Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wwwcoolsearch Virus [CLOSED]

Started by tooning , Jun 22 2008 01:41 PM

  • This topic is locked This topic is locked

#1
tooning
Posted 22 June 2008 - 01:41 PM

tooning

    New Member

  • Member
  • Pip
  • 8 posts
I tried Cwshredder and it gets rid of it and then the guide said to restart ad run spybot which I did but the virus starts before it can finish virus starts in safemode too. Any help would be appreciated. Thank you in advance for any help. I am running Avast and I have seemed to be getting a few viruses lately as well any suggestions for better spware portection. I am posting my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:18 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
G:\Torrent\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\444.471
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\iftuyszv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\svchost.exe
G:\Games\QTTask.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Pure Networks\Network Magic\nmapp.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\Ares\Ares.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\WINDOWS\system32\rwwnw64d.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\Rundll32.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {048ADF87-6419-41F6-B692-B1CC2D9850C8} - D:\WINDOWS\system32\cbXPhfCU.dll (file missing)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {1435F45D-5EAC-45AC-B3AA-50A3207E9FB2} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - D:\Program Files\Spcron\Spc.dll
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {6E8A0E34-D6CD-4A6D-A2DF-369A0D51B86C} - D:\WINDOWS\system32\xxywTMfD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: gooochi browser optimizer - {c12d3996-4409-ac04-0f84-35a0b9aabe97} - D:\WINDOWS\system32\{a4d53684-e4fa-58cf-b2f7-0b951d0ada12}.dll
O2 - BHO: (no name) - {C7EDAC51-86E0-4414-9839-55E3DF486220} - D:\WINDOWS\system32\awtttqOi.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Games\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [BM5bde2243] Rundll32.exe "D:\WINDOWS\system32\fxftxaef.dll",s
O4 - HKLM\..\Run: [647ec673] rundll32.exe "D:\WINDOWS\system32\rhieteyc.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] G:\Games\BulletProofSoft.BPS.Spyware.Adware.Remover.v9.3.0.6.WinALL.RETAIL-ARN\BPS Spyware Remover\SpyRem.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1131] command /c del "D:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix\RegistryFix.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6030] cmd /c del "D:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix\RegistryFix.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7871] command /c del "D:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix\Uninstall RegistryFix.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2607] cmd /c del "D:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix\Uninstall RegistryFix.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB265] command /c del "D:\WINDOWS\b152.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2896] cmd /c del "D:\WINDOWS\b152.exe_old"
O4 - Startup: Deewoo.lnk = D:\WINDOWS\system32\tcntaxdm.exe
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab53984.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O20 - Winlogon Notify: hgdba - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Torrent\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS\444.471.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Torrent\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Torrent\Spyware Doctor\pctsSvc.exe

--
End of file - 13096 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 27 June 2008 - 06:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
tooning
Posted 29 June 2008 - 11:24 PM

tooning

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
sorry I have been sick here is the .run file Thank you for helping. It says "Upload failed. You are not permitted to upload this type of file" Here s my log hope that helps

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : 2243BC93E6F0419
Creation time : 6/30/2008 12:21:20 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : D:\WINDOWS

001 Running processes
---------------------
* g:\torrent\aawservice.exe (Lavasoft)
* d:\windows\system32\alg.exe (Microsoft Corporation)
* d:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* d:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* d:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* d:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
* d:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
d:\program files\bonjour\mdnsresponder.exe (Apple Computer, Inc.)
* d:\windows\system32\csrss.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
* d:\program files\java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
d:\program files\kodak\kodak easyshare software\bin\easyshare.exe
d:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe
* d:\windows\system32\lsass.exe (Microsoft Corporation)
d:\program files\pure networks\network magic\nmapp.exe (Pure Networks, Inc.)
d:\program files\pure networks\network magic\nmsrvc.exe (Pure Networks, Inc.)
* d:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
d:\program files\scansoft\omnipagese4.0\opwarese4.exe (ScanSoft, Inc.)
d:\program files\winamp remote\bin\orbtray.exe (Orb Networks)
g:\games\qttask.exe (Apple Inc.)
* d:\windows\system32\rundll32.exe (Microsoft Corporation)
* d:\windows\system32\rundll32.exe (Microsoft Corporation)
* d:\windows\system32\rundll32.exe (Microsoft Corporation)
* d:\documents and settings\tooning\desktop\runscanner.exe (Runscanner.net)
* d:\windows\system32\services.exe (Microsoft Corporation)
* d:\windows\system32\spoolsv.exe (Microsoft Corporation)
* d:\windows\explorer.exe (Microsoft Corporation)
* d:\program files\messenger\msmsgs.exe (Microsoft Corporation)
* d:\windows\system32\winlogon.exe (Microsoft Corporation)
* d:\windows\system32\smss.exe (Microsoft Corporation)
* d:\windows\system32\wscntfy.exe (Microsoft Corporation)
* d:\windows\system32\taskmgr.exe (Microsoft Corporation)
* d:\windows\system32\wuauclt.exe (Microsoft Corporation)
* d:\windows\system32\wdfmgr.exe (Microsoft Corporation)
* d:\windows\system32\msiexec.exe (Microsoft Corporation)
g:\winrar\winrar.exe
g:\winrar\winrar.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
- "d:\windows\system32\{a4d53684-e4fa-58cf-b2f7-0b951d0ada12}.dll"
- d:\windows\system32\rhieteyc.dll
* d:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
- d:\windows\system32\fxftxaef.dll
d:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
d:\program files\pure networks\network magic\nmapp.exe (Pure Networks, Inc.)
D:\WINDOWS\system32\nwiz.exe
d:\program files\scansoft\omnipagese4.0\opwarese4.exe (ScanSoft, Inc.)
g:\games\qttask.exe (Apple Inc.)
d:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe (Scansoft, Inc.)
* d:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
d:\program files\ares\ares.exe (Ares Development Group)
- g:\games\bulletproofsoft.bps.spyware.adware.remover.v9.3.0.6.winall.retail-arn\bps spyware remover\spyrem.exe
d:\program files\winamp remote\bin\orbtray.exe (Orb Networks)
* d:\program files\spybot - search & destroy\teatimer.exe (Safer Networking Limited)

005 D:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
d:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated)
d:\progra~1\kodak\kodake~1\bin\easysh~1.exe
d:\progra~1\kodak\kodaks~1\7288971\program\kodaks~1.exe

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* g:\torrent\aawservice.exe (Ad-Aware 2007 Service)
d:\program files\ares\chatserver.exe (Ares Chatroom server)
* d:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* d:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* d:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* d:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
d:\program files\bonjour\mdnsresponder.exe (Bonjour Service)
d:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* g:\torrent\spyware doctor\pctsauxs.exe (PC Tools Auxiliary Service)
* g:\torrent\spyware doctor\pctssvc.exe (PC Tools Security Service)
d:\program files\pure networks\network magic\webserver\bin\nmraapache.exe (Pure Networks Net2Go Service)
d:\program files\pure networks\network magic\nmsrvc.exe (Pure Networks Network Magic Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- d:\windows\system32\drivers\aqosw2ms.sys (aqosw2ms)
* d:\windows\system32\drivers\aswrdr.sys (aswRdr)
* d:\windows\system32\drivers\aavmker4.sys (avast! Asynchronous Virus Monitor)
* d:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support)
* d:\windows\system32\drivers\aswmon2.sys (avast! Standard Shield Support)
- d:\windows\system32\drivers\changer.sys (Changer)
* d:\windows\system32\drivers\ikfilesec.sys (File Security Driver)
- d:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- d:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
- d:\windows\system32\drivers\pcidump.sys (PCIDump)
- d:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- d:\windows\system32\drivers\pdframe.sys (PDFRAME)
- d:\windows\system32\drivers\pdreli.sys (PDRELI)
- d:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
d:\windows\system32\drivers\scdemu.sys (SCDEmu)
D:\WINDOWS\system32\drivers\sptd.sys (sptd)
* D:\WINDOWS\system32\drivers\iksysflt.sys (System Filter Driver)
* D:\WINDOWS\system32\drivers\iksyssec.sys (System Security Driver)
D:\WINDOWS\system32\drivers\ntidrvr.sys (Upper Class Filter Driver)
- d:\windows\system32\drivers\wdica.sys (WDICA)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
d:\program files\common files\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
d:\program files\common files\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
d:\program files\common files\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
d:\program files\common files\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
d:\program files\common files\pure networks shared\puresp.dll (Pure Networks, Inc.) {4746C79A-2042-4332-8650-48966E44ABA8}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
c:\partygaming\partypoker\runapp.exe {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
d:\progra~1\spyzooka\spyguard.dll (BluePenguin Software Inc.) {D468BCE5-D18E-49A4-8EA7-34BD583659D5}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
d:\windows\system32\{a4d53684-e4fa-58cf-b2f7-0b951d0ada12}.dll {c12d3996-4409-ac04-0f84-35a0b9aabe97}
- d:\windows\system32\awtttqoi.dll {C7EDAC51-86E0-4414-9839-55E3DF486220}
- d:\windows\system32\cbxphfcu.dll {048ADF87-6419-41F6-B692-B1CC2D9850C8}
* d:\program files\spybot - search & destroy\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
- d:\windows\system32\xxywtmfd.dll {6E8A0E34-D6CD-4A6D-A2DF-369A0D51B86C}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* d:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
d:\program files\bonjour\explorerplugin.dll (Apple Computer, Inc.) {9999A076-A9E2-4C99-8A2B-632FC9429223}
d:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
d:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
c:\simply accounting\sa_filever.dll (Sage Software, Inc.) {54457175-AE62-422f-8042-3188BA18A703}
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.) {33F85093-44BB-4587-B25B-FFD05D5B9916}
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.) {C55C499D-3518-44a1-998E-796AC5FC989D}
d:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
* c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
- h:\iso\sfshelltools.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
- h:\iso\smarthook.dll {B8323370-FF27-11D2-97B6-204C4F4F5020}
- h:\iso\sfshelltools.dll {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
- h:\iso\sfshelltools.dll {40FDFA48-5F4E-4627-A78E-6A49A3D4492F}
- h:\games\tower\yoottowr\t2icons.dll {F6FC9820-57D7-11d2-A2FD-0040056140CF}
d:\progra~1\common~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
* D:\WINDOWS\system32\lsdelete.exe

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
-
-

073 %windir%\Tasks
------------------
XoftSpySE 2.job : d:\program files\xoftspyse\xoftspy.exe (ParetoLogic)
XoftSpySE.job : d:\program files\xoftspyse\xoftspy.exe (ParetoLogic)

100 Internet Explorer settings
------------------------------
Start Page HKCU : http://www.msn.com
Start Page HKLM : http://www.msn.com

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}
GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* g:\games\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
GUID / CLSID not found {05D44720-58E3-49E6-BDF6-D00330E511D3}
GUID / CLSID not found {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
GUID / CLSID not found {5736C456-EA94-4AAC-BB08-917ABDD035B3}
GUID / CLSID not found {77E32299-629F-43C6-AB77-6A1E6D7663F6}
GUID / CLSID not found {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}
GUID / CLSID not found {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929}
GUID / CLSID not found {B8BE5E93-A60C-4D26-A2DC-220313175592}
d:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
GUID / CLSID not found {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E}
GUID / CLSID not found {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
d:\program files\bonjour\mdnsnsp.dll (Apple Computer, Inc.)

136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
---------------------------------------------------------------------
* d:\program files\spybot - search & destroy\spybotsd.exe (Safer Networking Limited)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
* d:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
- h:\iso\magiciso\misosh.dll {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
- h:\iso\sfshelltools.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
GUID / CLSID not found
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
* d:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
- h:\iso\magiciso\misosh.dll {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
- h:\iso\sfshelltools.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
* d:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
* d:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
- h:\iso\magiciso\misosh.dll {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
- h:\iso\magiciso\misosh.dll {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.)
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.)
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
GUID / CLSID not found
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
- h:\iso\magiciso\misosh.dll {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.)
- h:\iso\sfshelltools.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
d:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
d:\program files\pure networks\network magic\nmspce.dll (Pure Networks, Inc.)

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
---------------------------------------------------------------------------------------
- h:\iso\sfshelltools.dll {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

Edited by tooning, 29 June 2008 - 11:31 PM.

  • 0

#4
Rorschach112
Posted 30 June 2008 - 06:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That is the log file

You need to zip the run file and upload that
  • 0

#5
tooning
Posted 04 July 2008 - 12:38 AM

tooning

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Trying again it worked. Sorry it took so long I didn't really know how to do it. Do I need to run the program again because its been so long?

Attached Files

  • Attached File  here.zip   95.45KB   181 downloads

  • 0

#6
Rorschach112
Posted 04 July 2008 - 06:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post (this will be your runscanner file fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
Rorschach112
Posted 09 July 2008 - 03:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP