Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

losing connection to all web locations [RESOLVED]


  • This topic is locked This topic is locked

#1
Seaker

Seaker

    New Member

  • Member
  • Pip
  • 9 posts
fire fox and IE and any game that uses web links (( secondlife )) will not remain connected after about 3 to 7 min
I have tried reseting the router both hot and cold resets.
I cant not get a connection even if I use the repair connection option from networks
I can ping the other computer from both computers
second computer on home network of 2 computers can maintain all connections web and otherwise..

ATF Cleaner - done
System Restore - no valid points available out of 3 months keeping points
Malwarebytes' Anti-Malware -- done - 3 items fond and removed -- problem still persists
SUPERAntiSpyware Home Edition -- ran and running 12 items removed -- problem still persists
Online - Panda Activescan.-- can not compleat requires active web connection and I cant use any web location after 3 - 7 min
Windows Update - Homepage - Download SP1a --- I am SP2 :)
Step Four: Reboot - Test --- it is the only way to get connection for 3-7 min

Step Five: Posting a Hijack This Log
Hijack This - Downloaded and log to Follow


Thank you in Advance for all your help
awaiting further instructions ..

********************************************************************************
************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:25 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\hemiwpu.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] hemiwpu.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [Microsoft Update Machine] hemiwpu.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] hemiwpu.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137399981718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212403098390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12186 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello Seaker, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please post the following logs in your next reply.. Please post each log in separate post..

1. SDFix
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#3
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello Seaker, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



SDFix: Version 1.189
Run by Owner on Sat 06/07/2008 at 04:07 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Owner\Local Settings\Temp\28555f79-c77c-c7c3-677b-06fdb7fbf60e.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\29e62c17-4c34-4aed-7aba-3953b234c1ef.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\3dc59356-e71e-f092-e673-e2a7c5771384.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\6b947bb8-466a-00e3-9164-4bed5e2c9d09.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\8daa14a6-4c9e-320c-d880-45454b1c4bc0.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\a7763650-4ab8-9150-b907-61c4c26a3404.tmp.exe - Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\d0316fc6-75d8-a82e-6a5f-0f04a44aadf0.tmp.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:12:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,c8,96,f9,cf,ea,ab,2d,07,70,3a,d6,39,f8,aa,1f,17,a0,..
"hj34z0"=hex:28,b8,3f,39,cf,66,c0,4d,97,f6,08,63,34,26,5f,a0,0c,dd,44,93,f2,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}]
"ialgdmkhpnakkakmbp"=hex:6a,61,70,65,62,6b,65,64,67,69,6d,66,67,63,68,63,65,65,67,64,00,..
"hafkbcikgfledinb"=hex:69,61,6b,65,62,65,69,62,61,6b,67,6b,66,68,62,6a,61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SecondLifeADITI\\SLVoice.exe"="C:\\Program Files\\SecondLifeADITI\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\SecondLifeADITI\\SLVoiceAgent.exe"="C:\\Program Files\\SecondLifeADITI\\SLVoiceAgent.exe:*:Enabled:SLVoiceAgent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Xlight\\xlight.exe"="C:\\Program Files\\Xlight\\xlight.exe:*:Enabled:xlight"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Golden FTP Server Pro\\GFTPpro.exe"="C:\\Program Files\\Golden FTP Server Pro\\GFTPpro.exe:*:Enabled:Easy to use FTP server for Windows."
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoice.exe"="C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoiceAgent.exe"="C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoiceAgent.exe:*:Enabled:SLVoiceAgent"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\coolpro2\\coolpro2.exe"="C:\\Program Files\\coolpro2\\coolpro2.exe:*:Disabled:Cool Edit Pro"
"C:\\Program Files\\NWPS\\NetScanTools Pro\\NSTPRO.exe"="C:\\Program Files\\NWPS\\NetScanTools Pro\\NSTPRO.exe:*:Enabled:NetScanTools Pro 2000 Release 2 SP 1"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\WINDOWS\\system32\\hemiwpu.exe"="C:\\WINDOWS\\system32\\hemiwpu.exe:*:Disabled:hemiwpu"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:潡orrent"
"C:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"="C:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe"="C:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe:*:Enabled:Second Life"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 6 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll"
Fri 11 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT3.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT3.tmp"
Tue 24 May 2005 4,348 A..H. --- "C:\Documents and Settings\Owner\My Documents\Transfered from old system\old My docks\My Music\License Backup\drmv1key.bak"
Sat 24 Sep 2005 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\Transfered from old system\old My docks\My Music\License Backup\drmv1lic.bak"
Wed 25 May 2005 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\Transfered from old system\old My docks\My Music\License Backup\drmv2key.bak"

Finished!
  • 0

#4
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello Seaker, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please post the following logs in your next reply.. Please post each log in separate post..

1. SDFix
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512


***************************************************************
this is the main.txt
***************************************************************

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-07 16:26:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-06-07 20:27:01 UTC - RP445 - Deckard's System Scanner Restore Point
92: 2008-06-07 04:24:24 UTC - RP444 - System Checkpoint
91: 2008-06-06 03:44:46 UTC - RP443 - System Checkpoint
90: 2008-06-04 22:35:18 UTC - RP442 - System Checkpoint
89: 2008-06-02 22:30:12 UTC - RP441 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-03-10 05:37:04 UTC - RP353 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:33 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137399981718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212403098390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11831 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 mam4410u - c:\windows\system32\drivers\mam4410u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 16:05:21 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 19:11:29 0 d-------- C:\Program Files\Panda Security
2008-06-03 07:37:07 0 d-------- C:\Program Files\Trend Micro
2008-06-02 18:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-02 18:30:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 18:30:13 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 18:27:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-02 18:27:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 18:27:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 18:27:13 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 12:42:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-02 12:41:55 0 d-------- C:\Program Files\Common Files\iS3
2008-06-02 12:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-02 07:45:05 0 d-------- C:\Program Files\Safer Networking
2008-06-02 06:48:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-02 06:42:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-02 06:42:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 20:19:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-01 20:18:03 0 d-------- C:\WINDOWS\CSC
2008-06-01 16:44:10 0 d-------- C:\Program Files\SecondLifeReleaseCandidate
2008-05-28 08:50:08 0 d-------- C:\Program Files\Agent
2008-05-27 18:14:46 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-05-27 18:14:30 0 d-------- C:\Program Files\NCH Software
2008-05-27 18:09:30 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-23 19:59:20 0 d-------- C:\Program Files\Freecorder
2008-05-23 19:59:20 0 d-------- C:\Program Files\Conduit
2008-05-23 19:59:16 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-05-23 19:59:16 0 d-------- C:\Program Files\Freecorder Toolbar
2008-05-23 00:41:58 0 d-------- C:\temp
2008-05-23 00:39:59 0 d-------- C:\Program Files\Microsoft Research
2008-05-23 00:37:10 0 d-------- C:\Program Files\Adobe Media Player
2008-05-23 00:37:08 0 d-------- C:\Program Files\Common Files\Adobe AIR


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files
2008-06-02 06:48:43 0 d-------- C:\Program Files\BitComet
2008-06-02 06:48:43 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
2008-06-01 14:51:04 0 d-------- C:\Program Files\Setup
2008-05-28 11:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-28 11:03:45 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-28 08:53:23 0 d-------- C:\Program Files\eMule
2008-05-27 18:39:56 0 d-------- C:\Program Files\Winamp
2008-05-27 18:14:45 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-23 00:37:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-12 23:41:50 0 d-------- C:\Program Files\DivX
2008-05-03 15:02:03 0 d-------- C:\Program Files\Ultra Fractal 4
2008-05-03 15:02:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Ultra Fractal 4
2008-05-03 14:58:23 0 d-------- C:\Program Files\Apophysis 2.0
2008-04-24 14:15:24 0 d-------- C:\Program Files\iTunes
2008-04-24 14:15:15 0 d-------- C:\Program Files\iPod
2008-04-24 14:14:37 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-19 13:44:49 0 d-------- C:\Program Files\GLIntercept0_5
2008-04-13 21:56:58 0 d-------- C:\Program Files\TURIA SYSTEM
2008-04-13 00:30:57 2548 --a------ C:\WINDOWS\unins000.dat
2008-04-13 00:29:59 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-10 09:10:04 0 d-------- C:\Program Files\Key Transformation
2008-04-10 08:44:43 2 --a------ C:\Documents and Settings\Owner\Application Data\keyboardlayout.bmp
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 05:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [07/26/2005 05:52 PM]
"phc700"="C:\WINDOWS\vphc700.exe" [10/16/2006 10:18 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 09:01 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 10:34 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 08:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 07:08 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Camio Viewer.lnk - C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe [2/11/2002 2:59:44 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/17/2007 4:45:10 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [5/11/2007 10:54:33 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe [8/27/2007 9:36:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/03/2008 07:08 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/03/2008 07:08 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-06-07 16:28:33 ------------
  • 0

#5
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Processor model unknown
CPU 1: AMD Processor model unknown
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2046.42 MiB / 1507.57 MiB
Pagefile Memory (total/avail): 4964.96 MiB / 4515.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.13 MiB

C: is Fixed (NTFS) - 372.6 GiB total, 296.99 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD2500AAKS-00SBA0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 2.01 GiB
\PARTITION1 - Unknown - 230.88 GiB

\\.\PHYSICALDRIVE0 - WDC WD4000AAKS-00TMA0 - 372.61 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 372.6 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
AV: avast! antivirus 4.8.1201 [VPS 080607-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SecondLifeADITI\\SLVoice.exe"="C:\\Program Files\\SecondLifeADITI\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\SecondLifeADITI\\SLVoiceAgent.exe"="C:\\Program Files\\SecondLifeADITI\\SLVoiceAgent.exe:*:Enabled:SLVoiceAgent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Xlight\\xlight.exe"="C:\\Program Files\\Xlight\\xlight.exe:*:Enabled:xlight"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Golden FTP Server Pro\\GFTPpro.exe"="C:\\Program Files\\Golden FTP Server Pro\\GFTPpro.exe:*:Enabled:Easy to use FTP server for Windows."
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoice.exe"="C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoiceAgent.exe"="C:\\Program Files\\SecondLifeVoiceFirstLook\\SLVoiceAgent.exe:*:Enabled:SLVoiceAgent"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\coolpro2\\coolpro2.exe"="C:\\Program Files\\coolpro2\\coolpro2.exe:*:Disabled:Cool Edit Pro"
"C:\\Program Files\\NWPS\\NetScanTools Pro\\NSTPRO.exe"="C:\\Program Files\\NWPS\\NetScanTools Pro\\NSTPRO.exe:*:Enabled:NetScanTools Pro 2000 Release 2 SP 1"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\WINDOWS\\system32\\hemiwpu.exe"="C:\\WINDOWS\\system32\\hemiwpu.exe:*:Disabled:hemiwpu"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:猥orrent"
"C:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"="C:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe"="C:\\Program Files\\SecondLifeReleaseCandidate\\SecondLifeReleaseCandidate.exe:*:Enabled:Second Life"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DKR-CROSSHAIR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DKR-CROSSHAIR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime Alternative\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DKR-CROSSHAIR
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apophysis 2.0 --> "C:\Program Files\Apophysis 2.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Debugging Tools for Windows --> MsiExec.exe /I{F3ECED46-91CC-4F44-9917-9A20085D5D26}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DownloadHelper Windows Care 2.6.0 --> "C:\Program Files\IObit\DownloadHelper Windows Care\unins000.exe"
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Filter Forge 1.011 --> "C:\Program Files\Filter Forge\unins000.exe"
Fort Free Agent --> C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG "Uninstall Fort Free Agent"
Freecorder Toolbar 3.01 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
GLIntercept 0.5 --> "C:\Program Files\GLIntercept0_5\unins000.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KeyTrans (remove only) --> "C:\Program Files\Key Transformation\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft WorldWide Telescope --> MsiExec.exe /I{A5C16084-032F-4A6D-B19A-2E700421F9FB}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SecondLifeReleaseCandidate (remove only) --> "C:\Program Files\SecondLifeReleaseCandidate\uninst.exe" /P="SecondLifeReleaseCandidate"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Ultra Fractal 4.04 --> C:\Program Files\Ultra Fractal 4\Uninst.exe
VisualRoute 2008 --> "C:\Program Files\VisualRoute 2008\Uninstall.exe" "C:\Program Files\VisualRoute 2008"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! 工具列 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type2418 / Error
Event Submitted/Written: 06/07/2008 04:27:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2417 / Error
Event Submitted/Written: 06/07/2008 04:27:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type2379 / Warning
Event Submitted/Written: 06/06/2008 07:38:59 AM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Event Record #/Type2376 / Error
Event Submitted/Written: 06/06/2008 07:35:41 AM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.micro...s/q312/5/00.asp

Event Record #/Type2354 / Error
Event Submitted/Written: 06/05/2008 00:21:37 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> apache.exe: could not open document config file C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/conf/httpd.conf .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13752 / Error
Event Submitted/Written: 06/07/2008 04:27:58 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type13751 / Error
Event Submitted/Written: 06/07/2008 04:18:51 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000b8, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Event Record #/Type13750 / Error
Event Submitted/Written: 06/07/2008 04:18:50 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000000a, parameter1 80a00084, parameter2 0000001c, parameter3 00000001, parameter4 805021b6.

Event Record #/Type13749 / Error
Event Submitted/Written: 06/07/2008 04:18:50 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000b8, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Event Record #/Type13748 / Error
Event Submitted/Written: 06/07/2008 04:18:49 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 00000001, parameter3 bacdbf4c, parameter4 00000000.



-- End of Deckard's System Scanner: finished at 2008-06-07 16:28:33 ------------



I can at this time now access web pages from this computer ...... thank you :)

awaiting next set of instructions ........

Edited by Seaker, 07 June 2008 - 02:49 PM.

  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great!.. Now lets do the following..

Please go to Start >> Run >> Copy/Paste below command >> Press Enter

REG export "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}" C:\export.txt

Please find C:\export.txt file and post its content here..




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.



Please post the following in your next reply

1. C:\export.txt
2. GMER result


Regards
fenzodahl512
  • 0

#7
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Great!.. Now lets do the following..

Please go to Start >> Run >> Copy/Paste below command >> Press Enter

REG export "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}" C:\export.txt

Please find C:\export.txt file and post its content here..




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.



Please post the following in your next reply

1. C:\export.txt
2. GMER result


Regards
fenzodahl512


1. C:\export.txt ---- Error occurred pasted results here
**************************************************
C:\>REG export "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shel
l Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}" C:\export.txt

Error: The system was unable to find the specified registry key or value

C:\>



**************************************************
2. GMER result
**************************************************
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-08 07:16:42
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA342C588]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA342C444]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xBA782A20]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA342C922]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA342C01C]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA7832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA78E910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA342C51E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA342BF5C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA342BFC0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xBA7832C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA342C63E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA342C5FE]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xBA78E0B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA342C77E]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA34DDF20]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1924] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89D24318

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Cdrom \Device\CdRom0 898AD1D8
Device \FileSystem\Rdbss \Device\FsWrap 8978CCD0
Device \Driver\Cdrom \Device\CdRom1 898AD1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 898AD4E8
Device \Driver\atapi \Device\Ide\IdePort0 898AD4E8
Device \Driver\atapi \Device\Ide\IdePort1 898AD4E8
Device \FileSystem\Srv \Device\LanmanServer 88C45E28

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89819960
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89819960
Device \FileSystem\Npfs \Device\NamedPipe 898C84C8
Device \FileSystem\Msfs \Device\Mailslot 898C2878
Device \Driver\d347prt \Device\Scsi\d347prt1Port6Path0Target0Lun0 89897008
Device \Driver\d347prt \Device\Scsi\d347prt1 89897008
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 898050E8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 898050E8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 898050E8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 898050E8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 898050E8
Device \FileSystem\Cdfs \Cdfs 897B7A50

---- Modules - GMER 1.0.14 ----

Module _________ BA6E5000-BA6FD000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0[email protected] 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0[email protected] 0x60 0x1B 0x1B 0x48 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}\[email protected] 0x6A 0x61 0x70 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}\[email protected] 0x69 0x61 0x6B 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}@ialgdmkhpnakkakmbp 0x6A 0x61 0x70 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}@hafkbcikgfledinb 0x69 0x61 0x6B 0x65 ...

---- Files - GMER 1.0.14 ----

File C:\System Volume Information\catalog.wci\CiFLfffc.000 240 bytes
File C:\System Volume Information\catalog.wci\CiFLfffc.001 65536 bytes
File C:\System Volume Information\catalog.wci\CiFLfffc.002 65536 bytes

---- EOF - GMER 1.0.14 ----
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok, lets try this instead..

Please go to Start >> Run >> Copy/Paste below command >> Press Enter

REG export "HKLM\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}" C:\export2.txt

Please find C:\export2.txt file and post its content here..




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please post the following in your next reply..

1. C:\export2.txt content
2. Kaspersky Online
3. Tell me about your computer condition


Regards
fenzodahl512
  • 0

#9
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Please post the following in your next reply..

1. C:\export2.txt content


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}]

2. Kaspersky Online


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 09, 2008 14:56:18
Records in database: 842481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 125786
Threat name: 7
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 01:58:20


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.88752 Infected: Backdoor.Win32.Rbot.pgs 1
C:\Documents and Settings\Owner\Desktop\Downloadsamdis\Downloads\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Documents and Settings\Owner\Desktop\tools\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\Owner\Desktop\tools\mss-uvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Documents and Settings\Owner\My Documents\Downloads\CopyBot v2.0 for Second Life.rar Infected: Backdoor.Win32.Rbot.pgs 1
C:\Documents and Settings\Owner\My Documents\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Documents and Settings\Owner\My Documents\panasonic and work infor\storage\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.g 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\old My docks\Downloads\mirc62.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1


The selected area was scanned.

3. Tell me about your computer condition


I have web access again although IE starts slow -- tries to find proxies for a long time

Edited by Seaker, 09 June 2008 - 03:28 PM.

  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE



NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\Desktop\Downloadsamdis\Downloads\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\CopyBot v2.0 for Second Life.rar
    C:\Documents and Settings\Owner\My Documents\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\panasonic and work infor\storage\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\incredimail_install.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6} 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh Deckard System Scanner log (after OTMoveIt2 step)


Regards
fenzodahl512
  • 0

Advertisements


#11
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello, thanks for the reply.. Please do the following..

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)



  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE



NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\Desktop\Downloadsamdis\Downloads\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\CopyBot v2.0 for Second Life.rar
    C:\Documents and Settings\Owner\My Documents\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\panasonic and work infor\storage\ipscan.exe
    C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\incredimail_install.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6} 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply..

1. OTMoveIt2



Explorer killed successfully
C:\Documents and Settings\Owner\Desktop\Downloadsamdis\Downloads\ipscan.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\CopyBot v2.0 for Second Life.rar moved successfully.
C:\Documents and Settings\Owner\My Documents\ipscan.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\panasonic and work infor\storage\ipscan.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\incredimail_install.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6} >
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}\\ .
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E42F72C-BDF1-77C0-B86A-5C1E234AF7F6}\\ not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_378.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_870.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a54.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_061220

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_378.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_870.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_a54.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!



2. A fresh Deckard System Scanner log (after OTMoveIt2 step)


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-12 06:16:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:03 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\geeks tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Owner\Application Data\RssBandit\iecontext_subscribebandit.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137399981718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212403098390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12143 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-08 07:34:42 0 d-------- C:\Documents and Settings\Owner\Application Data\NewsComponents
2008-06-08 07:34:22 0 d-------- C:\Program Files\RssBandit
2008-06-08 07:34:22 0 d-------- C:\Documents and Settings\Owner\Application Data\RssBandit
2008-06-07 16:05:21 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 19:11:29 0 d-------- C:\Program Files\Panda Security
2008-06-03 07:37:07 0 d-------- C:\Program Files\Trend Micro
2008-06-02 18:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-02 18:30:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 18:30:13 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 18:27:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-02 18:27:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 18:27:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 18:27:13 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 12:42:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-02 12:41:55 0 d-------- C:\Program Files\Common Files\iS3
2008-06-02 12:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-02 07:45:05 0 d-------- C:\Program Files\Safer Networking
2008-06-02 06:48:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-02 06:42:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-02 06:42:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 20:19:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-01 20:18:03 0 d-------- C:\WINDOWS\CSC
2008-06-01 16:44:10 0 d-------- C:\Program Files\SecondLifeReleaseCandidate
2008-05-28 08:50:08 0 d-------- C:\Program Files\Agent
2008-05-27 18:14:46 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-05-27 18:14:30 0 d-------- C:\Program Files\NCH Software
2008-05-27 18:09:30 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-23 19:59:20 0 d-------- C:\Program Files\Freecorder
2008-05-23 19:59:20 0 d-------- C:\Program Files\Conduit
2008-05-23 19:59:16 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-05-23 19:59:16 0 d-------- C:\Program Files\Freecorder Toolbar
2008-05-23 00:41:58 0 d-------- C:\temp
2008-05-23 00:39:59 0 d-------- C:\Program Files\Microsoft Research
2008-05-23 00:37:10 0 d-------- C:\Program Files\Adobe Media Player
2008-05-23 00:37:08 0 d-------- C:\Program Files\Common Files\Adobe AIR


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files
2008-06-02 06:48:43 0 d-------- C:\Program Files\BitComet
2008-06-02 06:48:43 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
2008-06-01 14:51:04 0 d-------- C:\Program Files\Setup
2008-05-28 11:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-28 11:03:45 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-28 08:53:23 0 d-------- C:\Program Files\eMule
2008-05-27 18:39:56 0 d-------- C:\Program Files\Winamp
2008-05-27 18:14:45 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-23 00:37:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-12 23:41:50 0 d-------- C:\Program Files\DivX
2008-05-03 15:02:03 0 d-------- C:\Program Files\Ultra Fractal 4
2008-05-03 15:02:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Ultra Fractal 4
2008-05-03 14:58:23 0 d-------- C:\Program Files\Apophysis 2.0
2008-04-24 14:15:24 0 d-------- C:\Program Files\iTunes
2008-04-24 14:15:15 0 d-------- C:\Program Files\iPod
2008-04-24 14:14:37 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-19 13:44:49 0 d-------- C:\Program Files\GLIntercept0_5
2008-04-13 21:56:58 0 d-------- C:\Program Files\TURIA SYSTEM
2008-04-13 00:30:57 2548 --a------ C:\WINDOWS\unins000.dat
2008-04-13 00:29:59 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-10 08:44:43 2 --a------ C:\Documents and Settings\Owner\Application Data\keyboardlayout.bmp
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 05:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [07/26/2005 05:52 PM]
"phc700"="C:\WINDOWS\vphc700.exe" [10/16/2006 10:18 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 09:01 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 10:34 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 08:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 07:08 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Camio Viewer.lnk - C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe [2/11/2002 2:59:44 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/17/2007 4:45:10 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [5/11/2007 10:54:33 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe [8/27/2007 9:36:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/03/2008 07:08 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/03/2008 07:08 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-06-12 06:17:40 ------------







Thank you, awating further instructions,
Seaker
  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Tell me about your computer condition..

Regards
fenzodahl512
  • 0

#13
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Tell me about your computer condition..

Regards
fenzodahl512


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 10:43:33
Records in database: 859435
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 115888
Threat name: 8
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:01:57


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.88752 Infected: Backdoor.Win32.Rbot.pgs 1
C:\Documents and Settings\Owner\Desktop\tools\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\Owner\Desktop\tools\mss-uvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\incomming\Limewire Pro Serial.exe Infected: not-a-virus:AdWare.Win32.Locator.e 1
C:\Documents and Settings\Owner\My Documents\Transfered from old system\old My docks\Downloads\mirc62.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\eMule\Incoming\Limewire Pro Serial.exe Infected: not-a-virus:AdWare.Win32.Locator.e 1
C:\_OTMoveIt\MovedFiles\06122008_061220\Documents and Settings\Owner\Desktop\Downloadsamdis\Downloads\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\_OTMoveIt\MovedFiles\06122008_061220\Documents and Settings\Owner\My Documents\Downloads\CopyBot v2.0 for Second Life.rar Infected: Backdoor.Win32.Rbot.pgs 1
C:\_OTMoveIt\MovedFiles\06122008_061220\Documents and Settings\Owner\My Documents\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\_OTMoveIt\MovedFiles\06122008_061220\Documents and Settings\Owner\My Documents\panasonic and work infor\storage\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\_OTMoveIt\MovedFiles\06122008_061220\Documents and Settings\Owner\My Documents\Transfered from old system\downloaded\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.g 1

The selected area was scanned.


***************************************************************
IE opens much quicker now.
system seems to be working well.
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Owner\My Documents\Transfered from old system\incomming\Limewire Pro Serial.exe
    C:\Program Files\eMule\Incoming\Limewire Pro Serial.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log and a fresh [b]Deckard System Scanner[b] log in your next reply..


Regards
fenzodahl512
  • 0

#15
Seaker

Seaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello, thanks for the reply.. Please do the following...

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Owner\My Documents\Transfered from old system\incomming\Limewire Pro Serial.exe
    C:\Program Files\eMule\Incoming\Limewire Pro Serial.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log and a fresh [b]Deckard System Scanner[b] log in your next reply..


C:\Documents and Settings\Owner\My Documents\Transfered from old system\incomming\Limewire Pro Serial.exe moved successfully.
C:\Program Files\eMule\Incoming\Limewire Pro Serial.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_070848













Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-16 07:17:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:29 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\geeks tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Owner\Application Data\RssBandit\iecontext_subscribebandit.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137399981718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212403098390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12241 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-08 07:34:42 0 d-------- C:\Documents and Settings\Owner\Application Data\NewsComponents
2008-06-08 07:34:22 0 d-------- C:\Program Files\RssBandit
2008-06-08 07:34:22 0 d-------- C:\Documents and Settings\Owner\Application Data\RssBandit
2008-06-07 16:05:21 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 19:11:29 0 d-------- C:\Program Files\Panda Security
2008-06-03 07:37:07 0 d-------- C:\Program Files\Trend Micro
2008-06-02 18:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-02 18:30:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 18:30:13 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 18:27:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-02 18:27:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 18:27:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 18:27:13 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 12:42:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-02 12:41:55 0 d-------- C:\Program Files\Common Files\iS3
2008-06-02 12:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-02 07:45:05 0 d-------- C:\Program Files\Safer Networking
2008-06-02 06:48:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-02 06:42:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-02 06:42:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 20:19:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-01 20:18:03 0 d-------- C:\WINDOWS\CSC
2008-06-01 16:44:10 0 d-------- C:\Program Files\SecondLifeReleaseCandidate
2008-05-28 08:50:08 0 d-------- C:\Program Files\Agent
2008-05-27 18:14:46 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-05-27 18:14:30 0 d-------- C:\Program Files\NCH Software
2008-05-27 18:09:30 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-23 19:59:20 0 d-------- C:\Program Files\Freecorder
2008-05-23 19:59:20 0 d-------- C:\Program Files\Conduit
2008-05-23 19:59:16 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-05-23 19:59:16 0 d-------- C:\Program Files\Freecorder Toolbar
2008-05-23 00:41:58 0 d-------- C:\temp
2008-05-23 00:39:59 0 d-------- C:\Program Files\Microsoft Research
2008-05-23 00:37:10 0 d-------- C:\Program Files\Adobe Media Player
2008-05-23 00:37:08 0 d-------- C:\Program Files\Common Files\Adobe AIR


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:29:46 0 d-------- C:\Program Files\Common Files
2008-06-02 06:48:43 0 d-------- C:\Program Files\BitComet
2008-06-02 06:48:43 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
2008-06-01 14:51:04 0 d-------- C:\Program Files\Setup
2008-05-28 11:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-28 11:03:45 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-28 08:53:23 0 d-------- C:\Program Files\eMule
2008-05-27 18:39:56 0 d-------- C:\Program Files\Winamp
2008-05-27 18:14:45 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-23 00:37:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-12 23:41:50 0 d-------- C:\Program Files\DivX
2008-05-03 15:02:03 0 d-------- C:\Program Files\Ultra Fractal 4
2008-05-03 15:02:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Ultra Fractal 4
2008-05-03 14:58:23 0 d-------- C:\Program Files\Apophysis 2.0
2008-04-24 14:15:24 0 d-------- C:\Program Files\iTunes
2008-04-24 14:15:15 0 d-------- C:\Program Files\iPod
2008-04-24 14:14:37 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-19 13:44:49 0 d-------- C:\Program Files\GLIntercept0_5
2008-04-13 00:30:57 2548 --a------ C:\WINDOWS\unins000.dat
2008-04-13 00:29:59 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-10 08:44:43 2 --a------ C:\Documents and Settings\Owner\Application Data\keyboardlayout.bmp
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 05:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [07/26/2005 05:52 PM]
"phc700"="C:\WINDOWS\vphc700.exe" [10/16/2006 10:18 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 09:01 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 10:34 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 08:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 07:08 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Camio Viewer.lnk - C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe [2/11/2002 2:59:44 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/17/2007 4:45:10 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [5/11/2007 10:54:33 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe [8/27/2007 9:36:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/03/2008 07:08 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/03/2008 07:08 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-06-16 07:18:09 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP