Tech Support Forum - View Single Post

Naomi420 · 01-08-2008, 10:37 AM

sorry for this you must think im really ditsy lol but i really do appreciate you're help well the problem with going to download things like pandasoftware or any other big programs it takes way to long im lagging like anything my internet explorer doesnt work i have to use firefox and you cant get many online scans with that browser every time i try to open up a folder on my desktop a little triangle icon with a exclamation mark in the middle of it appears on my task bar either stating found errors on system or something like that then it automatically opens up internet explorer to a strange looking site i cant do system restore everytime i try it says system restore failed everything is running extremely slow but i did those steps you asked me to do i also ran dss with hijackthis i posted it after the main.txt and extra.txt hopefully i didn't forget anything but thank you so much i really do appreciate this help heres my new post hopefully this is what you needed

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-08 12:19:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
65: 2008-01-08 17:20:25 UTC - RP660 - Deckard's System Scanner Restore Point
64: 2008-01-06 18:24:04 UTC - RP659 - System Checkpoint
63: 2008-01-05 17:38:08 UTC - RP658 - System Checkpoint
62: 2008-01-04 15:40:20 UTC - RP657 - System Checkpoint
61: 2008-01-03 14:51:20 UTC - RP656 - System Checkpoint

-- First Restore Point --
1: 2007-10-23 09:08:36 UTC - RP596 - System restore point

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 120 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:12 p.m., on 1/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B} - C:\WINDOWS\System32\cryptdl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Compliant] gbloblqbw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136532715105
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/...vc32_EN_XP.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166267171419
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://us2-scripts.dlv4.com/binaries...s4_1059_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BIATCH
O17 - HKLM\Software\..\Telephony: DomainName = BIATCH
O17 - HKLM\System\CCS\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BIATCH
O17 - HKLM\System\CS1\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BIATCH
O20 - AppInit_DLLs:
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\
O21 - SSODL: BzZaPo - {743505B2-DE9F-AF18-D5D6-100483B085AB} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe
O24 - Desktop Component 0: Desktop Uninstall - (no file)

--
End of file - 5266 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; ahead software gmbh && its licensors; NERO IMAGEDRIVE SCSI Controller driver>
R0 sthpsstv - c:\windows\system32\drivers\gipddqup.dat
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsNT5.x)>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys

S1 alfacleaner - c:\windows\system32\drivers\hesvc.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver>
S3 KLIF - c:\progra~1\pctool~1\klif.sys (file missing)
S3 mohfilt (MOH Filter) - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel; Filter Driver to Support Modem-on-Hold>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MSWindows (Network Windows Service) - "c:\windows\system32\urdvxc.exe" /service

S4 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\pc-cillin 2000\tmntsrv.exe" <Not Verified; Trend Micro Inc.; Trend Pc-cillin 7.61>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-08 12:15:48 686630 --a------ C:\Program Files\dss.exe
2008-01-06 10:14:07 96256 --ahs---- C:\WINDOWS\System32\urdvxc.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-08 11:55:38 0 d-------- C:\Program Files\Full Tilt Poker
2008-01-08 05

58 0 d-------- C:\Program Files\Trend Micro
2008-01-06 10:42:37 0 --ahs---- C:\WINDOWS\System32\.exe
2007-11-29 06:15:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 06:15:33 0 d-------- C:\Program Files\Vodafone
2007-11-24 06:56:25 0 d-------- C:\Program Files\Common Files\Companion Wizard
2007-11-24 06:56:24 0 d-------- C:\Program Files\cmer_uninstallers
2007-11-24 06:56:23 0 d-------- C:\Program Files\Y!Deceasedv2.0b
2007-11-24 06:56:13 0 d-------- C:\Program Files\QuickTime
2007-11-17 06:25:42 0 d-------- C:\Program Files\Lavasoft
2007-11-17 06:22:35 0 d-a------ C:\Program Files\Common Files
2007-11-17 04:56:53 0 d-------- C:\Program Files\XoftSpySE
2007-11-17 04:56:48 0 d-------- C:\Program Files\SmitfraudFix
2007-11-17 04:56:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 04:56:28 0 d-------- C:\Program Files\Poker.com
2007-11-17 03:54:52 0 d-------- C:\Program Files\Enigma Software Group
2007-11-16 05:45:32 1502 --a------ C:\WINDOWS\System32\tmp.reg
2007-11-16 05:41:48 1043644 --a------ C:\Program Files\SmitfraudFix.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 p.m.]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Compliant"=gbloblqbw.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [11/2/2003 9:37:38 a.m.]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk]
backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk]
backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant]
gbloblqbw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]
C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32]
msgconfigrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO]
"C:\Program Files\Perfect Keyboard PRO\pk32.exe" /winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall]
sysgut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net

-- End of Deckard's System Scanner: finished at 2008-01-08 12:24:07 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Duron(tm) processor
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 119.48 MiB / 39.95 MiB
Pagefile Memory (total/avail): 288.38 MiB / 133.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1954.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 23.95 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Owner\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIATCH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LANG=C
LOGONSERVER=\\BIATCH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Mozilla Firefox
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 3 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0301
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=BIATCH
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Sharlene Hokianga.TROJANCREW
Owner (admin)
Administrator (admin)
Guest (new local, guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat Reader 3.0 --> C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\setup.exe" -l0x9 -uninst
AV Voice Changer Software 3.0 --> C:\PROGRA~1\AVVCS3~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS3~1.0\INSTALL.LOG
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
Computer Alarm Clock --> C:\PROGRA~1\COMPUT~2\UNWISE.EXE C:\PROGRA~1\COMPUT~2\INSTALL.LOG
Digital Camera Drivers --> MsiExec.exe /X{E9A2ECEB-CE47-4AB9-9ABC-29731A1F5733}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageDrive (ahead software) --> C:\WINDOWS\UNIDRV.exe /UNINSTALL
InCD (ahead software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Invisible Browsing 3.0 --> "C:\Program Files\Invisible Browsing\unins000.exe"
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Mavis Beacon Teaches Typing 9.0.0 --> C:\PROGRA~1\MINDSC~1\MAVISB~1\UNINST.EXE
Messenger Plus! --> "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /Uninstall
Microsoft Encarta Encyclopedia Standard - WE 2002 --> MsiExec.exe /I{01400202-823E-46CD-A70E-BEE818F97169}
Microsoft Money --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
PC-cillin 2000 --> MsiExec.exe /X{A839294B-70A9-11D5-9F5A-0050DAD742CD}
Perfect Keyboard PRO --> C:\Program Files\Perfect Keyboard PRO\uninst.exe
PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
Quick ShutDown --> C:\WINDOWS\unvise32.exe C:\Program Files\Quick ShutDown\uninstal.log
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 4.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VB Runtime --> C:\WINDOWS\system32\UNINSTAL.EXE /A /R C:\WINDOWS\system32\VBRunTme.LOG
VBRunDLL 3.0 --> C:\PROGRA~1\ZAKFRO~1\VBRunDLL\Setup.exe /remove
VideoEgg Publisher --> C:\Program Files\VideoEgg\Uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vodafone Mobile Connect Lite Runtime Components --> MsiExec.exe /X{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}
Voice Balancing System --> C:\Program Files\VoiceSync\vbs\Uninstal.exe
WinMX --> C:\Program Files\WinMX\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
YahELite 298 --> C:\PROGRA~1\YahELite\Setup.exe /remove
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type2554 / Error
Event Submitted/Written: 01/07/2008 07:16:54 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type2553 / Error
Event Submitted/Written: 01/07/2008 07:16:54 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type2552 / Error
Event Submitted/Written: 01/06/2008 10:41:54 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Event Record #/Type2551 / Error
Event Submitted/Written: 01/06/2008 10:14:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Event Record #/Type2550 / Error
Event Submitted/Written: 01/01/2008 09:28:51 AM / 01/01/2008 09:28:52 AM
Event ID/Source: 1015 / Perflib
Event Description:
The timeout waiting for the performance data collection function "PerfOS"
in the "C:\WINDOWS\System32\perfos.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type14167 / Error
Event Submitted/Written: 01/08/2008 00:13:40 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
%%127

Event Record #/Type14166 / Error
Event Submitted/Written: 01/08/2008 00:13:40 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP service failed to start due to the following error:
%%127

Event Record #/Type14165 / Error
Event Submitted/Written: 01/08/2008 00:13:21 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
%%127

Event Record #/Type14164 / Error
Event Submitted/Written: 01/08/2008 00:13:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP service failed to start due to the following error:
%%127

Event Record #/Type14161 / Error
Event Submitted/Written: 01/08/2008 00:13:16 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
alfacleaner
FltMgr

-- End of Deckard's System Scanner: finished at 2008-01-08 12:24:07 ------------

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-08 12:46:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 120 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:14 p.m., on 1/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B} - C:\WINDOWS\System32\cryptdl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Compliant] gbloblqbw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136532715105
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/...vc32_EN_XP.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166267171419
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://us2-scripts.dlv4.com/binaries...s4_1059_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BIATCH
O17 - HKLM\Software\..\Telephony: DomainName = BIATCH
O17 - HKLM\System\CCS\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BIATCH
O17 - HKLM\System\CS1\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BIATCH
O20 - AppInit_DLLs:
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\
O21 - SSODL: BzZaPo - {743505B2-DE9F-AF18-D5D6-100483B085AB} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe
O24 - Desktop Component 0: Desktop Uninstall - (no file)

--
End of file - 5287 bytes

-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-06 10:14:07 96256 --ahs---- C:\WINDOWS\System32\urdvxc.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-08 11:55:38 0 d-------- C:\Program Files\Full Tilt Poker
2008-01-08 05

58 0 d-------- C:\Program Files\Trend Micro
2008-01-06 10:42:37 0 --ahs---- C:\WINDOWS\System32\.exe
2007-11-29 06:15:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 06:15:33 0 d-------- C:\Program Files\Vodafone
2007-11-24 06:56:25 0 d-------- C:\Program Files\Common Files\Companion Wizard
2007-11-24 06:56:24 0 d-------- C:\Program Files\cmer_uninstallers
2007-11-24 06:56:23 0 d-------- C:\Program Files\Y!Deceasedv2.0b
2007-11-24 06:56:13 0 d-------- C:\Program Files\QuickTime
2007-11-17 06:25:42 0 d-------- C:\Program Files\Lavasoft
2007-11-17 06:22:35 0 d-a------ C:\Program Files\Common Files
2007-11-17 04:56:53 0 d-------- C:\Program Files\XoftSpySE
2007-11-17 04:56:48 0 d-------- C:\Program Files\SmitfraudFix
2007-11-17 04:56:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 04:56:28 0 d-------- C:\Program Files\Poker.com
2007-11-17 03:54:52 0 d-------- C:\Program Files\Enigma Software Group
2007-11-16 05:45:32 1502 --a------ C:\WINDOWS\System32\tmp.reg
2007-11-16 05:41:48 1043644 --a------ C:\Program Files\SmitfraudFix.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 p.m.]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Compliant"=gbloblqbw.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [11/2/2003 9:37:38 a.m.]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk]
backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk]
backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant]
gbloblqbw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]
C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32]
msgconfigrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO]
"C:\Program Files\Perfect Keyboard PRO\pk32.exe" /winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??????????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall]
sysgut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-01-08 12:48:06 ------------

01-08-2008, 10:37 AM	#8 (permalink)
Naomi420 Registered User Join Date: Jan 2008 Posts: 23 OS: xp	Re: Help Computer Is Dying sorry for this you must think im really ditsy lol but i really do appreciate you're help well the problem with going to download things like pandasoftware or any other big programs it takes way to long im lagging like anything my internet explorer doesnt work i have to use firefox and you cant get many online scans with that browser every time i try to open up a folder on my desktop a little triangle icon with a exclamation mark in the middle of it appears on my task bar either stating found errors on system or something like that then it automatically opens up internet explorer to a strange looking site i cant do system restore everytime i try it says system restore failed everything is running extremely slow but i did those steps you asked me to do i also ran dss with hijackthis i posted it after the main.txt and extra.txt hopefully i didn't forget anything but thank you so much i really do appreciate this help heres my new post hopefully this is what you needed Deckard's System Scanner v20071014.68 Run by Owner on 2008-01-08 12:19:59 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 65: 2008-01-08 17:20:25 UTC - RP660 - Deckard's System Scanner Restore Point 64: 2008-01-06 18:24:04 UTC - RP659 - System Checkpoint 63: 2008-01-05 17:38:08 UTC - RP658 - System Checkpoint 62: 2008-01-04 15:40:20 UTC - RP657 - System Checkpoint 61: 2008-01-03 14:51:20 UTC - RP656 - System Checkpoint -- First Restore Point -- 1: 2007-10-23 09:08:36 UTC - RP596 - System restore point Backed up registry hives. Performed disk cleanup. Total Physical Memory: 120 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:12 p.m., on 1/8/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\urdvxc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B} - C:\WINDOWS\System32\cryptdl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Compliant] gbloblqbw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136532715105 O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/...vc32_EN_XP.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166267171419 O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://us2-scripts.dlv4.com/binaries...s4_1059_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BIATCH O17 - HKLM\Software\..\Telephony: DomainName = BIATCH O17 - HKLM\System\CCS\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BIATCH O17 - HKLM\System\CS1\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BIATCH O20 - AppInit_DLLs: O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\ O21 - SSODL: BzZaPo - {743505B2-DE9F-AF18-D5D6-100483B085AB} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe O24 - Desktop Component 0: Desktop Uninstall - (no file) -- End of file - 5266 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; > R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; ahead software gmbh && its licensors; NERO IMAGEDRIVE SCSI Controller driver> R0 sthpsstv - c:\windows\system32\drivers\gipddqup.dat R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver> R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsNT5.x)> R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys S1 alfacleaner - c:\windows\system32\drivers\hesvc.sys (file missing) S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver> S3 KLIF - c:\progra~1\pctool~1\klif.sys (file missing) S3 mohfilt (MOH Filter) - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel; Filter Driver to Support Modem-on-Hold> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 MSWindows (Network Windows Service) - "c:\windows\system32\urdvxc.exe" /service S4 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\pc-cillin 2000\tmntsrv.exe" <Not Verified; Trend Micro Inc.; Trend Pc-cillin 7.61> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-12-08 and 2008-01-08 ----------------------------- 2008-01-08 12:15:48 686630 --a------ C:\Program Files\dss.exe 2008-01-06 10:14:07 96256 --ahs---- C:\WINDOWS\System32\urdvxc.exe -- Find3M Report --------------------------------------------------------------- 2008-01-08 11:55:38 0 d-------- C:\Program Files\Full Tilt Poker 2008-01-08 0558 0 d-------- C:\Program Files\Trend Micro 2008-01-06 10:42:37 0 --ahs---- C:\WINDOWS\System32\.exe 2007-11-29 06:15:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-29 06:15:33 0 d-------- C:\Program Files\Vodafone 2007-11-24 06:56:25 0 d-------- C:\Program Files\Common Files\Companion Wizard 2007-11-24 06:56:24 0 d-------- C:\Program Files\cmer_uninstallers 2007-11-24 06:56:23 0 d-------- C:\Program Files\Y!Deceasedv2.0b 2007-11-24 06:56:13 0 d-------- C:\Program Files\QuickTime 2007-11-17 06:25:42 0 d-------- C:\Program Files\Lavasoft 2007-11-17 06:22:35 0 d-a------ C:\Program Files\Common Files 2007-11-17 04:56:53 0 d-------- C:\Program Files\XoftSpySE 2007-11-17 04:56:48 0 d-------- C:\Program Files\SmitfraudFix 2007-11-17 04:56:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-17 04:56:28 0 d-------- C:\Program Files\Poker.com 2007-11-17 03:54:52 0 d-------- C:\Program Files\Enigma Software Group 2007-11-16 05:45:32 1502 --a------ C:\WINDOWS\System32\tmp.reg 2007-11-16 05:41:48 1043644 --a------ C:\Program Files\SmitfraudFix.exe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 p.m.] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Compliant"=gbloblqbw.exe C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [11/2/2003 9:37:38 a.m.] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "DisableCMD"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) "ForceActiveDesktopOn"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk] backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk] backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk] backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant] gbloblqbw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing] C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ?????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32] msgconfigrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO] "C:\Program Files\Perfect Keyboard PRO\pk32.exe" /winstart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ?????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall] sysgut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Tmntsrv"=2 (0x2) -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.pacimedia.com 127.0.0.1 www.exactsearch.net 127.0.0.1 www.contextplus.net 127.0.0.1 www.contextplus.net -- End of Deckard's System Scanner: finished at 2008-01-08 12:24:07 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 1.0 Architecture: X86; Language: English CPU 0: AMD Duron(tm) processor Percentage of Memory in Use: 66% Physical Memory (total/avail): 119.48 MiB / 39.95 MiB Pagefile Memory (total/avail): 288.38 MiB / 133.64 MiB Virtual Memory (total/avail): 2047.88 MiB / 1954.08 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.27 GiB total, 23.95 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 37.27 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\Owner\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BIATCH ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LANG=C LOGONSERVER=\\BIATCH NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Mozilla Firefox PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 3 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0301 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=BIATCH USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Sharlene Hokianga.TROJANCREW Owner (admin) Administrator (admin) Guest (new local, guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks\|RealPlayer\|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Acrobat Reader 3.0 --> C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\setup.exe" -l0x9 -uninst AV Voice Changer Software 3.0 --> C:\PROGRA~1\AVVCS3~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS3~1.0\INSTALL.LOG AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log" Computer Alarm Clock --> C:\PROGRA~1\COMPUT~2\UNWISE.EXE C:\PROGRA~1\COMPUT~2\INSTALL.LOG Digital Camera Drivers --> MsiExec.exe /X{E9A2ECEB-CE47-4AB9-9ABC-29731A1F5733} EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} ImageDrive (ahead software) --> C:\WINDOWS\UNIDRV.exe /UNINSTALL InCD (ahead software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL Invisible Browsing 3.0 --> "C:\Program Files\Invisible Browsing\unins000.exe" J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe" Mavis Beacon Teaches Typing 9.0.0 --> C:\PROGRA~1\MINDSC~1\MAVISB~1\UNINST.EXE Messenger Plus! --> "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /Uninstall Microsoft Encarta Encyclopedia Standard - WE 2002 --> MsiExec.exe /I{01400202-823E-46CD-A70E-BEE818F97169} Microsoft Money --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95} Microsoft Money System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1} Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06} Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\ Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704} Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517} Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL PC-cillin 2000 --> MsiExec.exe /X{A839294B-70A9-11D5-9F5A-0050DAD742CD} Perfect Keyboard PRO --> C:\Program Files\Perfect Keyboard PRO\uninst.exe PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG Quick ShutDown --> C:\WINDOWS\unvise32.exe C:\Program Files\Quick ShutDown\uninstal.log QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Registry Mechanic 4.0 --> "C:\Program Files\Registry Mechanic\unins000.exe" Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" VB Runtime --> C:\WINDOWS\system32\UNINSTAL.EXE /A /R C:\WINDOWS\system32\VBRunTme.LOG VBRunDLL 3.0 --> C:\PROGRA~1\ZAKFRO~1\VBRunDLL\Setup.exe /remove VideoEgg Publisher --> C:\Program Files\VideoEgg\Uninstall.exe Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Vodafone Mobile Connect Lite Runtime Components --> MsiExec.exe /X{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02} Voice Balancing System --> C:\Program Files\VoiceSync\vbs\Uninstal.exe WinMX --> C:\Program Files\WinMX\uninstall.exe WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall YahELite 298 --> C:\PROGRA~1\YahELite\Setup.exe /remove Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2554 / Error Event Submitted/Written: 01/07/2008 07:16:54 AM Event ID/Source: 8193 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Event Record #/Type2553 / Error Event Submitted/Written: 01/07/2008 07:16:54 AM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type2552 / Error Event Submitted/Written: 01/06/2008 10:41:54 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Event Record #/Type2551 / Error Event Submitted/Written: 01/06/2008 10:14:36 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Event Record #/Type2550 / Error Event Submitted/Written: 01/01/2008 09:28:51 AM / 01/01/2008 09:28:52 AM Event ID/Source: 1015 / Perflib Event Description: The timeout waiting for the performance data collection function "PerfOS" in the "C:\WINDOWS\System32\perfos.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type14167 / Error Event Submitted/Written: 01/08/2008 00:13:40 PM Event ID/Source: 7001 / Service Control Manager Event Description: The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: %%127 Event Record #/Type14166 / Error Event Submitted/Written: 01/08/2008 00:13:40 PM Event ID/Source: 7000 / Service Control Manager Event Description: The HTTP service failed to start due to the following error: %%127 Event Record #/Type14165 / Error Event Submitted/Written: 01/08/2008 00:13:21 PM Event ID/Source: 7001 / Service Control Manager Event Description: The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: %%127 Event Record #/Type14164 / Error Event Submitted/Written: 01/08/2008 00:13:21 PM Event ID/Source: 7000 / Service Control Manager Event Description: The HTTP service failed to start due to the following error: %%127 Event Record #/Type14161 / Error Event Submitted/Written: 01/08/2008 00:13:16 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: alfacleaner FltMgr -- End of Deckard's System Scanner: finished at 2008-01-08 12:24:07 ------------ Deckard's System Scanner v20071014.68 Run by Owner on 2008-01-08 12:46:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 85% (more than 75%). Total Physical Memory: 120 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:47:14 p.m., on 1/8/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\urdvxc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B} - C:\WINDOWS\System32\cryptdl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Compliant] gbloblqbw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136532715105 O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/...vc32_EN_XP.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166267171419 O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://us2-scripts.dlv4.com/binaries...s4_1059_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BIATCH O17 - HKLM\Software\..\Telephony: DomainName = BIATCH O17 - HKLM\System\CCS\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BIATCH O17 - HKLM\System\CS1\Services\Tcpip\..\{1088C928-C4C8-4876-813B-FE7E7FD176D6}: NameServer = 203.152.100.32 203.152.112.32 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BIATCH O20 - AppInit_DLLs: O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\ O21 - SSODL: BzZaPo - {743505B2-DE9F-AF18-D5D6-100483B085AB} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe O24 - Desktop Component 0: Desktop Uninstall - (no file) -- End of file - 5287 bytes -- Files created between 2007-12-08 and 2008-01-08 ----------------------------- 2008-01-06 10:14:07 96256 --ahs---- C:\WINDOWS\System32\urdvxc.exe -- Find3M Report --------------------------------------------------------------- 2008-01-08 11:55:38 0 d-------- C:\Program Files\Full Tilt Poker 2008-01-08 0558 0 d-------- C:\Program Files\Trend Micro 2008-01-06 10:42:37 0 --ahs---- C:\WINDOWS\System32\.exe 2007-11-29 06:15:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-29 06:15:33 0 d-------- C:\Program Files\Vodafone 2007-11-24 06:56:25 0 d-------- C:\Program Files\Common Files\Companion Wizard 2007-11-24 06:56:24 0 d-------- C:\Program Files\cmer_uninstallers 2007-11-24 06:56:23 0 d-------- C:\Program Files\Y!Deceasedv2.0b 2007-11-24 06:56:13 0 d-------- C:\Program Files\QuickTime 2007-11-17 06:25:42 0 d-------- C:\Program Files\Lavasoft 2007-11-17 06:22:35 0 d-a------ C:\Program Files\Common Files 2007-11-17 04:56:53 0 d-------- C:\Program Files\XoftSpySE 2007-11-17 04:56:48 0 d-------- C:\Program Files\SmitfraudFix 2007-11-17 04:56:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-17 04:56:28 0 d-------- C:\Program Files\Poker.com 2007-11-17 03:54:52 0 d-------- C:\Program Files\Enigma Software Group 2007-11-16 05:45:32 1502 --a------ C:\WINDOWS\System32\tmp.reg 2007-11-16 05:41:48 1043644 --a------ C:\Program Files\SmitfraudFix.exe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 p.m.] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Compliant"=gbloblqbw.exe C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [11/2/2003 9:37:38 a.m.] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "DisableCMD"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) "ForceActiveDesktopOn"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk] backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk] backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk] backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant] gbloblqbw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing] C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ?????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32] msgconfigrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO] "C:\Program Files\Perfect Keyboard PRO\pk32.exe" /winstart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ?????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall] sysgut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Tmntsrv"=2 (0x2) -- End of Deckard's System Scanner: finished at 2008-01-08 12:48:06 ------------