Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Task manager disable by admin. [CLOSED]


  • This topic is locked This topic is locked

#1
jay012992

jay012992

    Member

  • Member
  • PipPip
  • 73 posts
Deckard's System Scanner v20071014.68
Run by Jason on 2008-05-25 18:15:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-05-25 22:16:57 UTC - RP84 - Deckard's System Scanner Restore Point
31: 2008-05-25 12:28:12 UTC - RP83 - Installed Dell Support Center.
30: 2008-05-24 07:25:10 UTC - RP82 - System Checkpoint
29: 2008-05-23 06:33:44 UTC - RP81 - System Checkpoint
28: 2008-05-22 02:22:21 UTC - RP80 - Installed Realtek AC'97 Audio


-- First Restore Point --
1: 2008-05-08 14:43:52 UTC - RP53 - Removed MostFun - Fashion Fits


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-25 18:23:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\WINDOWS\system32\igfxsrvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {07935349-A2E4-46A5-8A24-D1A37BC87CC2} - C:\WINDOWS\system32\iifcYpMg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CBFD3CD5-AD32-A7B2-1593-A78F06227AB4} - C:\WINDOWS\system32\xargf.dll (file missing)
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Jason\MYDOCU~1\ASEMBL~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Dream Day Wedding\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208650190140
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Natalie Brooks - Secrets of Treasure House\Images\armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O20 - Winlogon Notify: rqRJDusr - C:\WINDOWS\system32\rqRJDusr.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe


--
End of file - 5633 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
S3 TnIDriver - c:\docume~1\jason\locals~1\temp\tni66.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 10:51:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-25 08:32:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-25 08:29:57 0 d-------- C:\Program Files\Dell Support Center
2008-05-25 08:28:47 0 d-------- C:\Program Files\Common Files\supportsoft
2008-05-24 11:33:19 0 d-------- C:\Program Files\MostFun
2008-05-23 12:59:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-23 07:22:10 0 d-------- C:\Program Files\WildGames
2008-05-22 10:02:08 0 d-------- C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-05-22 10:02:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-05-21 22:22:00 4127488 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS <Not Verified; Realtek Semiconductor Corp.; Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)>
2008-05-21 22:18:40 10528768 --a------ C:\WINDOWS\system32\RTLCPL.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2008-05-21 22:18:37 577536 --a------ C:\WINDOWS\SOUNDMAN.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2008-05-21 22:18:36 147456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll <Not Verified; ; RtlCPAPI Module>
2008-05-21 13:49:37 0 d-------- C:\Documents and Settings\Jason\Application Data\Atari
2008-05-20 23:16:10 12288 --a------ C:\WINDOWS\system32\aplib.dll
2008-05-19 12:05:10 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-18 12:00:28 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-14 14:32:55 0 d-------- C:\Program Files\Trend Micro
2008-05-13 16:25:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-12 23:07:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 16:34:58 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-05-12 16:22:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-12 16:02:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-05-12 16:01:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 16:01:29 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-11 22:50:05 56832 -----n--- C:\WINDOWS\system32\iyvu9_32.dll
2008-05-11 22:50:04 756736 -----n--- C:\WINDOWS\system32\ir41_32.dll <Not Verified; Intel Corporation; Intel Indeo® Video Interactive 32-bit Driver>
2008-05-11 22:50:04 143872 -----n--- C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-05-11 18:25:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Sonic
2008-05-11 18:24:46 0 d-------- C:\Documents and Settings\Jason\Application Data\Leadertech
2008-05-08 14:59:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-05-08 00:06:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-08 00:06:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-08 00:06:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-08 00:06:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-07 23:37:35 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 23:01:22 2472 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-07 21:19:03 0 d-------- C:\WINDOWS\system32\vdTMP
2008-05-07 21:19:03 0 d-------- C:\WINDOWS\system32\hNF
2008-05-07 21:19:03 0 d-------- C:\WINDOWS\system32\2033b
2008-05-07 21:18:37 0 d-------- C:\WINDOWS\system32\bkEur01
2008-05-07 21:18:37 0 d-------- C:\Temp
2008-05-07 10:23:42 0 d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-07 10:23:08 0 d-------- C:\Program Files\Common Files\BOONTY Shared
2008-05-07 08:33:15 942756 --ahs---- C:\WINDOWS\system32\gMpYcfii.ini2
2008-05-07 00:56:39 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-06 17:55:34 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-05-05 20:58:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Total Eclipse
2008-05-05 20:58:07 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-05 18:01:54 0 d-------- C:\Program Files\PDM
2008-05-05 10:56:15 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-05 10:55:42 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-05-05 09:31:51 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-05 08:58:49 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2008-05-04 10:42:53 0 d-------- C:\Program Files\Dell Games
2008-05-03 09:29:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-02 14:02:32 0 d-------- C:\Documents and Settings\Owner\Application Data\iWinArcade
2008-05-02 12:41:39 0 d-------- C:\Program Files\MSN Games
2008-05-02 11:18:56 0 d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-05-01 14:59:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2008-05-01 14:58:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-05-01 10:58:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
2008-05-01 10:57:28 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-29 14:52:02 0 d-------- C:\Documents and Settings\Jason\Application Data\Media Player Classic
2008-04-29 12:18:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Valusoft
2008-04-29 00:53:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2008-04-27 19:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-27 19:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-27 19:32:29 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-27 19:30:14 0 d-------- C:\Program Files\Roxio
2008-04-27 19:30:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 19:23:38 0 d-------- C:\WINDOWS\system32\DLA
2008-04-27 17:45:12 0 d-------- C:\Documents and Settings\Jason\Application Data\WinRAR
2008-04-26 19:40:35 0 d---s---- C:\Documents and Settings\Jason\UserData
2008-04-26 19:19:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2008-04-26 19:19:14 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2008-04-26 19:19:02 0 d-------- C:\Documents and Settings\Jason\Tracing
2008-04-26 19:18:30 0 d-------- C:\WINDOWS\pss
2008-04-26 17:27:15 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-25 09:59:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia


-- Find3M Report ---------------------------------------------------------------

2008-05-25 08:28:47 0 d-------- C:\Program Files\Common Files
2008-05-21 22:22:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 18:29:46 3245 --a------ C:\WINDOWS\mozver.dat
2008-05-11 21:47:14 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-27 19:34:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 19:24:43 0 d-------- C:\Documents and Settings\Jason\Application Data\GTek
2008-04-25 22:20:52 0 d-------- C:\Program Files\Common Files\Labtec
2008-04-25 22:17:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 13:22:42 0 d-------- C:\Program Files\Windows Live
2008-04-24 01:19:48 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-04-24 01:19:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Identities
2008-04-23 03:02:13 0 d-------- C:\Program Files\MSXML 4.0
2008-04-22 15:02:58 0 --a------ C:\Program Files\temp01
2008-04-21 11:14:50 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-20 21:30:36 0 d-------- C:\Program Files\Yahoo!
2008-04-19 21:39:37 0 d-------- C:\Program Files\Messenger
2008-04-19 19:58:41 0 d-------- C:\Program Files\Modem Helper
2008-04-19 19:57:10 0 d-------- C:\Program Files\Digital Line Detect
2008-04-19 19:46:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-19 19:26:56 0 d-------- C:\Program Files\DellSupport
2008-04-19 19:08:28 0 d-------- C:\Program Files\Java
2008-04-19 19:08:18 0 d-------- C:\Program Files\Common Files\Java
2008-04-19 19:06:13 0 d-------- C:\Program Files\Analog Devices
2008-04-19 19:02:24 0 d-------- C:\Program Files\Intel
2008-04-19 18:55:58 0 d-------- C:\Program Files\microsoft frontpage
2008-04-19 18:55:28 0 -rahs---- C:\MSDOS.SYS
2008-04-19 18:55:28 0 -rahs---- C:\IO.SYS
2008-04-19 18:55:28 0 --a------ C:\CONFIG.SYS
2008-04-19 18:55:28 0 --a------ C:\AUTOEXEC.BAT
2008-04-19 18:53:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-19 18:53:46 0 d-------- C:\Program Files\Online Services
2008-04-19 18:53:02 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-19 18:52:54 0 d-------- C:\Program Files\Movie Maker
2008-04-19 18:52:30 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-19 18:51:31 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-19 18:51:23 0 d-------- C:\Program Files\Windows NT
2008-04-19 14:46:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-19 14:46:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-19 14:46:09 62 --ahs---- C:\Documents and Settings\Jason\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07935349-A2E4-46A5-8A24-D1A37BC87CC2}]
C:\WINDOWS\system32\iifcYpMg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFD3CD5-AD32-A7B2-1593-A78F06227AB4}]
C:\WINDOWS\system32\xargf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [11/07/2007 03:34 PM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 05:46 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []
"Sen"="C:\DOCUME~1\Jason\MYDOCU~1\ASEMBL~1\tracert.exe" []
"WinUpdater"="C:\Program Files\winvi\update.exe" []
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/19/2008 7:57:10 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDusr]
rqRJDusr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifcYpMg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-05-25 18:28:12 ------------











Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 90%
Physical Memory (total/avail): 253.98 MiB / 22.95 MiB
Pagefile Memory (total/avail): 1008.47 MiB / 469.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.6 MiB

C: is Fixed (NTFS) - 34.21 GiB total, 23.56 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75JHC0 - 37.25 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 34.21 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.10.1079 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Jason
USERPROFILE=C:\Documents and Settings\Jason
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Jason (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Dell Games\Agatha Christie - Death on the Nile\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dancing with the Stars\Uninstall.exe"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MostFun - Fashion Fits --> MsiExec.exe /X{B95469DD-333A-40AB-BB89-CC7A32BD809C}
MostFun - Wedding Dash --> MsiExec.exe /X{9909075E-F1E2-4EF4-88C4-456986ECB8D0}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Windows Live Messenger --> MsiExec.exe /X{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1775 / Error
Event Submitted/Written: 05/25/2008 10:30:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application dsc.exe, version 7.0.560.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1773 / Error
Event Submitted/Written: 05/25/2008 03:19:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1768 / Success
Event Submitted/Written: 05/25/2008 00:28:34 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1753 / Success
Event Submitted/Written: 05/24/2008 08:50:06 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1744 / Error
Event Submitted/Written: 05/24/2008 10:28:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5991 / Warning
Event Submitted/Written: 05/25/2008 02:01:35 PM / 05/25/2008 02:01:36 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5932 / Warning
Event Submitted/Written: 05/24/2008 09:00:44 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5900 / Warning
Event Submitted/Written: 05/23/2008 11:25:51 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5889 / Warning
Event Submitted/Written: 05/23/2008 06:23:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5859 / Warning
Event Submitted/Written: 05/22/2008 06:44:42 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-05-25 18:28:12 ------------
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. I'm looking at your log now and currently consulting the experts regarding your malware problem.. I'll be back as soon as possible.. Thank you for your patience and understanding..

Regards
fenzodahl512
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Please post the following logs in your next reply..

1. SDFix log
2. ComboFix log
3. A fresh HijackThis log (after ComboFix log)


Regards
fenzodahl512
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP