Hi, about a 2 weeks ago I've had constant pop-ups and I tried several antivirus removal programs, like mcafee, avg8.0, search and destroy, and some others, so in the end AVG actually removed the problem then all of a sudden explorer.exe kept closing then coming back and so forth. I've seen the other threads and forums and tried those solutions, but to no avail. So here's my logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:53 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\taskmgr.exe
C:\Documents and Settings\Mohamed\Desktop\dss.exe
C:\DOCUME~1\Mohamed\MYDOCU~1\DOWNLO~1\Programs\Mohamed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30EE7C7E-3B4B-4065-9FFA-C87C8C10C42A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {4E1795E2-145A-4662-80BB-A17498ACE90A} - C:\windows\system32\cbXRIyaa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\Resources\Themes\Crystal.Systema Suite\FindeXer Nightly V1.1.0.3\FindeXer.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?53a22baa9a8b466ba676dad31deb712d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?53a22baa9a8b466ba676dad31deb712d
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: opnmLeEu - opnmLeEu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe (file missing)
--
End of file - 5387 bytes
Deckard's System Scanner v20071014.68
Run by Mohamed on 2008-07-29 19:15:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mohamed.exe) ---------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 19:21:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Mohamed\Desktop\dss.exe
C:\Documents and Settings\Mohamed\My Documents\Downloads\Programs\Mohamed.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.microsoft.com/isapi/redir...mp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30EE7C7E-3B4B-4065-9FFA-C87C8C10C42A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {4E1795E2-145A-4662-80BB-A17498ACE90A} - C:\WINDOWS\system32\cbXRIyaa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\Resources\Themes\Crystal.Systema Suite\FindeXer Nightly V1.1.0.3\FindeXer.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?53a22baa9a8b466ba676dad31deb712d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?53a22baa9a8b466ba676dad31deb712d
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: opnmLeEu - C:\windows\system32\opnmLeEu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe
--
End of file - 7329 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Mohamed\MYDOCU~1\DOWNLO~1\Programs\backups\) --------------------------------------------------------------------------------
backup-20080121-231657-151 O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
backup-20080121-231657-166 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\windows\system32\drvkov.dll,startup
backup-20080121-231657-178 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080121-231657-186 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
backup-20080121-231657-209 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20080121-231657-215 O4 - HKCU\..\Policies\Explorer\Run: [{2028C971-09DC-1033-0815-021220050001}] "C:\Program Files\Common Files\{2028C971-09DC-1033-0815-021220050001}\Update.exe" mc-110-12-0000272
backup-20080121-231657-242 O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
backup-20080121-231657-262 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080121-231657-276 O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
backup-20080121-231657-306 O4 - HKLM\..\Run: [2028c9de] rundll32.exe "C:\windows\system32\uodqoxcv.dll",b
backup-20080121-231657-377 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
backup-20080121-231657-432 O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
backup-20080121-231657-442 O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
backup-20080121-231657-488 O4 - HKLM\..\Run: [avp] C:\windows\avp.exe
backup-20080121-231657-491 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?53a22baa9a8b466ba676dad31deb712d
backup-20080121-231657-496 O4 - HKLM\..\Run: [BM231bfa42] Rundll32.exe "C:\windows\system32\sftfhhpc.dll",s
backup-20080121-231657-522 O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
backup-20080121-231657-528 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
backup-20080121-231657-534 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080121-231657-554 O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
backup-20080121-231657-564 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
backup-20080121-231657-567 O4 - HKLM\..\Run: [smgr] mgrs.exe
backup-20080121-231657-597 O4 - HKCU\..\Run: [HoleWarn] C:\DOCUME~1\Mohamed\APPLIC~1\MFCDWA~1\ball mail support.exe
backup-20080121-231657-608 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080121-231657-620 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\windows\system32\cgogmzbl.dll
backup-20080121-231657-633 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20080121-231657-639 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080121-231657-648 O1 - Hosts: 80.69.94.166 gameguard.mapleglobal.com
backup-20080121-231657-710 O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
backup-20080121-231657-719 O4 - HKLM\..\Run: [HiHiCall] C:\Program Files\HiHiCall.com\HiHiCall.exe
backup-20080121-231657-732 O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
backup-20080121-231657-814 O1 - Hosts: 80.69.94.166 63.251.217.184
backup-20080121-231657-831 O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\burn for.exe
backup-20080121-231657-850 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
backup-20080121-231657-856 O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\windows\system32\RegSvr32.exe /s C:\windows\system32\V0250Cvw.dll
backup-20080121-231657-890 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080121-231657-925 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?53a22baa9a8b466ba676dad31deb712d
backup-20080121-231657-948 O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
backup-20080121-231658-166 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
backup-20080121-231658-225 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080121-231658-707 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080121-231659-268 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080121-231659-501 O23 - Service: DomainService - - C:\windows\system32\wtbedpjq.exe
backup-20080121-231659-656 O21 - SSODL: E404Helper - {4b993299-5e4c-4e73-b0e6-869763910b35} - e404d.dll (file missing)
backup-20080121-231659-747 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080121-231659-892 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20080121-231700-191 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
backup-20080121-231700-244 O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
backup-20080121-231700-317 O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
backup-20080121-231700-414 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
backup-20080121-231700-459 O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
backup-20080121-231700-493 O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
backup-20080121-231700-594 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
backup-20080728-165241-298 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080728-165501-402 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
backup-20080728-165501-422 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 catchme - c:\docume~1\mohamed\locals~1\temp\catchme.sys (file missing)
S3 CEDRIVER53 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 Dua1 - c:\documents and settings\mohamed\desktop\maplestory hacks\dual engine\dualengi.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NinjaVideo Helper.exe (NinjaVideo Helper) - "c:\program files\ninjavideo\ninjavideo helper\ninjavideo helper.exe" <Not Verified; NinjaVideo; NinjaVideo Helper>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
S2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-10 12:33:02 284 --a------ C:\windows\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-29 13:34:07 0 d-------- C:\ie-spyad_zo
2008-07-28 17:08:12 0 d-------- C:\Program Files\Panda Security
2008-07-28 16:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-27 02:03:26 0 d-------- C:\Documents and Settings\Mohamed\DoctorWeb
2008-07-27 01:11:18 0 d-------- C:\windows\ERUNT
2008-07-27 00:25:15 60416 --a------ C:\windows\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-07-25 03:02:05 579678 --ahs---- C:\windows\system32\aayIRXbc.ini2
2008-07-25 03:01:57 246784 --a------ C:\windows\system32\cbXRIyaa.dll
2008-07-25 02:59:23 0 d-------- C:\Program Files\AVG
2008-07-20 21:16:01 24 --a------ C:\windows\system32\sysogg.dll
2008-07-20 21:14:31 1703936 --a------ C:\windows\system32\NCTAudioFile.dll <Not Verified; NCT Company; NCTAudioFile ActiveX DLL>
2008-07-20 21:14:30 0 d-------- C:\Program Files\MP3 Converter Simple
2008-07-20 21:04:53 0 d-------- C:\Program Files\AtomixMP3
2008-07-11 13:19:27 0 d-------- C:\Nexon
2008-07-06 19:43:08 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-06-30 02:45:40 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-30 02:45:40 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 02:45:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-30 02:45:40 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-30 02:45:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 02:45:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-30 02:45:40 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-30 02:45:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 02:45:40 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-30 02:45:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-30 02:45:40 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-30 02:45:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-30 02:45:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-30 02:45:39 516096 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
-- Find3M Report ---------------------------------------------------------------
2008-07-29 14:57:26 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-29 13:42:28 0 d-------- C:\Documents and Settings\Mohamed\Application Data\Azureus
2008-07-29 00:45:11 0 d-------- C:\Program Files\Internet Download Manager
2008-07-28 17
15 0 dr------- C:\Program Files\TypingMaster
2008-07-28 16:44:48 0 d-------- C:\Program Files\Active WebCam
2008-07-28 16:43:11 0 d-------- C:\Documents and Settings\Mohamed\Application Data\DMCache
2008-07-28 16:43:05 0 d-------- C:\Documents and Settings\Mohamed\Application Data\IDM
2008-07-27 00:12:39 0 d-------- C:\Documents and Settings\Mohamed\Application Data\LimeWire
2008-07-22 12:47:59 0 d-------- C:\Program Files\Winamp
2008-07-22 12:24:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-22 12:24:27 0 d-------- C:\Program Files\Common Files
2008-07-02 14:20:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 03
22 0 d-------- C:\Documents and Settings\Mohamed\Application Data\FindeXer
2008-06-14 01:49:52 0 d-------- C:\Program Files\mkv2vob
2008-06-14 01:49:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 17:46:49 0 d-------- C:\Program Files\Veoh Networks
2008-05-14 12:40:56 166447 --a------ C:\windows\Video Cleaner Pro Uninstaller.exe
2008-05-14 02:15:13 160373 --a------ C:\windows\MPEG-4 Booster Pack Uninstaller.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30EE7C7E-3B4B-4065-9FFA-C87C8C10C42A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E1795E2-145A-4662-80BB-A17498ACE90A}]
07/25/2008 03:01 AM 246784 --a------ C:\windows\system32\cbXRIyaa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/03/2006 11:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/28/2008 08:08 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 02:58 PM]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [05/30/2008 02:45 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/15/2008 04:11 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}"= C:\windows\system32\opnmLeEu.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmLeEu]
opnmLeEu.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\windows\system32\cbXRIyaa
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DAEMON Tools.lnk]
backup=C:\WINDOWS\pss\DAEMON Tools.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mohamed^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mohamed^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\V0250Cvw.dll]
C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
C:\Program Files\VirusBursters\virusbursters.exe /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)
"RichVideo"=2 (0x2)
"PREVXAgent"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
*Newly Created Service* - PAVBOOT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
-- End of Deckard's System Scanner: finished at 2008-07-29 19:24:29 ------------
ActiveScan.txt
extra.txt