Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

taskmgr disabled & trojandownloader.xs

Started by fluffy0123 , Mar 11 2008 10:43 AM

  • Please log in to reply

#1
fluffy0123
Posted 11 March 2008 - 10:43 AM

fluffy0123

    New Member

  • Member
  • Pip
  • 2 posts
Please, help me fix this problem with popups and trojandownloader.xs and even my taskmgr is not working either. Tried to get onto the internet and that too has been hijacked. Your help is appreciated and looking forward to a reply soon.
I would like to say you guys are great and thank god for people like you :)

Here is my smithfraud log:

SmitFraudFix v2.301

Scan done at 5:31:32.01, Tue 03/11/2008
Run from C:\Documents and Settings\AnnaRoy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\764.exe FOUND !
C:\WINDOWS\7search.dll FOUND !
C:\WINDOWS\absolute key logger.lnk FOUND !
C:\WINDOWS\aconti.exe FOUND !
C:\WINDOWS\aconti.ini FOUND !
C:\WINDOWS\aconti.log FOUND !
C:\WINDOWS\aconti.sdb FOUND !
C:\WINDOWS\acontidialer.txt FOUND !
C:\WINDOWS\adbar.dll FOUND !
C:\WINDOWS\cbinst$.exe FOUND !
C:\WINDOWS\daxtime.dll FOUND !
C:\WINDOWS\default.htm FOUND !
C:\WINDOWS\dp0.dll FOUND !
C:\WINDOWS\eventlowg.dll FOUND !
C:\WINDOWS\fhfmm-Uninstaller.exe FOUND !
C:\WINDOWS\fhfmm.exe FOUND !
C:\WINDOWS\flt.dll FOUND !
C:\WINDOWS\hcwprn.exe FOUND !
C:\WINDOWS\hotporn.exe FOUND !
C:\WINDOWS\iexplorr23.dll FOUND !
C:\WINDOWS\ie_32.exe FOUND !
C:\WINDOWS\jd2002.dll FOUND !
C:\WINDOWS\kkcomp$.exe FOUND !
C:\WINDOWS\kkcomp.dll FOUND !
C:\WINDOWS\kkcomp.exe FOUND !
C:\WINDOWS\kvnab$.exe FOUND !
C:\WINDOWS\kvnab.dll FOUND !
C:\WINDOWS\kvnab.exe FOUND !
C:\WINDOWS\liqad$.exe FOUND !
C:\WINDOWS\liqad.dll FOUND !
C:\WINDOWS\liqad.exe FOUND !
C:\WINDOWS\liqui-Uninstaller.exe FOUND !
C:\WINDOWS\liqui.dll FOUND !
C:\WINDOWS\liqui.exe FOUND !
C:\WINDOWS\ngd.dll FOUND !
C:\WINDOWS\pbar.dll FOUND !
C:\WINDOWS\pbsysie.dll FOUND !
C:\WINDOWS\settn.dll FOUND !
C:\WINDOWS\spredirect.dll FOUND !
C:\WINDOWS\vxddsk.exe FOUND !
C:\WINDOWS\wbeCheck.exe FOUND !
C:\WINDOWS\wbeInst$.exe FOUND !
C:\WINDOWS\wml.exe FOUND !
C:\WINDOWS\xadbrk.dll FOUND !
C:\WINDOWS\xadbrk.exe FOUND !
C:\WINDOWS\xadbrk_.exe FOUND !
C:\WINDOWS\xxxvideo.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\acespy\ FOUND !
C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\ESHOPEE.exe FOUND !
C:\WINDOWS\system32\mgmrwmrv.exe FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !
C:\WINDOWS\system32\vxddsk.exe FOUND !
C:\WINDOWS\system32\winfrun32.bin FOUND !
C:\WINDOWS\system32\wml.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AnnaRoy\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\3721\ FOUND !
C:\Program Files\Accoona\ FOUND !
C:\Program Files\akl\ FOUND !
C:\Program Files\amsys\ FOUND !
C:\Program Files\e-zshopper\ FOUND !
C:\Program Files\Helper\ FOUND !
C:\Program Files\p2pnetworks\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}"="hemoglobinometries"

[HKEY_CLASSES_ROOT\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 24.25.227.55
DNS Server Search Order: 24.25.227.56
DNS Server Search Order: 66.75.160.63

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Here is my Deckard system scanner log:

Deckard's System Scanner v20071014.68
Run by AnnaRoy on 2008-03-11 05:42:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-03-11 15:42:46 UTC - RP147 - Deckard's System Scanner Restore Point
57: 2008-03-08 09:07:45 UTC - RP146 - Last known good configuration
56: 2008-03-08 09:07:25 UTC - RP145 - System Checkpoint
55: 2008-03-08 09:07:25 UTC - RP144 - System Checkpoint
54: 2008-03-08 09:07:25 UTC - RP143 - System Checkpoint


-- First Restore Point --
1: 2008-03-08 09:07:11 UTC - RP90 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-11 05:47:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\AnnaRoy\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {08A3084E-E8C8-4DE1-9FB4-48179982C8DE} - C:\WINDOWS\system32\khfcabc.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D4AC3A2F-EA82-4C95-8797-EF88493C5207} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7062] command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5385] cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: khfcabc - C:\WINDOWS\system32\khfcabc.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - (no file)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe


--
End of file - 12381 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>

S1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 05:32:46 878 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 05:30:39 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-11 05:30:38 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-11 05:30:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-11 05:30:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-11 05:30:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 05:30:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-11 05:30:26 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-11 05:04:18 16640 --a------ C:\WINDOWS\kvnab.dll
2008-03-11 05:04:17 23808 --a------ C:\WINDOWS\kvnab.exe
2008-03-11 05:04:15 12032 --a------ C:\WINDOWS\settn.dll
2008-03-11 05:04:15 15360 --a------ C:\WINDOWS\kvnab$.exe
2008-03-11 05:04:14 31232 --a------ C:\WINDOWS\hcwprn.exe
2008-03-11 05:04:11 20480 --a------ C:\WINDOWS\pbsysie.dll
2008-03-11 05:04:09 19200 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-11 05:04:09 17152 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-11 05:04:01 12544 --a------ C:\WINDOWS\system32\wml.exe
2008-03-11 05:04:01 0 d-------- C:\Program Files\Accoona
2008-03-11 05:04:00 21760 --a------ C:\WINDOWS\7search.dll
2008-03-11 04:17:43 17664 --a------ C:\WINDOWS\adbar.dll
2008-03-11 04:17:39 23552 --a------ C:\WINDOWS\aconti.exe
2008-03-11 04:17:37 17408 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-11 04:17:32 32000 --a------ C:\WINDOWS\764.exe
2008-03-11 04:15:28 30720 --a------ C:\WINDOWS\hotporn.exe
2008-03-10 23:35:06 0 d-------- C:\Program Files\e-zshopper
2008-03-10 23:34:56 0 d-------- C:\Program Files\3721
2008-03-10 22:17:47 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-10 21:33:45 0 d-------- C:\Program Files\amsys
2008-03-10 21:21:48 14080 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-10 21:21:45 16384 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-10 21:21:37 12544 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-10 21:21:30 24320 --a------ C:\WINDOWS\pbar.dll
2008-03-10 07:45:38 37376 --a------ C:\WINDOWS\mrofinu72.exe
2008-03-08 18:34:38 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Macromedia
2008-03-08 18:33:44 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Google
2008-03-08 18:30:53 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Identities
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\SendTo
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Recent
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\PrintHood
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\NetHood
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\My Documents
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\Local Settings
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\Favorites
2008-03-08 18:29:43 0 d-------- C:\Documents and Settings\royce.FINONA\Desktop
2008-03-08 18:29:43 0 d--hs---- C:\Documents and Settings\royce.FINONA\Cookies
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Application Data
2008-03-08 18:29:43 0 d---s---- C:\Documents and Settings\royce.FINONA\Application Data\Microsoft
2008-03-08 18:29:42 0 d--h----- C:\Documents and Settings\royce.FINONA\Templates
2008-03-08 18:29:42 0 dr------- C:\Documents and Settings\royce.FINONA\Start Menu
2008-03-08 18:29:42 2097152 --ah----- C:\Documents and Settings\royce.FINONA\NTUSER.DAT
2008-03-07 23:19:29 16640 --a------ C:\WINDOWS\eventlowg.dll
2008-03-07 23:19:29 12288 --a------ C:\WINDOWS\daxtime.dll
2008-03-07 23:19:28 22272 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-07 23:19:28 25344 --a------ C:\WINDOWS\liqui.dll
2008-03-07 23:19:27 18176 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-07 23:19:27 13312 --a------ C:\WINDOWS\liqui.exe
2008-03-07 23:19:27 24576 --a------ C:\WINDOWS\fhfmm.exe
2008-03-07 23:19:26 29184 --a------ C:\WINDOWS\xadbrk.dll
2008-03-07 23:19:26 25600 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-07 23:19:25 27392 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-07 23:19:25 9472 --a------ C:\WINDOWS\xadbrk.exe
2008-03-07 23:19:24 25088 --a------ C:\WINDOWS\kkcomp.dll
2008-03-07 23:19:23 25088 --a------ C:\WINDOWS\liqad.dll
2008-03-07 23:19:23 9984 --a------ C:\WINDOWS\kkcomp.exe
2008-03-07 23:19:23 16640 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-07 23:19:22 15104 --a------ C:\WINDOWS\liqad.exe
2008-03-07 23:19:22 22784 --a------ C:\WINDOWS\liqad$.exe
2008-03-07 23:19:19 20992 --a------ C:\WINDOWS\cbinst$.exe
2008-03-07 23:19:15 30976 --a------ C:\WINDOWS\jd2002.dll
2008-03-07 23:19:04 28416 --a------ C:\WINDOWS\spredirect.dll
2008-03-07 23:19:03 20224 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-07 23:18:56 32512 --a------ C:\WINDOWS\ie_32.exe
2008-03-07 23:18:54 0 d-------- C:\WINDOWS\system32\acespy
2008-03-07 23:18:53 18688 --a------ C:\WINDOWS\ngd.dll
2008-03-07 23:18:52 22272 --a------ C:\WINDOWS\dp0.dll
2008-03-07 23:18:51 0 d-------- C:\Program Files\p2pnetworks
2008-03-07 23:18:46 0 d-------- C:\Program Files\akl
2008-03-07 23:18:45 30208 --a------ C:\WINDOWS\vxddsk.exe
2008-03-07 23:18:43 8192 --a------ C:\WINDOWS\wml.exe
2008-03-07 23:18:42 29952 --a------ C:\WINDOWS\flt.dll
2008-03-07 23:06:53 145021 --ahs---- C:\WINDOWS\system32\klnmp.ini2
2008-03-07 23:03:18 26112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-03-07 23:03:08 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-07 23:03:02 0 d-------- C:\WINDOWS\?racle
2008-03-07 23:02:51 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-07 23:02:40 0 d-------- C:\Program Files\webHancer
2008-03-07 23:02:25 0 d-------- C:\Program Files\QdrPack
2008-03-07 23:01:14 37376 --a------ C:\WINDOWS\system32\khfcabc.dll
2008-02-17 17:35:33 0 d-------- C:\Documents and Settings\AnnaRoy\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2008-03-11 04:11:13 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\Identities
2008-03-10 21:20:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-10 19:52:14 0 d-------- C:\Program Files\Common Files
2008-03-07 23:00:58 2404 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-11 19:46:03 0 d-------- C:\Program Files\Helper
2008-02-10 23:30:30 6442 --a------ C:\WINDOWS\unins000.dat
2008-02-10 23:15:10 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 22:43:06 0 d-------- C:\Program Files\Canon
2008-02-06 23:22:53 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\ScanSoft
2008-02-06 23:22:07 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-06 23:21:20 0 d-------- C:\Program Files\ScanSoft
2008-02-06 23:19:38 0 d-------- C:\Program Files\ArcSoft
2008-02-06 23:19:37 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}]
03/07/2008 11:01 PM 37376 --a------ C:\WINDOWS\system32\khfcabc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4AC3A2F-EA82-4C95-8797-EF88493C5207}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
03/07/2008 11:03 PM 26112 --a------ C:\WINDOWS\system32\marwin32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 03:07 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB7062"=command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
"SpybotDeletingD5385"=cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]
"{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}"= C:\WINDOWS\system32\khfcabc.dll [03/07/2008 11:01 PM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcabc]
khfcabc.dll 03/07/2008 11:01 PM 37376 C:\WINDOWS\system32\khfcabc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlk.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Msetup4.exe

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-03-11 05:54:11 ------------

Decard extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 255.53 MiB / 38.78 MiB
Pagefile Memory (total/avail): 704.18 MiB / 455.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.53 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 19.58 GiB free.
D: is Fixed (NTFS) - 26.6 GiB total, 5.35 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 26.6 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AnnaRoy\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FINONA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AnnaRoy
LOGONSERVER=\\FINONA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AnnaRoy\LOCALS~1\Temp
TMP=C:\DOCUME~1\AnnaRoy\LOCALS~1\Temp
USERDOMAIN=FINONA
USERNAME=AnnaRoy
USERPROFILE=C:\Documents and Settings\AnnaRoy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

AnnaRoy (admin)
royce.FINONA (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ADI® SoundMAX® Integrated Digital Audio Driver for Microsoft® Windows® XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{485EC31F-0446-11D6-B60A-08004609B39F}\Setup.exe" -l0x9
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Diskeeper Professional Premier Edition --> MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DVD Region+CSS Free 5.9.5.2 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment, SE v1.4.1_07 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
LimeWire PRO 4.10.5 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2276 / Error
Event Submitted/Written: 03/11/2008 05:30:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2275 / Error
Event Submitted/Written: 03/11/2008 05:30:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2274 / Error
Event Submitted/Written: 03/11/2008 05:30:35 AM / 03/11/2008 05:30:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2273 / Error
Event Submitted/Written: 03/11/2008 05:30:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2272 / Error
Event Submitted/Written: 03/11/2008 05:30:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6541 / Error
Event Submitted/Written: 03/10/2008 11:00:49 PM / 03/10/2008 11:00:50 PM
Event ID/Source: 55 / Ntfs
Event Description:
The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Event Record #/Type6536 / Error
Event Submitted/Written: 03/10/2008 07:46:16 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type6530 / Warning
Event Submitted/Written: 03/10/2008 07:35:38 PM / 03/10/2008 07:35:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6512 / Error
Event Submitted/Written: 03/10/2008 07:27:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
DMICall

Event Record #/Type6488 / Error
Event Submitted/Written: 03/08/2008 06:30:09 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
DMICall



-- End of Deckard's System Scanner: finished at 2008-03-11 05:54:11 ------------

Here is my combofix log:

Start Time= Tue 03/11/2008 3:58:51.04

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-03-11 02:45:18 28416 ( A.... ) "C:\WINDOWS\7search.dll"
2008-03-10 23:35:08 ( .D... ) "C:\Program Files\e-zshopper"
2008-03-10 23:35:04 ( .D... ) "C:\Program Files\Accoona"
2008-03-10 23:34:58 ( .D... ) "C:\Program Files\3721"
2008-03-10 23:24:54 21504 ( A.... ) "C:\WINDOWS\764.exe"
2008-03-10 23:22:52 14336 ( A.... ) "C:\WINDOWS\aconti.exe"
2008-03-10 21:43:54 25344 ( A.... ) "C:\WINDOWS\settn.dll"
2008-03-10 21:43:54 19712 ( A.... ) "C:\WINDOWS\kvnab.exe"
2008-03-10 21:43:54 11008 ( A.... ) "C:\WINDOWS\kvnab$.exe"
2008-03-10 21:43:50 24576 ( A.... ) "C:\WINDOWS\hcwprn.exe"
2008-03-10 21:43:48 25600 ( A.... ) "C:\WINDOWS\pbsysie.dll"
2008-03-10 21:43:44 23040 ( A.... ) "C:\WINDOWS\wbeInst$.exe"
2008-03-10 21:43:44 14592 ( A.... ) "C:\WINDOWS\wbeCheck.exe"
2008-03-10 21:43:40 16896 ( A.... ) "C:\WINDOWS\hotporn.exe"
2008-03-10 21:41:44 12544 ( A.... ) "C:\WINDOWS\kvnab.dll"
2008-03-10 21:33:46 ( .D... ) "C:\Program Files\amsys"
2008-03-10 21:21:50 14080 ( A.... ) "C:\WINDOWS\iexplorr23.dll"
2008-03-10 21:21:46 16384 ( A.... ) "C:\WINDOWS\system32\ace16win.dll"
2008-03-10 21:21:38 22016 ( A.... ) "C:\WINDOWS\system32\wml.exe"
2008-03-10 21:21
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP