Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AntiSpySpider removal


  • Please log in to reply

#1
Shandie

Shandie

    New Member

  • Member
  • Pip
  • 2 posts
Hi all,
I have been working on a friends computer trying to remove this malware for about 5 hrs. I have logged onto Administrator in safemode to try and remove problems as well. I cant use the taskmanager or regedit.exe... both are disabled under this name. I created a new admin account named fix and still had the same problem with the popups and redscreen. I was able to delete the background but that is about as far as I can get.. I need help pretty bad.

Thank you all,
Shan

Here is the main.txt log

Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-06-06 04:27:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-06-06 09:27:28 UTC - RP317 - Deckard's System Scanner Restore Point
75: 2008-06-06 08:29:20 UTC - RP316 - Installed Ad-Aware
74: 2008-06-06 08:29:09 UTC - RP315 - Installed Java™ 6 Update 5
73: 2008-06-06 06:30:58 UTC - RP314 - Removed SpyZooka
72: 2008-06-06 04:45:35 UTC - RP313 - Installed SpyZooka


-- First Restore Point --
1: 2008-03-20 06:05:46 UTC - RP242 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 239 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-06 04:32:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\msscntr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {5842bce3-4928-409c-8663-c98ede909e3d} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Chrissy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Chrissy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - C:\WINDOWS\system32\sockins32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\wltrysvc.exe


--
End of file - 10173 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys

S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aspimgr (Microsoft ASPI Manager) - c:\windows\system32\aspimgr.exe
R2 msscenter (Microsoft Security Center Extension) - c:\windows\system32\msscntr32.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_4043107B&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_4043107B&REV_02\3&267A616A&0&FD
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: WebcamMax, WDM Video Capture
Device ID: ROOT\MEDIA\0000
Manufacturer: YewSoft
Name: WebcamMax, WDM Video Capture
PNP Device ID: ROOT\MEDIA\0000
Service: CamthWDM


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 03:29:25 0 d-------- C:\Program Files\Lavasoft
2008-06-06 03:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 03:17:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 02:24:26 0 d-------- C:\Documents and Settings\fix\Application Data\Identities
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\Templates
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\Start Menu
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\SendTo
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\Recent
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\PrintHood
2008-06-06 02:24:11 786432 --ah----- C:\Documents and Settings\fix\NTUSER.DAT
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\NetHood
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\My Documents
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\Local Settings
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\Favorites
2008-06-06 02:24:11 0 d-------- C:\Documents and Settings\fix\Desktop
2008-06-06 02:24:11 0 d--hs---- C:\Documents and Settings\fix\Cookies
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\Application Data
2008-06-06 02:24:11 0 d---s---- C:\Documents and Settings\fix\Application Data\Microsoft
2008-06-06 02:14:40 0 d-------- C:\Documents and Settings\Administrator.CHRISTIN-GD6FTZ\Application Data\Macromedia
2008-06-06 02:12:57 0 d-------- C:\Documents and Settings\Administrator.CHRISTIN-GD6FTZ\Application Data\Adobe
2008-06-06 02:10:28 0 d--hs---- C:\WINDOWS\CSC
2008-06-06 01:46:19 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 01:33:42 0 d-------- C:\Program Files\Enigma Software Group
2008-06-05 23:45:53 0 d-------- C:\Program Files\SpyZooka
2008-06-05 23:38:47 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 08:41:28 36864 --a------ C:\WINDOWS\system32\msscntr32.exe
2008-06-05 02:22:46 32768 --a------ C:\WINDOWS\system32\sockins32.dll <Not Verified; ThinkPad; ThinkPad repl>
2008-06-05 02:22:23 81920 --a------ C:\WINDOWS\system32\aspimgr.exe
2008-05-31 14:11:10 0 d-------- C:\Program Files\Universal
2008-05-23 03:00:41 0 d-------- C:\Program Files\MSXML 4.0
2008-05-22 01:11:58 245824 -ra------ C:\WINDOWS\Instexec.exe <Not Verified; Logitech; Logitech>
2008-05-22 01:11:53 245824 -ra------ C:\WINDOWS\system32\InstExec.exe <Not Verified; Logitech; Logitech>
2008-05-22 01:10:58 262144 --a------ C:\WINDOWS\system32\ElkCtrl.exe <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-05-22 01:10:58 57344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-05-22 01:10:57 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-22 01:10:57 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-21 23:28:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-21 23:28:53 0 d-------- C:\Documents and Settings\Chrissy\Application Data\skypePM
2008-05-21 23:26:24 0 d-------- C:\Program Files\Skype
2008-05-21 23:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-06-06 03:17:17 0 d-------- C:\Program Files\Common Files
2008-06-06 03:12:54 0 d-------- C:\Program Files\Java
2008-05-29 11:32:32 0 d-------- C:\Program Files\LimeWire
2008-05-26 15:48:27 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-22 01:12:43 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-22 01:10:45 0 d-------- C:\Program Files\Logitech
2008-05-22 01:10:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 16:45:44 0 d-------- C:\Program Files\PokerStars
2008-05-05 22:24:03 0 d-------- C:\Program Files\Absolute Poker
2008-04-13 00:30:29 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2008-04-12 23:04:02 0 d-------- C:\Program Files\Absolute Poker Basic
2008-04-11 04:28:50 0 d-------- C:\Program Files\DivX
2008-04-10 10:16:14 0 d-------- C:\Documents and Settings\Chrissy\Application Data\F-Secure
2008-04-10 01:33:09 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Help
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 01:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 01:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 01:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/28/2006 11:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 02:23 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [03/10/2005 02:14 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/07/2005 10:26 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/07/2005 10:33 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/16/2007 02:17 PM]
"CUCore Agent"="C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe" [02/20/2004 03:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/06/2007 01:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{054e75e0-e4d4-11dc-b123-0013202408d6}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-06-06 04:33:21 ------------

Here is the extra.txt log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 238.73 MiB / 82.14 MiB
Pagefile Memory (total/avail): 785.78 MiB / 554.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.99 MiB

C: is Fixed (NTFS) - 76.68 GiB total, 60.03 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1163506735\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1163506735\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1163506735\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1163506735\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1164732062\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1164732062\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chrissy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRISTINAS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chrissy
LOGONSERVER=\\CHRISTINAS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chrissy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chrissy\LOCALS~1\Temp
USERDOMAIN=CHRISTINAS
USERNAME=Chrissy
USERPROFILE=C:\Documents and Settings\Chrissy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Chrissy (admin)
fix (new local, admin)
Administrator.CHRISTIN-GD6FTZ (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Belkin Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\setup.exe" -l0x9
Canon iP1600 --> C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
CUworld --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A5CD24-64C6-4BAF-A4EC-4D13F451763F}\Setup.exe" -l0x9 AddRemoveFlag
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LimeWire 4.18.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MovieBox --> "C:\Program Files\MovieBox\Uninstall.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint...completed.html"
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe 1.0 --> C:\Program Files\Yahoo! Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Yahoo! Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3593 / Error
Event Submitted/Written: 06/06/2008 04:29:45 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3592 / Error
Event Submitted/Written: 06/06/2008 04:29:45 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3586 / Error
Event Submitted/Written: 06/06/2008 03:38:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msscntr32.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00037c89.
Processing media-specific event for [msscntr32.exe!ws!]

Event Record #/Type3582 / Error
Event Submitted/Written: 06/06/2008 03:31:24 AM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type3581 / Error
Event Submitted/Written: 06/06/2008 03:31:24 AM
Event ID/Source: 3012 / LoadPerf
Event Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15193 / Error
Event Submitted/Written: 06/06/2008 04:15:16 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ShldDrv

Event Record #/Type15190 / Error
Event Submitted/Written: 06/06/2008 04:15:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Service service failed to start due to the following error:
%%3

Event Record #/Type15189 / Error
Event Submitted/Written: 06/06/2008 04:15:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Driver service failed to start due to the following error:
%%2

Event Record #/Type15184 / Error
Event Submitted/Written: 06/06/2008 03:38:32 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Microsoft Security Center Extension service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type15157 / Error
Event Submitted/Written: 06/06/2008 03:26:14 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ShldDrv



-- End of Deckard's System Scanner: finished at 2008-06-06 04:33:21 ------------

Thanks again
  • 0

Advertisements


#2
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello Shandie , welcome to GeeksToGo! :)

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! :)

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

You have AntiSpySpider as well as other infections - including flashdrive infections. We will run ComboFix to get rid of AntiSpySpider and a registry fix to get rid of the flashdrive infection.

Step1 : ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Step2 : Registry Fix

Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process :)


  • Please go to Start > Run
  • Paste in the following line: regedit /e c:\registrybackup.reg
  • Click OK. It won't appear to be doing anything, that's normal.
  • Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{054e75e0-e4d4-11dc-b123-0013202408d6}]

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Step3 : Flashdrive Disinfector

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Summary

In your next reply, please include the following:
  • ComboFix log;
  • New DSS log.

Regards,

Tal :)
  • 0

#3
Shandie

Shandie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hey,
Thanks for your help, I really apreciate it!
Here are the logs from the computer.

Combofix

ComboFix 08-06-07.3 - Chrissy 2008-06-08 3:49:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT -5:00]
Running from: C:\Documents and Settings\Chrissy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chrissy\Start Menu\Programs\moviebox
C:\Documents and Settings\Chrissy\Start Menu\Programs\moviebox\Uninstall.lnk
C:\Program Files\moviebox
C:\WINDOWS\g32.txt
C:\WINDOWS\promo1.html
C:\WINDOWS\promo2.html
C:\WINDOWS\promo3.html
C:\WINDOWS\promo4.html
C:\WINDOWS\promo5.html
C:\WINDOWS\promo6.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sn.txt
C:\WINDOWS\system32\sockins32.dll
C:\WINDOWS\ws386.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR
-------\Service_aspimgr


((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-06 04:27 . 2008-06-06 04:27 <DIR> d-------- C:\Deckard
2008-06-06 03:29 . 2008-06-06 03:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-06 03:29 . 2008-06-06 03:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 03:17 . 2008-06-06 03:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 02:24 . 2008-06-06 02:24 <DIR> d-------- C:\Documents and Settings\fix
2008-06-06 01:46 . 2008-06-06 01:46 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 01:33 . 2008-06-06 01:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-05 23:45 . 2008-06-06 01:31 <DIR> d-------- C:\Program Files\SpyZooka
2008-06-05 23:38 . 2008-06-05 23:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 08:41 . 2008-06-05 08:41 36,864 --a------ C:\WINDOWS\system32\msscntr32.exe
2008-06-05 02:21 . 2008-06-05 02:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 02:21 . 2008-06-05 02:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 14:11 . 2008-05-31 14:11 <DIR> d-------- C:\Program Files\Universal
2008-05-23 03:00 . 2008-05-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-22 01:20 . 2005-12-05 22:27 7,136 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-05-22 01:19 . 2005-12-05 22:30 916,096 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2008-05-22 01:19 . 2005-12-05 22:26 380,928 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-05-22 01:19 . 2005-12-05 22:25 217,088 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-05-22 01:19 . 2005-12-05 22:25 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-05-22 01:19 . 2005-12-05 22:22 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-05-22 01:19 . 2005-12-05 22:26 39,424 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-05-22 01:19 . 2005-12-05 21:28 13,126 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-05-22 01:19 . 2005-12-05 21:27 2,112 -ra------ C:\WINDOWS\system32\Repository.reg
2008-05-22 01:11 . 2005-12-09 15:31 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe
2008-05-22 01:11 . 2005-12-09 15:35 245,824 -ra------ C:\WINDOWS\Instexec.exe
2008-05-22 01:11 . 2005-12-09 15:31 719 -ra------ C:\WINDOWS\system32\InstExec.ini
2008-05-21 23:28 . 2008-05-21 23:28 <DIR> d-------- C:\Documents and Settings\Chrissy\Application Data\skypePM
2008-05-21 23:28 . 2008-05-21 23:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-21 23:26 . 2008-05-22 01:14 <DIR> d-------- C:\Program Files\Skype
2008-05-21 23:25 . 2008-05-21 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 08:12 --------- d-----w C:\Program Files\Java
2008-05-29 16:32 --------- d-----w C:\Program Files\LimeWire
2008-05-26 20:48 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-22 06:12 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-22 06:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 06:10 --------- d-----w C:\Program Files\Logitech
2008-05-18 21:45 --------- d-----w C:\Program Files\PokerStars
2008-05-06 03:24 --------- d-----w C:\Program Files\Absolute Poker
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-13 05:30 --------- d-----w C:\Program Files\Charter High-Speed Security Suite
2008-04-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-13 04:04 --------- d-----w C:\Program Files\Absolute Poker Basic
2008-04-11 09:28 --------- d-----w C:\Program Files\DivX
2008-04-10 15:16 --------- d-----w C:\Documents and Settings\Chrissy\Application Data\F-Secure
2008-04-10 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 14:17 4670704]
"CUCore Agent"="C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe" [2004-02-20 15:03 29764]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 01:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 13:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 13:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 13:23 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24 282624]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-11-28 11:43 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23 75520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-03-10 14:14 778348]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 01:00 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.sx5363s"= sx5363s.acm
"VIDC.MJPG"= PMJPEG32.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{054e75e0-e4d4-11dc-b123-0013202408d6}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 23:22:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\msscntr32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-08 23:43:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 04:42:00

Pre-Run: 64,403,525,632 bytes free
Post-Run: 64,383,455,232 bytes free

197 --- E O F --- 2008-05-29 08:00:48

Deckards main.txt

Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-06-09 00:09:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 239 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 00:10:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\msscntr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {5842bce3-4928-409c-8663-c98ede909e3d} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Chrissy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Chrissy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\wltrysvc.exe


--
End of file - 9111 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 03:48:18 68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 03:48:18 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 03:48:18 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 03:48:18 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-08 03:48:18 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 03:48:18 98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 03:48:18 80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 03:48:18 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-06 03:29:25 0 d-------- C:\Program Files\Lavasoft
2008-06-06 03:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 03:17:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 02:24:26 0 d-------- C:\Documents and Settings\fix\Application Data\Identities
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\Templates
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\Start Menu
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\SendTo
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\Recent
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\PrintHood
2008-06-06 02:24:11 786432 --ah----- C:\Documents and Settings\fix\NTUSER.DAT
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\NetHood
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\My Documents
2008-06-06 02:24:11 0 d--h----- C:\Documents and Settings\fix\Local Settings
2008-06-06 02:24:11 0 dr------- C:\Documents and Settings\fix\Favorites
2008-06-06 02:24:11 0 d-------- C:\Documents and Settings\fix\Desktop
2008-06-06 02:24:11 0 d--hs---- C:\Documents and Settings\fix\Cookies
2008-06-06 02:24:11 0 dr-h----- C:\Documents and Settings\fix\Application Data
2008-06-06 02:24:11 0 d---s---- C:\Documents and Settings\fix\Application Data\Microsoft
2008-06-06 02:14:40 0 d-------- C:\Documents and Settings\Administrator.CHRISTIN-GD6FTZ\Application Data\Macromedia
2008-06-06 02:12:57 0 d-------- C:\Documents and Settings\Administrator.CHRISTIN-GD6FTZ\Application Data\Adobe
2008-06-06 02:10:28 0 d--hs---- C:\WINDOWS\CSC
2008-06-06 01:46:19 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 01:33:42 0 d-------- C:\Program Files\Enigma Software Group
2008-06-05 23:45:53 0 d-------- C:\Program Files\SpyZooka
2008-06-05 23:38:47 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 08:41:28 36864 --a------ C:\WINDOWS\system32\msscntr32.exe
2008-05-31 14:11:10 0 d-------- C:\Program Files\Universal
2008-05-23 03:00:41 0 d-------- C:\Program Files\MSXML 4.0
2008-05-22 01:11:58 245824 -ra------ C:\WINDOWS\Instexec.exe <Not Verified; Logitech; Logitech>
2008-05-22 01:11:53 245824 -ra------ C:\WINDOWS\system32\InstExec.exe <Not Verified; Logitech; Logitech>
2008-05-22 01:10:58 262144 --a------ C:\WINDOWS\system32\ElkCtrl.exe <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-05-22 01:10:58 57344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-05-22 01:10:57 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-22 01:10:57 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-21 23:28:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-21 23:28:53 0 d-------- C:\Documents and Settings\Chrissy\Application Data\skypePM
2008-05-21 23:26:24 0 d-------- C:\Program Files\Skype
2008-05-21 23:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-06-06 03:17:17 0 d-------- C:\Program Files\Common Files
2008-06-06 03:12:54 0 d-------- C:\Program Files\Java
2008-05-29 11:32:32 0 d-------- C:\Program Files\LimeWire
2008-05-26 15:48:27 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-22 01:12:43 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-22 01:10:45 0 d-------- C:\Program Files\Logitech
2008-05-22 01:10:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 16:45:44 0 d-------- C:\Program Files\PokerStars
2008-05-05 22:24:03 0 d-------- C:\Program Files\Absolute Poker
2008-04-13 00:30:29 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2008-04-12 23:04:02 0 d-------- C:\Program Files\Absolute Poker Basic
2008-04-11 04:28:50 0 d-------- C:\Program Files\DivX
2008-04-10 10:16:14 0 d-------- C:\Documents and Settings\Chrissy\Application Data\F-Secure
2008-04-10 01:33:09 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Help
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 01:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 01:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 01:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/28/2006 11:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 02:23 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [03/10/2005 02:14 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/07/2005 10:26 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/07/2005 10:33 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/16/2007 02:17 PM]
"CUCore Agent"="C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe" [02/20/2004 03:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/06/2007 01:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{054e75e0-e4d4-11dc-b123-0013202408d6}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall




-- End of Deckard's System Scanner: finished at 2008-06-09 00:22:54 ------------
  • 0

#4
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process :)


  • Please go to Start > Run
  • Paste in the following line: regedit /e c:\registrybackup.reg
  • Click OK. It won't appear to be doing anything, that's normal.
  • Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{054e75e0-e4d4-11dc-b123-0013202408d6}]

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Please re-scan with DSS - include the new log in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP