[shadow17]

hey all
how are you
nice to see you all again
my friend is having a problem he cant load or open any sites
so this is his hijack this log :-


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:11 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (file missing)
O1 - Hosts: 209.190.85.230 maplesea.com
O1 - Hosts: 209.190.85.230 mapleglobal.com
O1 - Hosts: 209.190.85.230 nexon.net
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (file missing)
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM07b2522b] Rundll32.exe "C:\WINDOWS\system32\ndfxcsbu.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: ,
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.maplesea..../box_middle.gif

--
End of file - 5365 bytes

[Advertisements]

Hello shadow17

Welcome to G2Go.
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[kahdah]

Hello shadow17

Welcome to G2Go.
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[shadow17]

Main log :-

Deckard's System Scanner v20071014.68
Run by marwaa on 2008-07-27 15:13:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-07-27 12:14:07 UTC - RP159 - Deckard's System Scanner Restore Point
19: 2008-07-26 04:21:54 UTC - RP158 - System Checkpoint
18: 2008-07-24 23:04:05 UTC - RP157 - Restore Operation
17: 2008-07-22 20:46:54 UTC - RP156 - Spyware Doctor: Cleaning Threats
16: 2008-07-22 20:42:14 UTC - RP155 - Move file to quarantine: uoyzsydz.exe


-- First Restore Point --
1: 2008-07-22 19:52:16 UTC - RP140 - Move file to quarantine: RealPlayer Download and Record Plugin f


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 4.7 GiB (less than 15%) free.


-- HijackThis (run as marwaa.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:51 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\DOCUME~1\marwaa\LOCALS~1\Temp\Rar$EX02.672\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\marwaa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (file missing)
O1 - Hosts: 209.190.85.230 maplesea.com
O1 - Hosts: 209.190.85.230 mapleglobal.com
O1 - Hosts: 209.190.85.230 nexon.net
O2 - BHO: (no name) - {007c0568-5eeb-45a1-be86-10aa7beab6bb} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {dbb6081d-fa4c-4513-a055-42b2492a20b9} - C:\WINDOWS\system32\urqOETjG.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (file missing)
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM07b2522b] Rundll32.exe "C:\WINDOWS\system32\agiqjioe.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: byxpqonm - byXpqonM.dll (file missing)
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.maplesea..../box_middle.gif

--
End of file - 5901 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 ¥Õ¥Ø°ê¤¤¥Í1 - c:\program files\maple-fun\vicious\nvid999.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 DBKDRVR54 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 FXDRV - d:\fxdrv.sys (file missing)
S3 geebers12 - c:\documents and settings\marwaa\desktop\buffy engine (rev 1007)\nvid888.sys (file missing)
S3 kqv27 - c:\windows\system32\drivers\kqv27.sys
S3 MzBot - c:\mzbot.sys (file missing)
S3 serport (%USBFilterString%) - c:\windows\system32\drivers\usbgprs.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 usbanyka (Anyka USB Web Camera) - c:\windows\system32\drivers\usbanyka.sys <Not Verified; Anyka (Guangzhou) Software Technology Co., Ltd.; Anyka USB Web Camera Driver>
S3 XDva008 - c:\windows\system32\xdva008.sys (file missing)
S3 XDva030 - c:\windows\system32\xdva030.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 15:05:13 464 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 19:45:02 80896 --a------ C:\WINDOWS\system32\wqdcanfx.dll
2008-07-26 19:41:50 40960 --a------ C:\WINDOWS\system32\xcpnmgig.dll
2008-07-26 19:38:50 89600 --a------ C:\WINDOWS\system32\agiqjioe.dll
2008-07-26 16:57:54 0 d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-07-26 16:36:45 0 d-------- C:\Program Files\Trend Micro
2008-07-25 19:40:01 40960 --a------ C:\WINDOWS\system32\kklnhdmg.dll
2008-07-25 19:38:08 91136 --a------ C:\WINDOWS\system32\ndfxcsbu.dll
2008-07-24 18:39:15 40960 --a------ C:\WINDOWS\system32\huxbseyv.dll
2008-07-24 18:37:56 90624 --a------ C:\WINDOWS\system32\hiuvqprb.dll
2008-07-23 16:04:38 40960 --a------ C:\WINDOWS\system32\mnjbostg.dll
2008-07-23 16:01:38 81408 --a------ C:\WINDOWS\system32\ueklvvck.dll
2008-07-23 15:56:35 90112 --a------ C:\WINDOWS\system32\fuhydsbl.dll
2008-07-23 15:55:37 392456 --ahs---- C:\WINDOWS\system32\GjTEOqru.ini2
2008-07-23 15:55:24 246784 -----n--- C:\WINDOWS\system32\urqOETjG.dll
2008-07-23 06:51:17 82432 --a------ C:\WINDOWS\system32\dvntjdys.dll
2008-07-23 06:49:03 91136 --a------ C:\WINDOWS\system32\ataxhgpj.dll
2008-07-23 06:48:17 1505 --ahs---- C:\WINDOWS\system32\TsssYcdd.ini2
2008-07-22 22:54:17 33152 --a------ C:\WINDOWS\system32\hgGyvSLF.dll
2008-07-22 22:54:16 33152 --a------ C:\WINDOWS\system32\byXPIbya.dll
2008-07-22 22:52:04 1541 --ahs---- C:\WINDOWS\system32\uCJPAJlm.ini2
2008-07-22 22:48:54 0 d-------- C:\Documents and Settings\marwaa\Application Data\uTorrent
2008-07-22 22:48:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-22 22:48:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-22 22:47:46 159744 --a------ C:\WINDOWS\qndsfmao.dll
2008-07-22 22:47:46 397312 --a------ C:\WINDOWS\kvxqmtre.dll
2008-07-22 22:47:46 245760 --a------ C:\WINDOWS\evgratsm.dll
2008-07-22 22:47:46 163840 --a------ C:\WINDOWS\erms.exe
2008-07-22 22:47:46 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-22 22:47:37 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-22 22:47:32 0 d-------- C:\Program Files\uTorrent
2008-07-22 22:47:21 0 --a------ C:\WINDOWS\yoursearchnet_com.exe
2008-07-22 22:47:10 30848 --a------ C:\WINDOWS\system32\drivers\Kqv27.sys
2008-07-22 22:47:03 85050 --a------ C:\WINDOWS\system32\drivers\e6e9d858.sys
2008-07-22 22:46:32 34816 --a------ C:\WINDOWS\system32\qoMccATn.dll
2008-07-20 02:11:58 0 d-------- C:\Documents and Settings\marwaa\Application Data\WinRAR
2008-07-19 22:46:03 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 22:08:41 0 d-------- C:\Program Files\Bonjour
2008-07-19 21:47:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-19 21:09:37 0 d-------- C:\Program Files\gBurner
2008-07-19 20:45:52 0 d-------- C:\Documents and Settings\marwaa\Application Data\ESET
2008-07-19 20:42:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-18 20:28:44 171136 -rahs---- C:\grldr
2008-07-18 18:18:18 0 d-------- C:\Program Files\Spyware Doctor
2008-07-16 20:28:46 0 d-------- C:\Program Files\7-Zip
2008-07-13 20:53:54 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-13 20:53:54 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-13 20:53:54 4672 --a------ C:\WINDOWS\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-13 20:53:54 5600 --a------ C:\WINDOWS\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-13 20:34:29 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-08 13:46:01 0 d-------- C:\Program Files\CAPCOM
2008-07-07 10:40:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-07-06 15:39:46 0 d-------- C:\Program Files\Anti-Leech
2008-07-05 17:48:06 0 d-------- C:\Program Files\Trymedia
2008-07-03 15:56:10 0 d-------- C:\Documents and Settings\marwaa\Application Data\SporeCreatureCreator
2008-07-02 21:31:24 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-02 21:31:21 0 d-------- C:\Documents and Settings\marwaa\Application Data\skypePM
2008-07-02 21:01:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-02 14:27:44 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-29 19:35:23 0 d-------- C:\Program Files\DOSBox-0.72
2008-06-28 00:45:21 0 d-------- C:\Documents and Settings\marwaa\dwhelper
2008-06-27 10:39:01 0 d-------- C:\Program Files\Pcsx2_0.9.4


-- Find3M Report ---------------------------------------------------------------

2008-07-23 00:03:36 0 d-------- C:\Program Files\MSN Messenger
2008-07-19 22:49:04 0 d-------- C:\Documents and Settings\marwaa\Application Data\Adobe
2008-07-19 22:08:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 21:47:52 0 d-------- C:\Program Files\Common Files
2008-07-19 19:55:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 19:45:34 0 d-------- C:\Program Files\MagicISO
2008-07-19 19:43:13 0 d-------- C:\Program Files\A123 Audio to Mp3 Amr aac ogg Converter
2008-07-18 18:46:17 0 d-------- C:\Program Files\ActivationManager
2008-07-18 00:17:11 0 d-------- C:\Program Files\PowerISO
2008-07-16 21:13:53 0 d-------- C:\Documents and Settings\marwaa\Application Data\dvdcss
2008-07-16 17:23:00 0 d-------- C:\Program Files\Security Task Manager
2008-07-16 05:45:00 0 d-------- C:\Documents and Settings\marwaa\Application Data\Free Download Manager
2008-07-13 20:34:13 0 d-------- C:\Program Files\Common Files\Real
2008-06-24 17:25:49 0 dr-h----- C:\Documents and Settings\marwaa\Application Data\yahoo!
2008-06-24 15:47:29 0 d-------- C:\Program Files\Yahoo!
2008-06-21 18:23:48 0 d-------- C:\Program Files\Globe7
2008-06-21 17:51:12 0 d-------- C:\Documents and Settings\marwaa\Application Data\Globe7
2008-06-20 09:17:04 0 d-------- C:\Program Files\Messenger
2008-06-18 21:36:08 96652 --a------ C:\WINDOWS\Metal Gear Solid 2 - 1.scr <Not Verified; Goldshell Digital Media; FlashForge>
2008-06-18 21:36:08 404511 --a----c- C:\WINDOWS\Metal Gear Solid 2 - 1.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2008-06-18 21:36:08 28672 --a----c- C:\WINDOWS\gscr.dll
2008-06-18 20:39:54 0 d-------- C:\Documents and Settings\marwaa\Application Data\Mozilla
2008-06-16 10:33:43 0 d-------- C:\Program Files\Free Download Manager
2008-06-01 03:53:28 0 d-------- C:\Program Files\MSXML 4.0
2008-05-28 18:06:26 0 d-------- C:\Program Files\Freecorder
2008-05-28 09:16:17 0 d-------- C:\Documents and Settings\marwaa\Application Data\MSN6
2008-05-25 18:05:18 5430 --a----c- C:\WINDOWS\system32\pmoci.bin
2008-05-20 16:08:28 7168 --a----c- C:\WINDOWS\system32\sfmdf.exe
2008-05-09 00:00:07 516 --ah---c- C:\WINDOWS\wininf.dat
2008-05-09 00:00:07 61 --a----c- C:\WINDOWS\hare.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{007c0568-5eeb-45a1-be86-10aa7beab6bb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbb6081d-fa4c-4513-a055-42b2492a20b9}]
07/23/2008 03:55 PM 246784 --------- C:\WINDOWS\system32\urqOETjG.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 10:56 AM]
"BM07b2522b"="C:\WINDOWS\system32\agiqjioe.dll" [07/26/2008 07:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=2 (0x2)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)
"NoFolderOptions"=2 (0x2)
"NoAutoUpdate"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxpqonm]
byXpqonM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll 04/02/2008 09:27 AM 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\urqOETjG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqv27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Hare.lnk]
backup=C:\WINDOWS\pss\Hare.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Registration Prince of Persia T2T.LNK]
path=C:\Documents and Settings\marwaa\Start Menu\Programs\Startup\Registration Prince of Persia T2T.LNK
backup=C:\WINDOWS\pss\Registration Prince of Persia T2T.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^systemID.pif]
path=C:\Documents and Settings\marwaa\Start Menu\Programs\Startup\systemID.pif
backup=C:\WINDOWS\pss\systemID.pifStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\048161b7]
rundll32.exe "C:\WINDOWS\system32\titcjgrv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ac97Sound]
C:\WINDOWS\system32\snddrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antivirus]
C:\Program Files\VAV\vav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07b2522b]
Rundll32.exe "C:\WINDOWS\system32\agiqjioe.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrazyCoinsSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CS Update]
copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsm]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\istray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
uuhdip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsystem]
C:\WINDOWS\system32\snddrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN]
C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
c:\windows\system32\pmropn.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Userinit]
C:\WINDOWS\system32\cologsver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows]
C:\WINDOWS\system32\windows.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\marwaa\LOCALS~1\Temp\svchost.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AresChatServer"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15cbb81c-0f9d-11dd-84f2-00138f3ef64b}]
AutoRun\command- tio8x6.cmd
explore\Command- tio8x6.cmd
open\Command- tio8x6.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f510f6-5ba0-11dc-82bc-00138f3ef64b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
209.190.85.230 maplesea.com
209.190.85.230 mapleglobal.com
209.190.85.230 nexon.net
127.0.0.1 webdown.nexon.co.jp
127.0.0.1 63.251.217.184
127.0.0.1 72.5.148.122
127.0.0.1 gameguard.mapleglobal.com


-- End of Deckard's System Scanner: finished at 2008-07-27 15:22:58 ------------


Extra log :-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 447.23 MiB / 117.47 MiB
Pagefile Memory (total/avail): 1057.05 MiB / 718.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.61 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.3 GiB total, 4.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0411N - 37.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.3 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Documents and Settings\\marwaa\\My Documents\\My Received Files\\maimi vice\\MapleStory.exe"="C:\\Documents and Settings\\marwaa\\My Documents\\My Received Files\\maimi vice\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\100_PANA\\maimi vice\\MapleStory.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\100_PANA\\maimi vice\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Visualboy Advance\\VisualBoyAdvance.exe"="C:\\Program Files\\Visualboy Advance\\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\MapleStory.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\Patcher.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\NewPatcher.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maimi vice\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\CS Source\\Counter Strike Source\\hl2.exe"="C:\\Program Files\\CS Source\\Counter Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:Enabled:DriftCity"
"C:\\Program Files\\GameFlier\\GhostOnline\\game.exe"="C:\\Program Files\\GameFlier\\GhostOnline\\game.exe:*:Enabled:game"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\MapleStory.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\Patcher.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\NewPatcher.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\7amood\\maple sea\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Documents and Settings\\marwaa\\Desktop\\maple sea\\MapleStory.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\maple sea\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Nexon\\MapleStory\\Patcher.exe"="C:\\Nexon\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\marwaa\\Desktop\\maple sea\\Patcher.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\maple sea\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Sample Pictures\\maimi vice\\MapleStory.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Sample Pictures\\maimi vice\\MapleStory.exe:*:Enabled:MapleStory"
"D:\\STHIW\\stInstall.exe"="D:\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"="C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe:*:Enabled:ST330 service"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"c:\\windows\\system32\\pmropn.exe"="c:\\windows\\system32\\pmropn.exe:*:Enabled:pmropn.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Documents and Settings\\marwaa\\Desktop\\PES6\\Pro Evolution Soccer 6 Rip\\pes6.exe"="C:\\Documents and Settings\\marwaa\\Desktop\\PES6\\Pro Evolution Soccer 6 Rip\\pes6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\Mozilla Firefox\\plugins\\alhlp.exe"="C:\\Program Files\\Mozilla Firefox\\plugins\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:FileTransferProtocol"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\marwaa\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\marwaa
INCLUDE=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
LOGONSERVER=\\ALI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\WinRAR;C:\Program Files\MSN Messenger\;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\marwaa\LOCALS~1\Temp
TMP=C:\DOCUME~1\marwaa\LOCALS~1\Temp
USERDOMAIN=ALI
USERNAME=marwaa
USERPROFILE=C:\Documents and Settings\marwaa
VS71COMNTOOLS=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

marwaa (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.58 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}\setup.exe" -l0x9
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVI Codec Pack Lite --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVIConverter 2.0 --> C:\sky mp4 apps\AVIConverter\uninst.exe
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CEDP Stealer 6.0 for Messenger --> C:\Program Files\CEDP Stealer 6.0 for Messenger\uninstall.exe
Delte Force 3 Land Warrior --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50BD70C0-BB2A-11D4-8A6A-A82278B61260}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy GDR Creater For Series 60 --> "C:\Program Files\Easy GDR Creater For Series 60\uninstall.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Freecorder Toolbar --> C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
gBurner --> "C:\Program Files\gBurner\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
KGB Archiver 1.2.1.24 --> "C:\Program Files\KGB Archiver\unins000.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Metal Gear Solid 2 - 1 ScreenSaver --> C:\WINDOWS\Metal Gear Solid 2 - 1.scr /U
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Ent

[kahdah]

Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on fix.
Rescan again and it should say all associations ok.
==================================
The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir
=======================
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

(Note:If the Recovery Console fails to install then do not proceed rather alert me and post back here we will continue)

[shadow17]

Combo Fix log :-


ComboFix 08-07-26.1 - marwaa 2008-07-27 22:34:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.973.1033.18.185 [GMT 3:00]
Running from: C:\Documents and Settings\marwaa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 597613 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Documents and Settings\marwaa\Application Data\macromedia\Flash Player\#SharedObjects\NUEM6V3X\interclick.com
C:\Documents and Settings\marwaa\Application Data\macromedia\Flash Player\#SharedObjects\NUEM6V3X\interclick.com\ud.sol
C:\Documents and Settings\marwaa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\marwaa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\Uninstall.exe
C:\WINDOWS\BM07b2522b.txt
C:\WINDOWS\erms.exe
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\kvxqmtre.dll
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\qndsfmao.dll
C:\WINDOWS\system32\agiqjioe.dll
C:\WINDOWS\system32\ataxhgpj.dll
C:\WINDOWS\system32\byXPIbya.dll
C:\WINDOWS\system32\cologsver.exe
C:\WINDOWS\system32\drivers\Kqv27.sys
C:\WINDOWS\system32\dvntjdys.dll
C:\WINDOWS\system32\fjnhhmml.ini
C:\WINDOWS\system32\fuhydsbl.dll
C:\WINDOWS\system32\GjTEOqru.ini
C:\WINDOWS\system32\GjTEOqru.ini2
C:\WINDOWS\system32\google.dll
C:\WINDOWS\system32\hgGyvSLF.dll
C:\WINDOWS\system32\hiuvqprb.dll
C:\WINDOWS\system32\huxbseyv.dll
C:\WINDOWS\system32\iuwsrihw.ini
C:\WINDOWS\system32\kcvvlkeu.ini
C:\WINDOWS\system32\kklnhdmg.dll
C:\WINDOWS\system32\levxwvuh.dll
C:\WINDOWS\system32\lmmhhnjf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnjbostg.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\ndfxcsbu.dll
C:\WINDOWS\system32\ostgslhv.dll
C:\WINDOWS\system32\qoMccATn.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\sydjtnvd.ini
C:\WINDOWS\system32\TsssYcdd.ini
C:\WINDOWS\system32\TsssYcdd.ini2
C:\WINDOWS\system32\uCJPAJlm.ini
C:\WINDOWS\system32\uCJPAJlm.ini2
C:\WINDOWS\system32\ueklvvck.dll
C:\WINDOWS\system32\urqOETjG.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vrgjctit.ini
C:\WINDOWS\system32\wqdcanfx.dll
C:\WINDOWS\system32\xcpnmgig.dll
C:\WINDOWS\system32\xfnacdqw.ini
C:\WINDOWS\yoursearchnet_com.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kqv27
-------\Service_Kqv27
-------\Service_kqv27
-------\Service_Binary file SvcDump matches


((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 15:13 . 2008-07-27 15:13 <DIR> d-------- C:\Deckard
2008-07-27 15:05 . 2008-07-27 15:05 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-07-26 16:36 . 2008-07-26 16:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 22:55 . 2008-07-22 23:29 43,813 --ahs---- C:\WINDOWS\system32\tkenhfcj.ini
2008-07-22 22:54 . 2008-07-27 22:32 110,483 --a------ C:\WINDOWS\BM07b2522b.xml
2008-07-22 22:48 . 2008-07-22 22:58 <DIR> d-------- C:\Documents and Settings\marwaa\Application Data\uTorrent
2008-07-22 22:47 . 2008-07-22 22:48 <DIR> d-------- C:\Program Files\uTorrent
2008-07-22 22:47 . 2008-07-17 13:14 155,648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-22 22:47 . 2008-07-27 22:50 85,050 --a------ C:\WINDOWS\system32\drivers\e6e9d858.sys
2008-07-19 22:46 . 2008-07-19 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 22:08 . 2008-07-19 22:08 <DIR> d-------- C:\Program Files\Bonjour
2008-07-19 21:47 . 2008-07-19 21:47 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-19 21:09 . 2008-07-19 21:09 <DIR> d-------- C:\Program Files\gBurner
2008-07-19 20:45 . 2008-07-19 20:45 <DIR> d-------- C:\Documents and Settings\marwaa\Application Data\ESET
2008-07-19 20:42 . 2008-07-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-18 20:28 . 2008-07-18 20:28 171,136 -rahs---- C:\grldr
2008-07-18 18:18 . 2008-07-26 22:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-18 18:18 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-18 18:18 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-18 18:18 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-18 18:18 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-16 20:28 . 2008-07-16 20:28 <DIR> d-------- C:\Program Files\7-Zip
2008-07-13 20:53 . 1999-09-10 14:06 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-07-13 20:53 . 1999-09-10 14:06 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-07-13 20:53 . 1999-09-10 14:06 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2008-07-13 20:53 . 1999-09-10 14:06 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2008-07-13 20:34 . 2008-07-13 20:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-08 13:46 . 2008-07-08 13:46 <DIR> d-------- C:\Program Files\CAPCOM
2008-07-07 10:40 . 2008-07-07 10:40 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-06 15:39 . 2008-07-19 19:44 <DIR> d-------- C:\Program Files\Anti-Leech
2008-07-05 20:47 . 2008-07-05 20:47 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-07-05 17:48 . 2008-07-05 17:48 <DIR> d-------- C:\Program Files\Trymedia
2008-07-03 15:56 . 2008-07-03 15:56 <DIR> d-------- C:\Documents and Settings\marwaa\Application Data\SporeCreatureCreator
2008-07-02 21:31 . 2008-07-02 21:31 <DIR> d-------- C:\Documents and Settings\marwaa\Application Data\skypePM
2008-07-02 21:31 . 2008-07-02 21:31 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-02 21:01 . 2008-07-02 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-02 14:27 . 2008-07-02 14:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-29 19:35 . 2008-06-29 19:35 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-06-28 00:45 . 2008-06-28 00:46 <DIR> d-------- C:\Documents and Settings\marwaa\dwhelper
2008-06-27 10:39 . 2008-07-01 09:35 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-23 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-22 21:03 --------- d-----w C:\Program Files\MSN Messenger
2008-07-19 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 16:45 --------- d-----w C:\Program Files\MagicISO
2008-07-19 16:43 --------- d-----w C:\Program Files\A123 Audio to Mp3 Amr aac ogg Converter
2008-07-17 21:17 --------- d-----w C:\Program Files\PowerISO
2008-07-16 18:13 --------- d-----w C:\Documents and Settings\marwaa\Application Data\dvdcss
2008-07-16 14:23 --------- d-----w C:\Program Files\Security Task Manager
2008-07-16 02:45 --------- d-----w C:\Documents and Settings\marwaa\Application Data\Free Download Manager
2008-07-13 17:34 --------- d-----w C:\Program Files\Common Files\Real
2008-07-02 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-24 14:25 --------- d--h--r C:\Documents and Settings\marwaa\Application Data\yahoo!
2008-06-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-24 12:47 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 15:23 --------- d-----w C:\Program Files\Globe7
2008-06-21 14:51 --------- d-----w C:\Documents and Settings\marwaa\Application Data\Globe7
2008-06-18 18:36 96,652 ----a-w C:\WINDOWS\Metal Gear Solid 2 - 1.scr
2008-06-18 18:36 404,511 -c--a-w C:\WINDOWS\Metal Gear Solid 2 - 1.exe
2008-06-18 18:36 28,672 -c--a-w C:\WINDOWS\gscr.dll
2008-06-16 07:33 --------- d-----w C:\Program Files\Free Download Manager
2008-06-13 13:10 272,128 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 00:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-28 15:06 --------- d-----w C:\Program Files\Freecorder
2008-05-28 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 06:16 --------- d-----w C:\Documents and Settings\marwaa\Application Data\MSN6
2007-11-25 12:51 6,144 -csha-w C:\Program Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
2008-04-02 09:27 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Hare.lnk]
backup=C:\WINDOWS\pss\Hare.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^Registration Prince of Persia T2T.LNK]
path=C:\Documents and Settings\marwaa\Start Menu\Programs\Startup\Registration Prince of Persia T2T.LNK
backup=C:\WINDOWS\pss\Registration Prince of Persia T2T.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^marwaa^Start Menu^Programs^Startup^systemID.pif]
path=C:\Documents and Settings\marwaa\Start Menu\Programs\Startup\systemID.pif
backup=C:\WINDOWS\pss\systemID.pifStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CS Update]
copy [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ac97Sound]
--a--c--- 2004-01-22 14:09 55808 C:\WINDOWS\system32\snddrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 10:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\istray]
--a------ 2008-06-10 21:22 1163656 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsystem]
--a--c--- 2004-01-22 14:09 55808 C:\WINDOWS\system32\snddrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-13 20:33 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra--c--- 2005-03-07 22:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra--c--- 2005-03-11 12:33 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AresChatServer"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Visualboy Advance\\VisualBoyAdvance.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys []
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S3 geebers12;geebers12;C:\Documents and Settings\marwaa\Desktop\Buffy Engine (REV 1007)\nvid888.sys []
S3 MzBot;MzBot;C:\MzBot.sys []
S3 serport;%USBFilterString%;C:\WINDOWS\system32\DRIVERS\usbgprs.sys [2004-11-24 08:23]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-02-18 10:29]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-02-18 10:29]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-02-18 10:29]
S3 usbanyka;Anyka USB Web Camera;C:\WINDOWS\system32\DRIVERS\UsbAnyka.sys [2006-10-27 14:39]
S3 XDva008;XDva008;C:\WINDOWS\system32\XDva008.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Program Files\Maple-Fun\Vicious\nvid999.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15cbb81c-0f9d-11dd-84f2-00138f3ef64b}]
\Shell\AutoRun\command - tio8x6.cmd
\Shell\explore\Command - tio8x6.cmd
\Shell\open\Command - tio8x6.cmd
.
Contents of the 'Scheduled Tasks' folder
2008-07-27 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job - s !8+C:\PROGRA1\SMARTD1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -Xmarwaa00 []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll
HKLM-Run-BM07b2522b - C:\WINDOWS\system32\ostgslhv.dll
HKLM-Run-048161b7 - C:\WINDOWS\system32\lmmhhnjf.dll
Notify-byxpqonm - byXpqonM.dll
MSConfigStartUp-048161b7 - C:\WINDOWS\system32\titcjgrv.dll
MSConfigStartUp-antivirus - C:\Program Files\VAV\vav.exe
MSConfigStartUp-BM07b2522b - C:\WINDOWS\system32\agiqjioe.dll
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-MSN - C:\WINDOWS\svchost.exe
MSConfigStartUp-PremierOpinion - c:\windows\system32\pmropn.exe
MSConfigStartUp-Userinit - C:\WINDOWS\system32\cologsver.exe
MSConfigStartUp-windows - C:\WINDOWS\system32\windows.exe
MSConfigStartUp-WindowsServicesStartup - C:\DOCUME~1\marwaa\LOCALS~1\Temp\svchost.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CrazyCoinsSetup - (no file)
MSConfigStartUp-Microsoft Update Machine - uuhdip.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = socks=
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Search - http://edits.mywebse...html?p=ZJfox000
O8 -: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 22:48:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet019\Services\¥ 5¥ 7° ê ¤ ¤ ¥ -1 ]
"ImagePath"="\??\C:\Program Files\Maple-Fun\Vicious\nvid999.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-27 23:12:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 20:11:06

Pre-Run: 4,507,328,512 bytes free
Post-Run: 4,500,549,632 bytes free

386 --- E O F --- 2008-07-09 06:57:35


Hijack this log :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:40 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.maplesea..../box_middle.gif

--
End of file - 4590 bytes

[kahdah]

I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
Avast
or
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir

as long as you only install one.
====================
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.





Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.


Please do not reboot your machine until we have reviewed the log.

[shadow17]

hey man
sorry for the late reply
my friend says his pc works fine i told him you must finish the rest but he says no
sorry can you please close this topic

[kahdah]

At request of the user this is closed