Thread: System start-up change detected
View Single Post
Old 12-02-2008, 10:11 PM   #1 (permalink)
Joody
Registered User
 
Join Date: Feb 2005
Posts: 56
OS: Windows XP


System start-up change detected
I just know this can't be a good message and I keep getting it. I have deleted some files with Spybot Search and Destroy but I keep getting warnings about TrojanWin.32Monder.aanw and I delete it with my anti-virus only to have it come back. My computer seems to be slow and keeps hanging up. I also keep getting new windows opening in IE and in Firefox.




DDS (Version 1.0) - NTFSx86
Run by Compaq_Owner at 20:20:33.40 on Tue 12/02/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.162 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSGTAG\MSGTAG.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Page =
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {9726f3bd-b039-43ef-b38b-7b1a89fb5a6f} - c:\windows\system32\sezogibe.dll
BHO: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSGTAG] "c:\program files\msgtag\MSGTAG.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB6064] command /c del "c:\windows\system32\kimapuge.dll_old"
uRunOnce: [SpybotDeletingD1248] cmd /c del "c:\windows\system32\kimapuge.dll_old"
uRunOnce: [SpybotDeletingB5093] command /c del "c:\windows\system32\tuyalaze.dll_old"
uRunOnce: [SpybotDeletingD2099] cmd /c del "c:\windows\system32\tuyalaze.dll_old"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Startup Wizard] "c:\program files\shaw secure\fsgui\FSSW.EXE" /reboot
mRun: [News Service] "c:\program files\shaw secure\fsgui\ispnews.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [yowibivofi] Rundll32.exe "c:\windows\system32\kimapuge.dll",s
mRun: [CPM471ea05c] Rundll32.exe "c:\windows\system32\yelosuso.dll",a
mRunOnce: [SpybotDeletingA5768] command /c del "c:\windows\system32\kimapuge.dll_old"
mRunOnce: [SpybotDeletingC8912] cmd /c del "c:\windows\system32\kimapuge.dll_old"
mRunOnce: [SpybotDeletingA8477] command /c del "c:\windows\system32\tuyalaze.dll_old"
mRunOnce: [SpybotDeletingC9198] cmd /c del "c:\windows\system32\tuyalaze.dll_old"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shawse~1.lnk - c:\program files\shaw secure\backweb\3875767\program\fspex.exe
IE: &Add animation to IncrediMail Style Box - c:\progra~1\incred~1\bin\resources\WebMenuImg.htm
IE: &Block this popup - c:\program files\shaw secure\anti-spyware\blockpopups.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F02} - {878137C3-9DAC-4a48-9625-78A054E86C1E} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F03} - {A7FC740A-AC46-46d2-9262-E368D619AD17} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F04} - {C459289E-2150-486b-8556-12C706799CAC} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\shaw secure\anti-spyware\ieshield.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\butazaji.dll c:\windows\system32\howivuti.dll c:\windows\system32\yelosuso.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yelosuso.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yelosuso.dll
SEH: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - c:\program files\microsoft antispyware\shellextension.dll
LSA: Notification Packages = scecli c:\windows\system32\howivuti.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2005-3-21 70896]
R2 BackWeb Plug-in - 3875767;Shaw Secure;c:\progra~1\shawse~1\backweb\3875767\program\SERVIC~1.EXE [2006-3-21 32807]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\shaw secure\anti-virus\win2k\FSfilter.sys [2005-3-21 48720]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter;"c:\program files\shaw secure\anti-virus\fsgk32st.exe" [2005-3-21 36947]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\shaw secure\anti-virus\win2k\FSgk.sys [2005-3-21 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\shaw secure\anti-virus\win2k\FSrec.sys [2005-3-21 16816]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\PPSCAN.sys [2005-6-8 91520]
S3 Yoe16;Yoe16;\??\c:\windows\system32\drivers\Yoe16.sys [2007-12-26 21760]

=============== Created Last 30 ================

2008-12-02 19:38 250 a------- c:\windows\gmer.ini
2008-12-02 19:18 55,267 a--sh--- c:\windows\system32\pimenuda.dll
2008-12-02 18:57 153 a------- c:\windows\wininit.ini
2008-12-01 19:25 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-29 19:15 1,298,668 ---sh--- c:\windows\system32\uhefowij.ini
2008-11-28 20:23 1,298,677 ---sh--- c:\windows\system32\isofopig.ini
2008-11-28 06:54 1,298,695 ---sh--- c:\windows\system32\ezoteyiy.ini
2008-11-27 17:04 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-11-11 19:29 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-02 19:16 93,749 a--sh--- c:\windows\system32\yelosuso.dll
2008-12-02 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 16:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-02 16:32 <DIR> --d----- c:\program files\Microsoft AntiSpyware
2008-12-02 07:16 86,581 a--sh--- c:\windows\system32\sabafiru.dll
2008-12-01 19:15 93,749 a--sh--- c:\windows\system32\napuruya.dll
2008-12-01 19:15 86,581 a--sh--- c:\windows\system32\tazamuto.dll
2008-12-01 18:16 65,076 a--sh--- c:\windows\system32\ramobugu.dll
2008-11-05 17:21 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Printer Info Cache
2008-10-08 18:48 <DIR> --d----- c:\program files\BingoLiner
2008-10-01 16:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-05-21 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2006-03-31 17:35 <DIR> --d----- c:\docume~1\compaq~1\applic~1\F-Secure
2006-03-21 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2006-02-04 11:09 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MSNInstaller
2005-03-21 19:19 <DIR> --d----- c:\docume~1\compaq~1\applic~1\ispnews
2005-03-21 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2004-08-11 05:55 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec
2004-08-10 05:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2005-03-21 19:16 10,240 ac-sh--- c:\windows\rnapxs\rnapxs.dat
2005-02-15 20:19 0 ac-sh--- c:\windows\sminst\HPCD.sys
2008-09-01 18:16 59,392 a--sh--- c:\windows\system32\hizavara.dll
2008-09-01 18:16 65,076 a--sh--- c:\windows\system32\howivuti.dll
2008-09-02 19:16 83,968 a--sh--- c:\windows\system32\kafufigu.dll
2008-09-01 18:16 28,672 a--sh--- c:\windows\system32\kulufegi.dll
2008-09-01 18:16 65,076 a--sh--- c:\windows\system32\sezogibe.dll

============= FINISH: 20:21:42.42 ===============
Attached Files
File Type: txt Gmer.txt (19.2 KB, 1 views)
File Type: txt Attach.txt (9.2 KB, 2 views)
Joody is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here