Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PLEASE HELP, COMPUTER DYING, NEEDS CPR [RESOLVED]


  • This topic is locked This topic is locked

#1
drpepper23

drpepper23

    Member

  • Member
  • PipPipPip
  • 101 posts
i am a first time poster, so if i do something wrong, please let me know.

my goals are: do whatever it takes to remove all the bad stuff and make it run fast.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:23 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 9053 bytes

p.s. tried to upload my file, but it said i couldn't. thank you to anyone who will respond.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
hi and thank you for your help. i must tell you that the pc has been running worse and worse. there are now times when I am unable to shutdown or restart. programs stop responding, my desktop becomes nothing more than icons with a moving mouse.

i tried to run combofix. the program did not run. a blue screen came up and that was it. i waited and waited and there were no prompts. however, i am posting the latest hijack log. please help quickly, i need to get this thing cleaned up. thank you again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:11 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ComboFix\nircmd.cfexe
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\cxssiyvx.dll",b
O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 8622 bytes
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
MAIN:

Deckard's System Scanner v20071014.68
Run by Ilya Shor on 2008-02-29 14:51:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 9.3 GiB (less than 15%) free.


-- HijackThis (run as Ilya Shor.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:05 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\dss.exe
C:\DOCUME~1\ILYASH~1.ICO\Desktop\Ilya Shor.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} - (no file)
O2 - BHO: (no name) - {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} - (no file)
O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {E4C33052-78B6-44B2-A8AA-31DC1FE78759} - (no file)
O2 - BHO: (no name) - {EF8EFD1C-0BE3-4D13-957A-738643AFD590} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\wwrnyyng.dll",b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkkhfd - jkkkhfd.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 9797 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 ddxgb - c:\docume~1\ilyash~1.ico\locals~1\temp\ddxgb.sys (file missing)
3 dsNcAdpt (Juniper Network Connect Adapter) - system32\drivers\dsncadpt.sys (file missing)
3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
2 HPFECP13 - c:\windows\system32\drivers\hpfecp13.sys
3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
1 oreans32 - c:\windows\system32\drivers\oreans32.sys
3 PortTalk - system32\drivers\porttalk.sys (file missing)
3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe
2 McTaskManager (Network Associates Task Manager) - c:\program files\network associates\virusscan\vstskmgr.exe
4 NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe (file missing)
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 00:40:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-01-19 21:31:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-15 01:07:00 420 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 03:46:43 84544 --a------ C:\WINDOWS\system32\wwrnyyng.dll
2008-02-29 03:43:43 89664 --a------ C:\WINDOWS\system32\umsxovig.dll
2008-02-28 23:01:57 0 d-------- C:\ComboFix(2)
2008-02-28 03:46:01 85056 --a------ C:\WINDOWS\system32\pgeeekxl.dll
2008-02-28 03:43:01 90176 --a------ C:\WINDOWS\system32\wcihwwnw.dll
2008-02-27 22:33:19 0 d-------- C:\VundoFix Backups
2008-02-27 15:16:38 0 d-------- C:\Program Files\VideoLAN
2008-02-27 15:08:20 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-02-27 15:08:18 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-02-27 15:08:17 0 d-------- C:\Program Files\PDFCreator
2008-02-27 14:28:54 0 dr-h----- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Recent
2008-02-27 03:42:25 89152 --a------ C:\WINDOWS\system32\iwqxwvnh.dll
2008-02-27 02:42:06 86080 -----n--- C:\WINDOWS\system32\bhkfqrrq.dll
2008-02-27 01:01:14 32 --a------ C:\WINDOWS\go
2008-02-26 02:44:04 90688 --a------ C:\WINDOWS\system32\xtvkewgb.dll
2008-02-26 02:41:04 85056 -----n--- C:\WINDOWS\system32\cxssiyvx.dll
2008-02-26 01:10:42 0 d-------- C:\Program Files\USBDLM
2008-02-25 14:31:39 290551 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-25 14:31:16 321600 -----n--- C:\WINDOWS\system32\jkhfc.dll
2008-02-25 14:26:16 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-02-25 14:26:11 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-24 16:02:14 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Juniper Networks
2008-02-24 13:53:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-22 02:40:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-02-22 02:39:15 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2008-02-22 02:20:09 0 d-------- C:\New Folder
2008-02-22 01:51:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-21 08:05:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-01-29 12:37:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-02-29 01:18:52 0 d-------- C:\Program Files\DC++
2008-02-28 22:53:39 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Skype
2008-02-27 16:58:30 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\vlc
2008-02-27 14:23:22 0 d-------- C:\Program Files\Ares Lite Edition
2008-02-27 01:59:04 120 --a------ C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AVSDVDPlayer.m3u
2008-02-25 14:26:16 0 d-a------ C:\Program Files\Common Files
2008-02-23 01:39:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 08:34:56 0 d-------- C:\Program Files\Common Files\?ecurity
2008-02-21 08:01:16 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AdobeUM
2008-01-30 17:40:29 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Adobe
2008-01-21 23:27:54 0 d-------- C:\Program Files\Camfrog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80251448-BB28-45E8-B655-DFB6FB940B08}]
02/25/2008 02:31 PM 321600 --------- C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C33052-78B6-44B2-A8AA-31DC1FE78759}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF8EFD1C-0BE3-4D13-957A-738643AFD590}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 07:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [08/02/2007 11:59 AM]
"BM7b4db051"="C:\WINDOWS\system32\wrhshuwc.dll" []
"QuickTime Task"="C:\PROGRAM FILES\QUICKTIME\QTTASK.exe" [10/25/2006 06:58 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"787e83cd"="C:\WINDOWS\system32\wwrnyyng.dll" [02/29/2008 03:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 02:35 PM]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [12/27/2003 5:14:11 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\jkkkhfd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfd]
jkkkhfd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares Lite Edition\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\program files\search-assistant\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"McAfeeFramework"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-02-29 14:57:16 ------------

EXTRA

Deckard's System Scanner v20071014.68
Run by Ilya Shor on 2008-02-29 14:51:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 9.3 GiB (less than 15%) free.


-- HijackThis (run as Ilya Shor.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:05 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\dss.exe
C:\DOCUME~1\ILYASH~1.ICO\Desktop\Ilya Shor.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} - (no file)
O2 - BHO: (no name) - {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} - (no file)
O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {E4C33052-78B6-44B2-A8AA-31DC1FE78759} - (no file)
O2 - BHO: (no name) - {EF8EFD1C-0BE3-4D13-957A-738643AFD590} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\wwrnyyng.dll",b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkkhfd - jkkkhfd.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 9797 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 ddxgb - c:\docume~1\ilyash~1.ico\locals~1\temp\ddxgb.sys (file missing)
3 dsNcAdpt (Juniper Network Connect Adapter) - system32\drivers\dsncadpt.sys (file missing)
3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
2 HPFECP13 - c:\windows\system32\drivers\hpfecp13.sys
3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
1 oreans32 - c:\windows\system32\drivers\oreans32.sys
3 PortTalk - system32\drivers\porttalk.sys (file missing)
3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe
2 McTaskManager (Network Associates Task Manager) - c:\program files\network associates\virusscan\vstskmgr.exe
4 NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe (file missing)
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 00:40:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-01-19 21:31:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-15 01:07:00 420 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 03:46:43 84544 --a------ C:\WINDOWS\system32\wwrnyyng.dll
2008-02-29 03:43:43 89664 --a------ C:\WINDOWS\system32\umsxovig.dll
2008-02-28 23:01:57 0 d-------- C:\ComboFix(2)
2008-02-28 03:46:01 85056 --a------ C:\WINDOWS\system32\pgeeekxl.dll
2008-02-28 03:43:01 90176 --a------ C:\WINDOWS\system32\wcihwwnw.dll
2008-02-27 22:33:19 0 d-------- C:\VundoFix Backups
2008-02-27 15:16:38 0 d-------- C:\Program Files\VideoLAN
2008-02-27 15:08:20 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-02-27 15:08:18 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-02-27 15:08:17 0 d-------- C:\Program Files\PDFCreator
2008-02-27 14:28:54 0 dr-h----- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Recent
2008-02-27 03:42:25 89152 --a------ C:\WINDOWS\system32\iwqxwvnh.dll
2008-02-27 02:42:06 86080 -----n--- C:\WINDOWS\system32\bhkfqrrq.dll
2008-02-27 01:01:14 32 --a------ C:\WINDOWS\go
2008-02-26 02:44:04 90688 --a------ C:\WINDOWS\system32\xtvkewgb.dll
2008-02-26 02:41:04 85056 -----n--- C:\WINDOWS\system32\cxssiyvx.dll
2008-02-26 01:10:42 0 d-------- C:\Program Files\USBDLM
2008-02-25 14:31:39 290551 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-25 14:31:16 321600 -----n--- C:\WINDOWS\system32\jkhfc.dll
2008-02-25 14:26:16 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-02-25 14:26:11 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-24 16:02:14 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Juniper Networks
2008-02-24 13:53:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-22 02:40:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-02-22 02:39:15 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2008-02-22 02:20:09 0 d-------- C:\New Folder
2008-02-22 01:51:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-21 08:05:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-01-29 12:37:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-02-29 01:18:52 0 d-------- C:\Program Files\DC++
2008-02-28 22:53:39 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Skype
2008-02-27 16:58:30 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\vlc
2008-02-27 14:23:22 0 d-------- C:\Program Files\Ares Lite Edition
2008-02-27 01:59:04 120 --a------ C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AVSDVDPlayer.m3u
2008-02-25 14:26:16 0 d-a------ C:\Program Files\Common Files
2008-02-23 01:39:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 08:34:56 0 d-------- C:\Program Files\Common Files\?ecurity
2008-02-21 08:01:16 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AdobeUM
2008-01-30 17:40:29 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Adobe
2008-01-21 23:27:54 0 d-------- C:\Program Files\Camfrog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80251448-BB28-45E8-B655-DFB6FB940B08}]
02/25/2008 02:31 PM 321600 --------- C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C33052-78B6-44B2-A8AA-31DC1FE78759}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF8EFD1C-0BE3-4D13-957A-738643AFD590}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 07:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [08/02/2007 11:59 AM]
"BM7b4db051"="C:\WINDOWS\system32\wrhshuwc.dll" []
"QuickTime Task"="C:\PROGRAM FILES\QUICKTIME\QTTASK.exe" [10/25/2006 06:58 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"787e83cd"="C:\WINDOWS\system32\wwrnyyng.dll" [02/29/2008 03:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 02:35 PM]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [12/27/2003 5:14:11 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\jkkkhfd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfd]
jkkkhfd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares Lite Edition\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\program files\search-assistant\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"McAfeeFramework"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-02-29 14:57:16 ------------

THANKS FOR YOUR HELP!!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: (no name) - {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} - (no file)
O2 - BHO: (no name) - {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} - (no file)
O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {E4C33052-78B6-44B2-A8AA-31DC1FE78759} - (no file)
O2 - BHO: (no name) - {EF8EFD1C-0BE3-4D13-957A-738643AFD590} - (no file)
O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\wwrnyyng.dll",b
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
O20 - Winlogon Notify: jkkkhfd - jkkkhfd.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wwrnyyng.dll
    C:\WINDOWS\system32\umsxovig.dll
    C:\WINDOWS\system32\pgeeekxl.dll
    C:\WINDOWS\system32\wcihwwnw.dll
    C:\WINDOWS\system32\iwqxwvnh.dll
    C:\WINDOWS\system32\bhkfqrrq.dll
    C:\WINDOWS\system32\xtvkewgb.dll
    C:\WINDOWS\system32\cxssiyvx.dll
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\jkhfc.dll
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\WINDOWS\system32\iDlo01
    C:\Program Files\Common Files\?ecurity /u
    C:\WINDOWS\Downloaded Program Files\bridge.dll
    c:\program files\search-assistant
    C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
    C:\WINDOWS\system32\wrhshuwc.dll
    C:\WINDOWS\system32\wwrnyyng.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddxgb
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#7
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
MAIN

Deckard's System Scanner v20071014.68
Run by Ilya Shor on 2008-02-29 15:41:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 9.29 GiB (less than 15%) free.


-- HijackThis (run as Ilya Shor.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:17 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\desktop\dss.exe
C:\DOCUME~1\ILYASH~1.ICO\Desktop\ILYASH~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {104AA49D-DC59-4017-AF1F-AB230CE25E8B} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} - (no file)
O2 - BHO: (no name) - {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} - (no file)
O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - (no file)
O2 - BHO: (no name) - {E4C33052-78B6-44B2-A8AA-31DC1FE78759} - (no file)
O2 - BHO: (no name) - {EF8EFD1C-0BE3-4D13-957A-738643AFD590} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\cxssiyvx.dll",b
O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkkhfd - C:\WINDOWS\
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 9285 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ILYASH~1.ICO\Desktop\backups\) --------

backup-20080229-150006-942 O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
backup-20080229-150032-238 O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
backup-20080229-152552-121 O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\thinksnet.exe
backup-20080229-152552-159 O2 - BHO: (no name) - {80251448-BB28-45E8-B655-DFB6FB940B08} - C:\WINDOWS\system32\jkhfc.dll
backup-20080229-152552-174 O2 - BHO: (no name) - {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} - (no file)
backup-20080229-152552-195 O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
backup-20080229-152552-301 O2 - BHO: (no name) - {EF8EFD1C-0BE3-4D13-957A-738643AFD590} - (no file)
backup-20080229-152552-311 O4 - S-1-5-21-1004336348-1078081533-725345543-1004 Startup: PowerReg Scheduler V3.exe (User '?')
backup-20080229-152552-366 O4 - Startup: PowerReg Scheduler V3.exe
backup-20080229-152552-478 O2 - BHO: (no name) - {E4C33052-78B6-44B2-A8AA-31DC1FE78759} - (no file)
backup-20080229-152552-546 O20 - Winlogon Notify: jkkkhfd - jkkkhfd.dll (file missing)
backup-20080229-152552-630 O4 - HKLM\..\Run: [BM7b4db051] Rundll32.exe "C:\WINDOWS\system32\wrhshuwc.dll",s
backup-20080229-152552-764 O2 - BHO: (no name) - {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} - (no file)
backup-20080229-152552-829 O4 - HKLM\..\Run: [787e83cd] rundll32.exe "C:\WINDOWS\system32\wwrnyyng.dll",b

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 dsNcAdpt (Juniper Network Connect Adapter) - system32\drivers\dsncadpt.sys (file missing)
3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
2 HPFECP13 - c:\windows\system32\drivers\hpfecp13.sys
3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
1 oreans32 - c:\windows\system32\drivers\oreans32.sys
3 PortTalk - system32\drivers\porttalk.sys (file missing)
3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe
2 McTaskManager (Network Associates Task Manager) - c:\program files\network associates\virusscan\vstskmgr.exe
4 NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe (file missing)
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\SYSTEM32\svchost.exe (pid 900)
2005-01-14 19:00:00 41018 --a------ C:\WINDOWS\SYSTEM32\entapi.dll <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>

C:\WINDOWS\SYSTEM32\svchost.exe (pid 1128)
2005-01-14 19:00:00 41018 --a------ C:\WINDOWS\SYSTEM32\entapi.dll <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>

C:\WINDOWS\SYSTEM32\svchost.exe (pid 1192)
2003-04-09 21:32:50 114688 --a------ C:\WINDOWS\SYSTEM32\mclsp.dll <Not Verified; Networks Associates Technology, Inc; McAfee LSP>
1997-06-06 19:52:10 11264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2005-01-14 19:00:00 41018 --a------ C:\WINDOWS\SYSTEM32\entapi.dll <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>

C:\WINDOWS\SYSTEM32\svchost.exe (pid 1864)
2005-01-14 19:00:00 41018 --a------ C:\WINDOWS\SYSTEM32\entapi.dll <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>

C:\WINDOWS\explorer.exe (pid 1324)
2008-02-25 14:31:28 321600 -----n--- C:\WINDOWS\SYSTEM32\jkhfc.dll
2005-01-14 19:00:00 41018 --a------ C:\WINDOWS\SYSTEM32\entapi.dll <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>


-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 15:35:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-01-19 21:31:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-15 01:07:00 420 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 15:36:36 290679 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-28 23:01:57 0 d-------- C:\ComboFix(2)
2008-02-27 22:33:19 0 d-------- C:\VundoFix Backups
2008-02-27 15:16:38 0 d-------- C:\Program Files\VideoLAN
2008-02-27 15:08:20 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-02-27 15:08:18 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-02-27 15:08:17 0 d-------- C:\Program Files\PDFCreator
2008-02-27 14:28:54 0 dr-h----- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Recent
2008-02-27 01:01:14 32 --a------ C:\WINDOWS\go
2008-02-26 01:10:42 0 d-------- C:\Program Files\USBDLM
2008-02-25 14:31:16 321600 -----n--- C:\WINDOWS\system32\jkhfc.dll
2008-02-24 16:02:14 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Juniper Networks
2008-02-24 13:53:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-22 02:40:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-02-22 02:39:15 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2008-02-22 02:20:09 0 d-------- C:\New Folder
2008-02-22 01:51:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-21 08:05:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-01-29 12:37:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-02-29 15:29:23 0 d-a------ C:\Program Files\Common Files
2008-02-29 01:18:52 0 d-------- C:\Program Files\DC++
2008-02-28 22:53:39 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Skype
2008-02-27 16:58:30 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\vlc
2008-02-27 14:23:22 0 d-------- C:\Program Files\Ares Lite Edition
2008-02-27 01:59:04 120 --a------ C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AVSDVDPlayer.m3u
2008-02-23 01:39:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 08:01:16 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AdobeUM
2008-01-30 17:40:29 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Adobe
2008-01-21 23:27:54 0 d-------- C:\Program Files\Camfrog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{104AA49D-DC59-4017-AF1F-AB230CE25E8B}]
02/25/2008 02:31 PM 321600 --------- C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80251448-BB28-45E8-B655-DFB6FB940B08}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C33052-78B6-44B2-A8AA-31DC1FE78759}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF8EFD1C-0BE3-4D13-957A-738643AFD590}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 07:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [08/02/2007 11:59 AM]
"QuickTime Task"="C:\PROGRAM FILES\QUICKTIME\QTTASK.exe" [10/25/2006 06:58 PM]
"787e83cd"="C:\WINDOWS\system32\cxssiyvx.dll" []
"BM7b4db051"="C:\WINDOWS\system32\wrhshuwc.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 02:35 PM]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\jkkkhfd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfd]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares Lite Edition\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"McAfeeFramework"=2 (0x2)

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-02-29 15:42:51 ------------

EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 54%
Physical Memory (total/avail): 510.98 MiB / 232.88 MiB
Pagefile Memory (total/avail): 1247.53 MiB / 1009.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 9.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Fixed (FAT32) - 465.65 GiB total, 159.35 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ICOMPUTETHINGS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ilya Shor.ICOMPUTETHINGS
LOGONSERVER=\\ICOMPUTETHINGS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ILYASH~1.ICO\LOCALS~1\Temp
TMP=C:\DOCUME~1\ILYASH~1.ICO\LOCALS~1\Temp
USERDOMAIN=ICOMPUTETHINGS
USERNAME=Ilya Shor
USERPROFILE=C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ilya Shor.ICOMPUTETHINGS (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AIM Toolbar --> C:\Program Files\AIM Toolbar\uninstall.exe
AIM+ (remove only) --> "C:\Program Files\AIM+\uninst.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Ares 2.0.2 --> "C:\Program Files\Ares\uninstall.exe"
Ares Lite Edition 1.8.1 --> "C:\Program Files\Ares Lite Edition\uninstall.exe"
AudioShell 1.3.5 --> "C:\Program Files\AudioShell\unins000.exe"
AVS DVD Player version 2.3 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
B.U.I.C.K. 95 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BUICK95\Uninst.isu"
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Camfrog Video Chat 4.0 (remove only) --> "C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
CBL/CBR Programs and Activities for TI-89 --> C:\PROGRA~1\TIEDUC~1\TI-GRA~1\CBL_CBR\UNWISE.EXE C:\PROGRA~1\TIEDUC~1\TI-GRA~1\CBL_CBR\Install.log
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative PC-CAM Center Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative WebCam Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam NX Driver (1.02.01.0827) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl
Creative WebCam NX User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam NX\Creative WebCam NX User's Guide\English\CTManual.isu"
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus --> C:\PROGRA~1\DAP\UNWISE.EXE C:\PROGRA~1\DAP\INSTALL.LOG
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
GameTime+ --> MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP DeskJet 710C Series (Remove only) --> C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IrfanView (remove only) --> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\iv_uninstall.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
JobTabs 2006 --> C:\Program Files\JobTabs\uninst.exe
JukeBox Database v2.01 (32-bit) --> C:\WINDOWS\ST4UNST.EXE -n "C:\Program Files\Jukebox32\ST4UNST.LOG"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Micrografx Windows Draw 6 LE --> C:\WINDOWS\MGXCLEAN.EXE DRAWOEM.APP FONTS.APP
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Real Alternative 1.46 --> "C:\Program Files\Real Alternative\unins000.exe"
Security Task Manager 1.6e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Security Task Manager"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Unreal Tournament Demo --> C:\TournamentDemo\System\Setup.exe uninstall "Unreal Tournament Demo"
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Related --> Rundll32.exe C:\WINDOWS\lbbho.dll,Uninst
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type50869 / Warning
Event Submitted/Written: 02/29/2008 03:42:24 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ICOMPUTETHINGS IP 128.226.200.31 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type50868 / Warning
Event Submitted/Written: 02/29/2008 03:42:23 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ICOMPUTETHINGS IP 128.226.200.31 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type50864 / Warning
Event Submitted/Written: 02/29/2008 03:30:33 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type50863 / Warning
Event Submitted/Written: 02/29/2008 03:25:53 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Blocked by behaviour blocking rule '_'.(from ICOMPUTETHINGS IP 128.226.200.31 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type50862 / Error
Event Submitted/Written: 02/29/2008 02:59:04 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The file C:\327882R2FWJFW\psexec.cfexe is infected with RemAdm-ProcLaunch!171 Remote Admin Tool. The file was successfully deleted.(from ICOMPUTETHINGS IP 128.226.200.31 user ICOMPUTETHINGS running VirusScan Enter 8.0 OAS)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type83035 / Error
Event Submitted/Written: 02/29/2008 03:42:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type83034 / Error
Event Submitted/Written: 02/29/2008 03:42:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type83033 / Error
Event Submitted/Written: 02/29/2008 03:41:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type83032 / Error
Event Submitted/Written: 02/29/2008 03:41:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type83031 / Error
Event Submitted/Written: 02/29/2008 03:41:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}



-- End of Deckard's System Scanner: finished at 2008-02-29 15:42:51 ------------

THANK YOU SO MUCH FOR THE QUICK RESPONSE!!!!!!
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Delete ComboFix.exe and the folder C:\ComboFix and C:\qoobox

Then do this

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#9
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Hi,

ComboFix.exe will still not work for me. When i double click it, either nothing will happen, OR a blue window will pop up with the letter "c" in the top left corner, but nothing runs, nor do i get any prompts.

as i mentioned before the pc also has stopped logging off and sometimes even shutting off. the only way i can turn if off is basically to turn of my power strip. please help.

P.S. I disabled TeaTimer.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

Advertisements


#11
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
in case the upload didn't work:


[code=auto:0]WinPFind35 logfile created on: 2/29/2008 6:18:27 PM
WinPFind35U Version 1.0.2.2 Folder = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 199.93 Mb Available Physical Memory | 39.13% Memory free
1.22 Gb Paging File | 0.79 Gb Available in Paging File | 64.97% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 9.29 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICOMPUTETHINGS
Current User Name: Ilya Shor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 4/7/2003 3:55:20 PM | Attr = ]
lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 4/7/2003 3:51:48 PM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 237623 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/8/2008 3:32:52 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 12:31:38 PM | Attr = R ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.3 | Size = 2040776 bytes | Modified Date = 9/13/2007 12:31:40 PM | Attr = R ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 0 | Size = 292152 bytes | Modified Date = 8/2/2007 11:59:37 AM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.2.3022 | Size = 221184 bytes | Modified Date = 1/21/2007 8:57:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 4/7/2003 3:55:20 PM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 3:15:00 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(ASPI32) ASPI32 [Kernel | System | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7/16/2003 3:27:04 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(dsNcAdpt) Juniper Network Connect Adapter [Kernel | On_Demand | Stopped] -> system32\DRIVERS\dsNcAdpt.sys -> File not found
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 3:56:26 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ]
(HPFECP13) HPFECP13 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPFecp13.sys -> [Ver = | Size = 52800 bytes | Modified Date = 7/30/1998 4:40:42 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 | Size = 207616 bytes | Modified Date = 8/26/2003 7:25:14 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 | Size = 1041152 bytes | Modified Date = 8/26/2003 7:22:34 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(Jukebox) Jukebox [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ctpdusb2.sys -> Creative Technology Ltd. [Ver = 1.00.05.00 | Size = 16816 bytes | Modified Date = 8/29/2003 4:00:00 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 3:48:08 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 8/17/2005 6:33:28 PM | Attr = ]
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ]
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.266 | Size = 58464 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 1271706 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ]
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 11:42:58 AM | Attr = ]
(oreans32) oreans32 [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\oreans32.sys -> [Ver = | Size = 33824 bytes | Modified Date = 3/2/2007 2:15:25 PM | Attr = ]
(P1110VID) Creative WebCam NX [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\P1110Vid.sys -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 90357 bytes | Modified Date = 5/13/2003 9:57:02 PM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PortTalk) PortTalk [Kernel | On_Demand | Stopped] -> System32\Drivers\PortTalk.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7/16/2003 3:42:18 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.28a | Size = 20640 bytes | Modified Date = 10/26/2005 3:12:48 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3600 | Size = 580992 bytes | Modified Date = 5/6/2003 12:14:34 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 0, 0, 0 | Size = 16640 bytes | Modified Date = 9/18/2006 10:54:48 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 built by: WinDDK | Size = 675840 bytes | Modified Date = 8/26/2003 7:24:06 PM | Attr = ]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.277 | Size = 8320 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
787e83cd -> %SystemRoot%\system32\cxssiyvx.DLL -> File not found
KernelFaultCheck -> -> File not found
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 0 | Size = 292152 bytes | Modified Date = 8/2/2007 11:59:37 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
< Run [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 10:28:14 AM | Attr = ]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup ->
< Ilya Shor.ICOMPUTETHINGS Startup Folder > -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup ->
< ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{ED120D76-BF31-412C-A99B-783C6676E128} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkkkhfd.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
jkkkhfd -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Search Page -> http://www.google.com ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Start Page -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
.[msn] -> My Computer ->
free_aol.com [http] -> Trusted sites ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
.[msn] -> My Computer ->
free_aol.com [http] -> Trusted sites ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{104AA49D-DC59-4017-AF1F-AB230CE25E8B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 8:55:32 AM | Attr = ]
{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{80251448-BB28-45E8-B655-DFB6FB940B08} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9795DAB4-EAEC-4BC1-A13C-515689B0CDD5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\jkhfc.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 321600 bytes | Modified Date = 2/25/2008 2:31:28 PM | Attr = ]
{E4C33052-78B6-44B2-A8AA-31DC1FE78759} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{EF8EFD1C-0BE3-4D13-957A-738643AFD590} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ]
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found
&Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found
&Yahoo! Search -> -> File not found
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found
Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\]

Attached Files


  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry about that, I missed your reply

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> KernelFaultCheck ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> ->
< Run [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> jkkkhfd ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {104AA49D-DC59-4017-AF1F-AB230CE25E8B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {80251448-BB28-45E8-B655-DFB6FB940B08} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E4C33052-78B6-44B2-A8AA-31DC1FE78759} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {EF8EFD1C-0BE3-4D13-957A-738643AFD590} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
YN -> WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
YN -> WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
YN -> CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm
YN -> &Yahoo! Search ->
YN -> Yahoo! &Dictionary ->
YN -> Yahoo! &Maps ->
YN -> Yahoo! &SMS ->
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
YN -> CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm
YN -> Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
YN -> CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm
YN -> Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
YN -> CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm
YN -> &Yahoo! Search ->
YN -> Yahoo! &Dictionary ->
YN -> Yahoo! &Maps ->
YN -> Yahoo! &SMS ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YY -> C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk -> %SystemDrive%\PROGRA~1\Dopewars\WiseUpdt.exe
[Files/Folders - Created Within 30 days]
YY -> 1 C:\*.tmp files -> C:\*.tmp
YY -> 22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 90 days]
YY -> 22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Then run DSS again and post the log
  • 0

#13
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Thank you for your help. I really appreciate it!!

WinPFind35u

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
File not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkhfd\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{104AA49D-DC59-4017-AF1F-AB230CE25E8B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{104AA49D-DC59-4017-AF1F-AB230CE25E8B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66DEBAF8-3C4D-4944-B5F5-A629709AB9C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80251448-BB28-45E8-B655-DFB6FB940B08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80251448-BB28-45E8-B655-DFB6FB940B08}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4C33052-78B6-44B2-A8AA-31DC1FE78759}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4C33052-78B6-44B2-A8AA-31DC1FE78759}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF8EFD1C-0BE3-4D13-957A-738643AFD590}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF8EFD1C-0BE3-4D13-957A-738643AFD590}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Yahoo! Search\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Dictionary\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Maps\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &SMS\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\&Yahoo! Search\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Dictionary\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Maps\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &SMS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk\ deleted successfully.
File C:\WINDOWS\pss\Check For Dope Wars Updates.lnk not found.
File C:\PROGRA~1\Dopewars\WiseUpdt.exe not found.
[Files/Folders - Created Within 30 days]
[Files/Folders - Modified Within 90 days]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\~DF7039.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\~DF97D7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Local Settings\Temp\~DFA983.tmp scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.2.2 fix logfile created on 03032008_180610


DDS

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Ilya Shor on 2008-03-03 18:23:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 8.26 GiB (less than 15%) free.


-- HijackThis (run as Ilya Shor.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:13 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\dss.exe
C:\DOCUME~1\ILYASH~1.ICO\Desktop\Ilya Shor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E1CE21FE-5C18-4796-8663-43E1F38876B9} - C:\WINDOWS\system32\jkhfc.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-1078081533-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verif.../CAT/CNICAT.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://bigflash.mic...ash/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://i.xanga.com/p...lie/header2.jpg

--
End of file - 6959 bytes

-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-03 10:55:07 90176 --a------ C:\WINDOWS\system32\cixssuev.dll
2008-03-03 10:55:04 86080 --a------ C:\WINDOWS\system32\wxurleij.dll
2008-03-02 11:00:37 89664 --a------ C:\WINDOWS\system32\mklooqme.dll
2008-03-02 10:57:32 84544 --a------ C:\WINDOWS\system32\bjvovggl.dll
2008-03-01 11:21:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-03-01 11:21:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:55:20 89664 --a------ C:\WINDOWS\system32\ufvnutro.dll
2008-02-29 23:45:01 0 d-------- C:\Media
2008-02-29 15:36:36 233631 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-27 22:33:19 0 d-------- C:\VundoFix Backups
2008-02-27 15:16:38 0 d-------- C:\Program Files\VideoLAN
2008-02-27 15:08:20 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-02-27 15:08:18 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-02-27 15:08:17 0 d-------- C:\Program Files\PDFCreator
2008-02-27 14:28:54 0 dr-h----- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Recent
2008-02-27 01:01:14 32 --a------ C:\WINDOWS\go
2008-02-26 01:10:42 0 d-------- C:\Program Files\USBDLM
2008-02-25 14:31:16 321600 -----n--- C:\WINDOWS\system32\jkhfc.dll
2008-02-24 16:02:14 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Juniper Networks
2008-02-24 13:53:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-22 02:40:25 0 d-------- C:\Program Files\Western Digital Technologies
2008-02-22 02:39:15 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2008-02-22 02:20:09 0 d-------- C:\New Folder
2008-02-22 01:51:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-21 08:05:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-03-03 17:54:19 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Skype
2008-03-02 14:09:36 0 d-------- C:\Program Files\DC++
2008-02-29 15:29:23 0 d-a------ C:\Program Files\Common Files
2008-02-27 16:58:30 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\vlc
2008-02-27 14:23:22 0 d-------- C:\Program Files\Ares Lite Edition
2008-02-27 01:59:04 120 --a------ C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AVSDVDPlayer.m3u
2008-02-25 18:22:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-23 01:39:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 08:01:16 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AdobeUM
2008-01-30 17:40:29 0 d-------- C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Adobe
2008-01-21 23:27:54 0 d-------- C:\Program Files\Camfrog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1CE21FE-5C18-4796-8663-43E1F38876B9}]
02/25/2008 02:31 PM 321600 --------- C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 07:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 12:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 02:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\jkkkhfd.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares Lite Edition\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"McAfeeFramework"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-03-03 18:23:51 ------------

p.s JKHFC.DLL just wont go away and im guessing thats the problem.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete ComboFix.exe and the folder C:\ComboFix then do this

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#15
drpepper23

drpepper23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
still cannot run combofix.exe

i get a blue screen, but no prompts.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP