Files\Hitman Pro
2008-02-20 20:11:44 0 d-------- C:\Program Files\Trend Micro
2008-02-19 22:57:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-19 22:57:15 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-19 22:57:15 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-19 19:59:54 0 d-------- C:\N360_BACKUP
2008-02-19 17:12:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-02-19 16:25:14 0 d-------- C:\Program Files\Norton 360
2008-02-19 06:11:35 8 --a------ C:\WINDOWS\system32\7888b895
2008-02-18 18:44:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-18 06:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-17 22:36:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-17 22:33:44 0 d-------- C:\Program Files\Common Files\iS3
2008-02-17 22:33:40 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-17 22:25:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 21:35:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-17 20:31:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-17 13:07:55 0 d-------- C:\WINDOWS\Prefetch
2008-02-17 11:44:55 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-17 07:07:40 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-17 06:31:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 06:21:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-13 23:04:01 0 d-------- C:\Taxes
2008-02-13 23:01:14 0 d-------- C:\Web Site Art
2008-02-10 07:07:20 0 d-------- C:\Program Files\WebLog Expert
2008-02-09 23:46:09 0 d-------- C:\Program Files\ImageSkill
2008-02-03 15:08:42 0 d-------- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-02-03 15:07:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Inkscape
2008-02-02 12:09:11 0 d-------- C:\Program Files\Easy Graphic Converter
2008-01-27 16:02:09 0 d-------- C:\Backgrounds


-- Find3M Report ---------------------------------------------------------------

2008-02-23 22:57:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-23 00:09:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2008-02-23 00:05:53 0 d-------- C:\Program Files\SpywareGuard
2008-02-22 23:40:31 0 d-a------ C:\Program Files\Common Files
2008-02-22 22:52:02 17779 --a------ C:\WINDOWS\mozver.dat
2008-02-22 20:20:23 0 d-------- C:\Program Files\Java
2008-02-19 21:36:19 0 d-------- C:\Program Files\Google
2008-02-19 20:28:05 0 d-------- C:\Program Files\Symantec
2008-02-19 19:58:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-02-17 22:39:17 0 d-------- C:\Program Files\Messenger
2008-02-17 22:26:34 0 d-------- C:\Program Files\Lavasoft
2008-02-17 20:31:26 0 d-------- C:\Program Files\Diskeeper Corporation
2008-02-17 20:14:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-17 11:48:15 0 d-------- C:\Program Files\Movie Maker
2008-02-17 11:44:24 0 d-------- C:\Program Files\Windows NT
2008-02-09 19:56:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-06 07:00:32 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-02-01 16:07:35 836 --a------ C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2008-01-24 17:19:03 341048 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 16:00:10 0 d-------- C:\Program Files\Disney
2008-01-21 23:09:43 0 d-------- C:\Program Files\iTunes
2008-01-21 23:09:23 0 d-------- C:\Program Files\iPod
2008-01-21 23:07:49 0 d-------- C:\Program Files\QuickTime
2008-01-14 23:18:24 0 d-------- C:\Program Files\WebLog Expert Lite
2008-01-13 20:06:31 0 d-------- C:\Program Files\Photodex Presenter
2008-01-13 20:06:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-01-13 20:06:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-01-06 20:09:32 0 d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2008-01-03 20:38:44 0 d-------- C:\Program Files\Yahoo SiteBuilder
2007-12-25 15:16:59 148252 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 08:02 PM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [10/11/2007 08:45 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/01/2006 11:04 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/06/2003 02:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 07:54 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/29/2006 07:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"EPSON Stylus CX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe" [02/15/2007 06:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [01/04/2005 11:50 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 04:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Outlook"=C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"Acme.PCHButton"=C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"AlcxMonitor"=ALCXMNTR.EXE
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"nwiz"=nwiz.exe /install
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
"PS2"=C:\WINDOWS\system32\ps2.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-02-24 08:41:15 ------------
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean, must been due to the site

Go ahead and delete DSS.exe


We also need to disable TeaTimer as it will conflict with SpywareGuard

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Let me know if you have any questions ? If not, then we are all done
  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP