http://www.askhelpdesq.com Questions Answered - Info on tech support, health, travel questions and more..... Fri, 25 Jul 2008 04:05:00 +0000 http://wordpress.org/?v=2.2.1 en http://www.askhelpdesq.com/2008/07/24/explorerexe-problem-3/ http://www.askhelpdesq.com/2008/07/24/explorerexe-problem-3/#comments Fri, 25 Jul 2008 04:05:00 +0000 Jammerx2 http://www.daniweb.com/forums/thread136612.html This has been happening a lot. Everything keeps closing (desktop, taskbar) i can only see the current windows i have open. When i got to task manager it says explorer.exe is running and i can get it back for a bit by going to the file tab then run and typing explorer

Any ideas on what i should do? ]]> http://www.askhelpdesq.com/2008/07/24/explorerexe-problem-3/feed/ http://www.askhelpdesq.com/2008/07/24/windows-xp-restart-when-open-internet-browser/ http://www.askhelpdesq.com/2008/07/24/windows-xp-restart-when-open-internet-browser/#comments Fri, 25 Jul 2008 03:16:12 +0000 burt147 http://www.daniweb.com/forums/thread136609.html my computer keeps restarting by itself when I open any internet browsers, I run avast to check at start up and it came up with nothing, ccleaner, regcure and tuneup utilities, and checkdisk at startup, here is the log file from hijackthis, please help, thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:33 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 9499 bytes ]]> http://www.askhelpdesq.com/2008/07/24/windows-xp-restart-when-open-internet-browser/feed/ http://www.askhelpdesq.com/2008/07/24/compaq-presario-went-dead/ http://www.askhelpdesq.com/2008/07/24/compaq-presario-went-dead/#comments Thu, 24 Jul 2008 23:43:49 +0000 us4cityfolks http://www.daniweb.com/forums/thread136591.html I have a Compaq Presario 501NR that I bought from Best Buy in March of 2007. We went on a trip to New Orleans a couple of days ago and when I went to plugged it in at the Hilton, it would not power on. The battery has been bad, but the power cord usually turns it on fine. I have never had any problems with this laptop. I tried a new universal cord from Office Depot, but nothing still. The light comes on that shows the battery is still charging, but the on switch will do nothing. PLEASE HELP !!! ]]> http://www.askhelpdesq.com/2008/07/24/compaq-presario-went-dead/feed/ http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/ http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/#comments Thu, 24 Jul 2008 21:20:45 +0000 capnkiki01 http://www.daniweb.com/forums/thread136573.html I have an hp pavilion zv6000. When I turn it on the hp screen comes up for a few seconds then a black screen comes up with a flashing cursor at the top left. The computer stays on but doesn't repond to anything. The bios menu works with F10 at the hp screen, I tried to do the hdd self-test but it gets stuck at 10% and won't finish. Any ideas? ]]> http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/feed/ http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/ http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/#comments Thu, 24 Jul 2008 21:20:45 +0000 capnkiki01 http://www.daniweb.com/forums/thread136573.html I have an hp pavilion zv6000. When I turn it on the hp screen comes up for a few seconds then a black screen comes up with a flashing cursor at the top left. The computer stays on but doesn't repond to anything. The bios menu works with F10 at the hp screen, I tried to do the hdd self-test but it gets stuck at 10% and won't finish. Any ideas? ]]> http://www.askhelpdesq.com/2008/07/24/after-hp-screen-flashes-on-startup-black-screen-with-cursor/feed/ http://www.askhelpdesq.com/2008/07/24/no-desktop-no-taskbar-all-logs-inside/ http://www.askhelpdesq.com/2008/07/24/no-desktop-no-taskbar-all-logs-inside/#comments Thu, 24 Jul 2008 20:44:54 +0000 Jammerx2 http://www.daniweb.com/forums/thread136569.html Ok after i got rid of this other malware/virus. I see this other person having the same problem http://ask.metafilter.com/81308/Why-...-keep-crashing . It starts at boot time but usually when i open up ie explorer, opera it seems to close. If i go to CTRL+ALT+DEL menu to processes explorer.exe is still there. I can get it back for a while (i had to to get to this browser) by ending explorer.exe and going to file then run and typing in explorer. I posted all my logs in my last post for viruses and i'll pot them again here.


Thankyou in advance for your help.

I put large spaces in between each log because it was to cluttered =)



Malware Bytes Log

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.0.2195 Service Pack 4

12:18:34 PM 7/24/2008
Malwarebytes Log

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119794
Time elapsed: 2 hour(s), 19 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooofe (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bosv (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acf5173c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.

Folders Infected:
C:\WINNT\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images (Trojan.FakeAlert) -> No action taken.

Files Infected:
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wjsmmyrf.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\rtlfktcx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\xctkfltr.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\srltaapd.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\dpaatlrs.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Quick Batch File Compiler\Setup_ver1.113.0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Quick Batch File Compiler\stubc.dll (Adware.Agent) -> No action taken.
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\edgq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\dtyhilky.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\ofvavbgl.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\owzooz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\phxdiu.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tgpspkqh.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tkqipbmb.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vmkfbz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wmbxytfy.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vtUonlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> No action taken.










Eset Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3293 (20080723)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a4b65fb3fa61494aa594bd3a8ae61562
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-07-24 06:06:01
# local_time=2008-07-24 02:06:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.0.2195 NT Service Pack 4
# scanned=344217
# found=13
# scan_time=6325
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »BnnnnBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »VaannnaaBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dnnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Bnnnnn.class Java/ClassLoader.AS trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Den.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Din.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dun.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\stubc.dll probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe Win32/Adware.IeDefender.NGJ application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINNT\system32\iefilter.dll Win32/Adware.IeDefender.NGJ application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar Win32/Jeefo.A virus (deleted) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar »RAR »AncientFixed.exe Win32/Jeefo.A virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000











HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6820 bytes











Main.txt (DSS LOG)

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-24 12:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 224 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6820 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\winnt\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\winnt\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R0 viamraid - c:\winnt\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
R2 GBFSHook - c:\winnt\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
R2 npkcrypt - d:\josh from c\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 viagfx - c:\winnt\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>

S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>

S2 avg8emc (AVG8 E-mail Scanner) -
S2 avg8wd (AVG8 WatchDog) -
S2 NetCM (Network Connection Manager) -
S2 PowerManager (Power Manager) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 17:00:01 446 --a------ C:\WINNT\Tasks\RegCure Program Check.job
2008-07-17 10:06:20 380 --a------ C:\WINNT\Tasks\RegCure.job
2008-07-15 18:19:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-24 and 2008-08-24 -----------------------------

2008-08-24 12:48:02 94848 --a------ C:\WINNT\system32\arjekrfa.dll
2008-08-24 12:47:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-08-24 12:47:20 347 --ahs---- C:\WINNT\system32\QYcKknmp.ini2
2008-08-24 12:47:14 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
2008-08-23 14:02:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-08-23 13:34:48 0 d-------- C:\Program Files\Trend Micro
2008-08-23 13:22:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a0.dat
2008-08-22 13:25:27 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 13:25:13 0 d-------- C:\Program Files\Vbsedit
2008-08-22 12:32:00 0 d-------- C:\Xfire
2008-07-24 12:20:05 0 d-------- C:\DrWatson
2008-07-24 00:14:05 0 d-------- C:\Program Files\EsetOnlineScanner


-- Find3M Report ---------------------------------------------------------------

2008-08-24 12:48:22 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-22 16:38:51 0 d-------- C:\Program Files\GetRight
2008-07-24 12:36:56 832650 ---h----- C:\WINNT\ShellIconCache
2008-07-24 12:19:43 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-07-23 22:51:40 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-23 22:51:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 17:48:41 0 d-------- C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 17:23:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-07-23 17:20:46 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 14:04:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ac.dat
2008-07-23 13:01:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_228.dat
2008-07-23 00:55:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_210.dat
2008-07-22 23:47:13 33152 -----n--- C:\WINNT\system32\nnnooOfe.dll
2008-07-22 20:48:17 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files\Adaptec Shared
2008-07-21 23:01:11 0 d-------- C:\Program Files\BOTS
2008-07-21 18:11:43 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-07-21 17:31:46 0 d-------- C:\Program Files\IzPack
2008-07-21 17:17:07 0 d-------- C:\Program Files\Launch4j
2008-07-17 18:19:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1264.dat
2008-07-17 17:48:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-07-17 13:21:47 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-17 13:21:05 0 d-------- C:\Program Files\Video DVD Maker
2008-07-16 18:53:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 13:20:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 10:13:05 0 d-------- C:\Program Files\wise DVD Creator 8.0
2008-07-15 18:19:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3d8.dat
2008-07-15 17:13:23 0 d-a------ C:\Program Files\iPod
2008-07-15 16:53:45 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 16:52:37 0 d-a------ C:\Program Files\iTunes
2008-07-15 15:40:29 0 d-------- C:\Program Files\FinalBurner
2008-07-15 15:07:05 0 d-------- C:\Program Files07DVD
2008-07-15 13:20:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:01:39 0 d-a------ C:\Program Files\QuickTime
2008-07-15 12:57:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 12:55:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_440.dat
2008-07-15 12:54:08 0 d-------- C:\Program Files\VideoLAN
2008-07-15 10:43:53 0 d-------- C:\Program Files\MP3 Rocket
2008-07-15 10:42:47 0 d-a------ C:\Program Files\Java
2008-07-15 10:41:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Sun
2008-07-13 13:12:26 0 d-a------ C:\Program Files\Common Files\Pure Networks Shared
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-08 15:10:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_214.dat
2008-07-08 15:07:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 13:06:59 0 d-------- C:\Program Files\uTorrent
2008-06-30 14:05:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1fc.dat
2008-06-29 22:34:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-06-23 08:52:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2008-06-22 14:51:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_204.dat
2008-05-30 14:01:24 80896 --a------ C:\WINNT\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-05-25 17:02:06 47 --a------ C:\WINNT\system32\setpath.bat
2008-05-24 22:30:13 2147483647 --ahs---- C:\gobackio.bin
2008-05-24 21:32:43 15012 --a------ C:\WINNT\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D63DFB8-719C-4B43-8E2F-7593657BA76A}]
08/24/08 12:47p 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
07/22/08 11:47p 33152 --------- C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1D2F57A-9944-435E-A16F-CA98B29D8884}]
C:\WINNT\system32\yayaAQiH.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [07/08/08 11:59a 683464]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [05/03/02 10:40a]
"VTTimer"="VTTimer.exe" [03/08/05 03:33a C:\WINNT\system32\VTTimer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/08 07:19p]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/08 05:20p]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/08 10:32a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/06 04:24p]
"acf5173c"="C:\WINNT\system32\arjekrfa.dll" [08/24/08 12:48p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [09/04/07 07:40p]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/08/08 12:22p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/8/2008 12:24:43 PM]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [6/6/2008 11:29:38 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINNT\system32\nnnooOfe.dll [07/22/08 11:47p 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooOfe]
nnnooOfe.dll 07/22/08 11:47p 33152 C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\pmnkKcYQ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------














Extra.txt (DSS LOG)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 94%
Physical Memory (total/avail): 223.43 MiB / 11.72 MiB
Pagefile Memory (total/avail): 537.57 MiB / 187.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.09 GiB total, 21.43 GiB free.
D: is Fixed (FAT32) - 38.59 GiB total, 13.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.6 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSH
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.CORRINA-GFYHSR2
LOGONSERVER=\\JOSH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
USERDOMAIN=JOSH
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator.CORRINA-GFYHSR2 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" -Control_Panel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch File Compiler Professional Edition v4.0 DEMO --> C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO\uninstall.exe
BOTS --> "C:\Program Files\InstallShield Installation Information\{22D56257-DE33-4C7D-817B-C2DE69FE953C}\setup.exe" -runfromtemp -l0x0009 -removeonly
CakeStory --> D:\Josh from C\MapleStory\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar --> C:\Program Files\DAEMON Tools Toolbar\uninst.exe
ESET Online Scanner --> C:\WINNT\system32\OnlineScannerUninstaller.exe
GetRight --> "C:\Program Files\GetRight\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hirc --> "C:\Program Files\Hirc\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
IzPack 4.0.1 --> "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" -jar "C:\Program Files\IzPack\uninstaller\uninstaller.jar"
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch4j 3.0.1 --> C:\Program Files\Launch4j\uninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
Network Magic --> C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Quick Batch File Compiler 3.16 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> D:\Josh from C\RegCure\uninst.exe
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Vbsedit --> MsiExec.exe /X{C8BC7F74-65A7-428F-80C6-D8034103781C}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Video DVD Maker v3.9.0.20 --> "C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1762 / Error
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.101 on the
Network Card with network address 00142A306FFB.

Event Record #/Type1761 / Warning
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142A306FFB. The following
error occured:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1760 / Error
Event Submitted/Written: 08/24/2008 00:45:37 PM / 08/24/2008 00:45:38 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9153AB1E-30DC-4D11-.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------
















SmitFraud Log

SmitFraudFix v2.331

Scan done at 13:13:27.00, Sun 08/24/2008
Run from C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.COR\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End ]]> http://www.askhelpdesq.com/2008/07/24/no-desktop-no-taskbar-all-logs-inside/feed/ http://www.askhelpdesq.com/2008/07/24/wwwmobilestreetnet/ http://www.askhelpdesq.com/2008/07/24/wwwmobilestreetnet/#comments Thu, 24 Jul 2008 15:39:49 +0000 rehmanmajestic http://www.askhelpdesq.com/2008/07/24/wwwmobilestreetnet/ WWW.MOBILESTREET.NET the largest collection of Mobile Themes, Games,Videos,Softwares,islamic section and many more…..Have a Fun Here No Tags]]> http://www.askhelpdesq.com/2008/07/24/wwwmobilestreetnet/feed/ http://www.askhelpdesq.com/2008/07/24/wont-reboot-after-partition-made-active/ http://www.askhelpdesq.com/2008/07/24/wont-reboot-after-partition-made-active/#comments Thu, 24 Jul 2008 12:06:21 +0000 neilo19 http://www.daniweb.com/forums/thread136481.html Hello ,
I did something stupid and made a partitiion active and now it wont reboot (it says bootmgr missing) - Is there a way i can revert the partition back to its original state .

Thanks
neil ]]> http://www.askhelpdesq.com/2008/07/24/wont-reboot-after-partition-made-active/feed/ http://www.askhelpdesq.com/2008/07/24/quick-check/ http://www.askhelpdesq.com/2008/07/24/quick-check/#comments Thu, 24 Jul 2008 09:47:40 +0000 kevin wood http://www.daniweb.com/forums/thread136461.html my comp was very badly infected a couple of weeks ago i am now just checking to see if i am still all in the clear and my comp is infection free. here is a copy of my hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:53, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10141 bytes ]]> http://www.askhelpdesq.com/2008/07/24/quick-check/feed/ http://www.askhelpdesq.com/2008/07/23/revived-hp-pav-troubles/ http://www.askhelpdesq.com/2008/07/23/revived-hp-pav-troubles/#comments Thu, 24 Jul 2008 05:59:31 +0000 thia http://www.daniweb.com/forums/thread136412.html This is my first post, I hope I'm in the right spot. Here is my deal:
1.- Got a hold of an HP Pavilion a642n which was already abandoned by the owner as unfixable and replaced by a new DELL.
2.- Plugged it on and it purred on past the Windows XP HOME EDITION banner, went into Checkdisk and proceeded to record numerous bad allocations, fast job and just as fast it quit! Just went black until I turned off.
3.-Like a nut, eager to put apart my new toy, I didn't hesitate, I tored into that case, disassemble the HDD and plugged it into my VISTA Comp. Surprise! It did the same thing, it went into Checkdisk only this time Checkdisk fixed all problems and it booted! HalleluYah!
4.- Perhaps I sang victory too soon for when I plugged the drive back into the HP computer it no longer booted, but, then I realized that I had the option to press F10 and let HP take care of restoring the original config and finally it booted perfectly.
5.-When it started the recovered XP HOME EDITION I began to clean up everything including the registry. I wanted to install the free AVG 8 ANTIVIRUS and it required the service pack 2. I installed the pack but I didn't installed any other updates prior to it. After Service Pack 2 installation it attempted to restar Windows. This was the first restar since the recovery.
6.- As it was supposed to restar it only shut Windows, flashed a "NO SIGNAL" error and went into a black screen but it didn't restar.
7.- Turned off comp. after a while and then on. It began reboot process flashed HP banner then a black screen then a line with a series of vertical lines, it took a while but eventually it went through the whole line of vertical lines, flashed the Windows XP logo and finally got to the Welcome and desktop.
8.-Tried to restar again. Same No Signal error. Turned Off and On and this time I pressed F10 again and recover the system a second time.
9.- This time when it finally opened Windows I just clicked to install updates. It installed 61 updates and required restar. Same situation with the NO SIGNAL error.
10,- Turned off and on and when it eventually loaded Windows after the line of vertical lines and all flashes of Windows banners and Welcome screen.
11.- This time it wanted to install updates again. I clicked to install updates. It installed 1 update: Windows Service Pack 2 and went into restar and No Signal error again.
12.-This time when it went into desktop it flashed, "your computer might be at risk, no Antivirus." I proceeded to install the Free Avg 8 and googled the 'NO SIGNAL ERROR" clicked the first link and got to your site.
13.- I connected my USB printer and printed the posts about the NO SIGNAL error. I followed all instructions to a point for the Video card is stuck and I can't get it off the PCI slot. I did pressed and made sure that the card was properly seated and checked the cable. The cable connector is missing one little prong so I plugged the comp. to a brand new monitor with the same results, so it's not the monitor's fault.
14.- So, I registered and now I'm posting this in hopes that somebody can figure out what should I do next to get the computer to restar on its own.
15.- I would like to check the MB but I don't know how. I'm taking an A+ CERTIFICATION course on line and I'm learning the way but I got a long ways to go. This situation with the HP computer is one of the issues I'm dealing with. I am 69 years old, a writer and believer of the WAY of Yahushua, our Savior. I'm not into religion just living this blessed life style which includes the computer world. I've been dealing with these machines since 1985 on my own and this is kind of the first time that I am seeking professional help and, blessed I am to have found your site. I want to learn the technical in and outs of the computer world in order to help out all my pauper friends who had no money or time to fix their mess up computers. It's sort like a ministry and a well needed service in my midst. Pray that you all brilliant gurus take pity on me and help me out in this endeavor.
Thanks,
thia ]]> http://www.askhelpdesq.com/2008/07/23/revived-hp-pav-troubles/feed/ http://www.askhelpdesq.com/2008/07/23/infected-with-hoaxwin32renosvaoz-please-help/ http://www.askhelpdesq.com/2008/07/23/infected-with-hoaxwin32renosvaoz-please-help/#comments Thu, 24 Jul 2008 00:28:03 +0000 sebber http://www.daniweb.com/forums/thread136372.html Hi there,

This is my first post and I have already found this post extremely helpful. It's made a tough situation a lot easier.

I bought a brand new PC last week and was online last night. Everything was going fantastically. The PC was running slickly and I was being extra careful in what programs I was installing.

Anyway, whilst browsing last night I was struck by a huge virus/malware "hijack" which threw my PC into a tailspin. Have never encountered anything like this before. While over the last 24 hours I have tried a number of the fixes suggested - ATF Cleaner, ComboFix, Malwarebytes, DSS (which won't run) and HiJackThis. I have also used CCleaner, Registry Mechanic, Rogue Remover - I still haven't nailed it. You could say it's overkill!

The edge has certainly been taken off the virus, but the PC is now running quite sluggishly. This is a huge disappointment, naturally. I have used my pre-installed software, BitDefender 2008, and then downloaded and used AVG anti-virus.

Below I have included ALL my scans, in the hope that some kind soul will be able to help me. It would be most appreciated and I would be happy to donate to the forum.

I have also used the online "free scan" version of Kaspersky. Most of the programs report that the system is clean, but Kaspersky's online scan reported the following:

Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 21:51:10
Records in database: 999411
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Paul\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned 53731
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 00:38:03

File name Threat name Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\Tools\Restart.exe Infected: not-a-virus:RiskTool.Win32.Reboot.j 1
The selected area was scanned.
-----------------------------------------------------------------

ComboFix 08-07-22.4 - Paul 2008-07-23 11:27:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2360 [GMT 1:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jenna\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Paul\Application Data\inst.exe
C:\Documents and Settings\Paul\Favorites\Error Cleaner.url
C:\Documents and Settings\Paul\Favorites\Privacy Protector.url
C:\Documents and Settings\Paul\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\system32\erpyiciv.dll
C:\WINDOWS\system32\iifeBspN.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnmJyA.dll
C:\WINDOWS\system32\qrBacfii.ini
C:\WINDOWS\system32\qrBacfii.ini2
C:\WINDOWS\system32\viciypre.ini

----- BITS: Possible infected sites -----

http://au.download.windowsupdaj+|Cv+@J:NGD_DQ{zcxLJS@a,D$@!
.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 03:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-23 03:40 . 2008-07-23 03:41 <DIR> d-------- C:\Program Files\Java
2008-07-23 03:40 . 2008-07-23 03:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-23 03:03 . 2008-07-23 03:54 3,986 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 03:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 03:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 03:02 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 03:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 03:02 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 03:02 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 03:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-23 03:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 03:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 02:35 . 2008-07-23 11:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-23 02:33 . 2008-07-23 02:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-23 02:33 . 2008-07-23 02:33 <DIR> d-------- C:\Program Files\AVG
2008-07-23 02:33 . 2008-07-23 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 02:33 . 2008-07-23 02:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-23 02:33 . 2008-07-23 02:33 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-23 02:33 . 2008-07-23 02:33 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-23 02:33 . 2008-07-23 02:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-23 02:07 . 2008-07-23 02:08 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-23 01:42 . 2008-07-23 01:42 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-23 01:39 . 2008-07-23 01:39 323,648 --a------ C:\WINDOWS\system32\iifcaBrq.dll
2008-07-22 20:09 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-22 20:08 . 2008-07-22 22:08 <DIR> d-------- C:\Program Files\Audible
2008-07-22 20:08 . 2008-07-22 20:08 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-07-22 20:07 . 2008-07-22 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-07-22 20:05 . 2008-07-22 20:05 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-07-22 02:53 . 2008-07-22 22:05 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Creative
2008-07-22 02:48 . 2008-07-22 02:49 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-07-22 02:48 . 2008-07-22 20:09 <DIR> d-------- C:\Program Files\Creative
2008-07-22 02:48 . 2008-07-22 02:48 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-07-22 02:48 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-07-22 02:48 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-07-22 00:20 . 2008-07-22 01:26 <DIR> d-------- C:\Program Files\Arachnophilia
2008-07-21 23:33 . 2008-07-21 23:33 78 --a------ C:\WINDOWS\Numerical
2008-07-21 22:00 . 2008-07-21 22:00 76 --a------ C:\WINDOWS\Spatial
2008-07-20 02:04 . 2008-07-20 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-20 01:58 . 2008-07-20 01:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-20 01:57 . 2008-04-07 05:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-07-20 01:57 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-07-20 01:53 . 2008-07-20 01:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-20 00:38 . 2008-07-20 00:46 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-20 00:37 . 2008-07-20 00:38 <DIR> d-------- C:\Program Files\CCleaner
2008-07-19 21:19 . 2008-07-22 17:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\CopyToDvd
2008-07-19 21:01 . 2008-07-19 21:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-19 21:00 . 2008-07-19 21:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-19 21:00 . 2008-07-22 02:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-19 20:51 . 2008-07-22 23:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-19 20:51 . 2008-07-19 20:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-19 18:12 . 2008-07-19 21:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-19 18:12 . 2008-07-19 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 12:04 . 2008-07-19 12:04 <DIR> d-------- C:\Program Files\dvd43
2008-07-19 12:04 . 2008-07-19 12:04 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-07-19 11:55 . 2008-07-19 11:55 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\DivX
2008-07-19 11:14 . 2008-07-21 23:32 74 --a------ C:\WINDOWS\Logic
2008-07-19 03:13 . 2008-07-19 03:13 82 --a------ C:\WINDOWS\Getting Started.htm
2008-07-19 03:13 . 2008-07-21 22:00 75 --a------ C:\WINDOWS\Verbal
2008-07-19 03:13 . 2008-07-21 23:41 75 --a------ C:\WINDOWS\Memory
2008-07-19 02:29 . 2008-07-19 03:11 76 --a------ C:\WINDOWS\1
2008-07-19 02:27 . 2008-07-19 03:05 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer
2008-07-19 02:27 . 2008-07-19 02:27 <DIR> d-------- C:\Program Files\Mindscape
2008-07-19 02:19 . 2008-07-19 02:19 <DIR> d-------- C:\Program Files\PowerISO
2008-07-19 01:11 . 2008-07-19 01:11 <DIR> d-------- C:\Program Files\Brain Spa
2008-07-19 01:11 . 2008-07-19 01:11 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Ubisoft
2008-07-19 00:09 . 2008-07-21 21:59 729 --a------ C:\WINDOWS\0
2008-07-19 00:09 . 2008-07-21 21:59 73 --a------ C:\WINDOWS\Times New Roman
2008-07-18 23:31 . 2008-07-18 23:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-18 23:30 . 2001-08-17 22:43 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-18 23:28 . 2008-07-18 23:28 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\CyberLink
2008-07-18 23:13 . 2008-07-18 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-18 23:08 . 2008-07-18 23:08 31 --a------ C:\WINDOWS\papp.ini
2008-07-18 22:38 . 2008-07-18 22:38 32 --a------ C:\WINDOWS\PracticalTest.ini
2008-07-18 21:59 . 2008-07-18 21:59 <DIR> d-------- C:\Program Files\Absolute Media Software
2008-07-18 01:17 . 2008-07-18 01:17 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Ahead
2008-07-18 01:16 . 2008-07-18 01:16 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\DivX
2008-07-18 01:11 . 2008-07-18 01:11 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\BitDefender
2008-07-18 01:11 . 2008-07-23 03:58 <DIR> d-------- C:\Documents and Settings\Jenna
2008-07-18 01:06 . 2008-07-18 01:06 <DIR> d-------- C:\Program Files\Moss Bay Software
2008-07-18 00:48 . 2008-07-18 00:48 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Systweak
2008-07-18 00:38 . 2008-07-18 00:38 <DIR> d-------- C:\Documents and Settings\Paul\Downloads
2008-07-18 00:37 . 2008-07-18 00:37 <DIR> d-------- C:\Program Files\NewsLeecher
2008-07-18 00:37 . 2008-07-18 01:07 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\NewsLeecher
2008-07-18 00:30 . 2008-07-18 00:30 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-18 00:30 . 2008-07-19 01:33 <DIR> d-------- C:\Program Files\DivX
2008-07-18 00:30 . 2008-07-18 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-07-18 00:28 . 2008-07-18 00:44 <DIR> d-------- C:\Program Files\Neuro-Programmer 2 Professional
2008-07-18 00:27 . 2008-07-18 23:19 <DIR> d-------- C:\Program Files\Cyberlink
2008-07-18 00:26 . 2008-07-18 00:26 <DIR> d-------- C:\Program Files\QuickTime
2008-07-18 00:24 . 2008-07-18 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-18 00:23 . 2008-07-18 00:23 <DIR> d-------- C:\MyWorks
2008-07-17 23:28 . 2008-07-17 23:28 <DIR> d-------- C:\Program Files\Driving Test Success 2006-2007
2008-07-17 23:28 . 2008-07-18 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Driving Test Success
2008-07-17 23:24 . 2008-07-17 23:24 <DIR> d-------- C:\{3B07D847-8077-4242-91C7-DFA3CE5113E0}
2008-07-17 23:23 . 2008-07-17 23:24 <DIR> d-------- C:\MWASPI
2008-07-17 23:23 . 2008-07-17 23:23 133 --a------ C:\WINDOWS\msfsetup.ini
2008-07-17 23:20 . 2008-07-17 23:20 <DIR> d-------- C:\Program Files\PIXELA
2008-07-17 23:20 . 2008-07-17 23:20 <DIR> d-------- C:\Program Files\Caplio Software
2008-07-17 23:13 . 2008-07-17 23:15 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-07-17 22:58 . 2008-07-17 22:58 <DIR> d-------- C:\Program Files\XviD
2008-07-17 22:58 . 2008-07-19 11:58 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-07-17 22:58 . 2006-08-23 22:08 1,839,104 --a------ C:\WINDOWS\system32\avcodec-51.dll
2008-07-17 22:57 . 2008-07-19 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-07-17 22:56 . 2008-07-17 22:56 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-07-17 22:53 . 2008-07-17 22:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 22:50 . 2008-07-17 22:50 <DIR> d-------- C:\Program Files\VSO
2008-07-17 22:50 . 2008-07-22 17:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Vso
2008-07-17 22:50 . 2008-07-17 22:50 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 22:50 . 2008-07-17 22:50 47,360 --a------ C:\Documents and Settings\Paul\Application Data\pcouffin.sys
2008-07-17 22:38 . 2008-07-23 04:47 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-17 22:31 . 2008-07-17 22:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-17 22:31 . 2005-08-25 21:00 140,288 --a------ C:\WINDOWS\system32\CNMLM7L.DLL
2008-07-17 22:31 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-17 22:31 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-17 22:31 . 2005-08-25 21:00 8,704 --a------ C:\WINDOWS\system32\CNMVS7L.DLL
2008-07-17 22:30 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-17 22:30 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-17 22:30 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-17 22:30 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ScanSoft
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 21:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 16:52 --------- d-----w C:\Program Files\VIA
2008-07-14 16:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 22:43 111,992 ----a-w C:\WINDOWS\system32\acaptuser32.dll
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02319437-08C3-4EE5-8DD3-BFAB00582FD1}]
2008-07-23 01:39 323648 --a------ C:\WINDOWS\system32\iifcaBrq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-17 22:04 160592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 13:00 15360]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 20:09 700416]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 16:41 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 10:51 811008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-15 15:26 360448]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-18 00:26 282624]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-05-19 15:24 91432]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 08:34 167936]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00 826880]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-23 02:33 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifcaBrq

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-23 02:33]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 08:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 04:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 08:26]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-23 02:33]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 02:33]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-23 02:33]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-08ef696d - C:\WINDOWS\system32\erpyiciv.dll
SSODL-kvxqmtre-{3C5E1F15-D12B-449E-BEB3-A800FE6FC549} - (no file)
SSODL-evgratsm-{2280B776-3099-4352-B500-399D6E8B90C5} - (no file)
Notify-ddcBSMgG - ddcBSMgG.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.com
O8 -: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 -: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:31:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\qrBacfii.ini 347 bytes
C:\WINDOWS\system32\qrBacfii.ini2 347 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iifcaBrq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-23 11:34:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 10:34:31

Pre-Run: 469,266,309,120 bytes free
Post-Run: 469,409,398,784 bytes free

302 --- E O F --- 2008-07-20 01:21:19


------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11, on 24/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =