Tech Support Forum - View Single Post

Cynister · 04-23-2007, 05:59 PM

main.txt

Deckard's System Scanner v20070411.38
Run by Ryan on 2007-04-23 at 18:54:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
24: 2007-04-24 00:54:38 UTC - RP122 - Deckard's System Scanner Restore Point
23: 2007-04-23 00:32:36 UTC - RP121 - Software Distribution Service 2.0
22: 2007-04-22 21:13:51 UTC - RP120 - Installed Ad-Aware SE Personal
21: 2007-04-22 06:02:11 UTC - RP119 - System Checkpoint
20: 2007-04-20 22:27:51 UTC - RP118 - System Checkpoint

-- First Restore Point --
1: 2007-02-16 20:53:41 UTC - RP99 - Software Distribution Service 2.0

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-23 18:56:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ryan\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spoono.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {60C7D512-66A7-3A22-F63A-6CE33EEFFF96} - C:\WINDOWS\system32\sfbhuuf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158802577\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Iejvp] C:\WINDOWS\system32\s?stem\?ti2evxx.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158804736482
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158804726529
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jin...ws-i586-jc.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} () - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys
R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys
R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys
R1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys
R2 DLADResN - c:\windows\system32\dla\dladresn.sys
R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys
R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys
R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys
R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys
R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys
R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R3 BCM43XX (Dell Wireless WLAN Card Driver) - c:\windows\system32\drivers\bcmwl5.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys
R3 STAC97 (SigmaTel C-Major Audio) - c:\windows\system32\drivers\stac97.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 SE402RefCameraStill (SE402 Still Camera (WDM)) - c:\windows\system32\drivers\se402sc.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 w600bus (Sony Ericsson W600 driver (WDM)) - c:\windows\system32\drivers\w600bus.sys (file missing)
S3 w600mdfl (Sony Ericsson W600 USB WMC Modem Filter) - c:\windows\system32\drivers\w600mdfl.sys (file missing)
S3 w600mdm (Sony Ericsson W600 USB WMC Modem Drivers) - c:\windows\system32\drivers\w600mdm.sys (file missing)
S3 w600mgmt (Sony Ericsson W600 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w600mgmt.sys (file missing)
S3 w600obex (Sony Ericsson W600 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w600obex.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe
R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
R2 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe

S3 usnsvc (Messenger Sharing USN Journal Reader service) - c:\windows\system32\svchost.exe -k usnsvc
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs

-- Files created between 2007-03-23 and 2007-04-23 -----------------------------

2007-04-23 18:49:55 49152 --a------ C:\WINDOWS\system32\vfind.exe
2007-04-23 18:49:55 212480 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-23 18:49:55 370688 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-23 18:49:55 428032 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-23 18:49:55 38400 --a------ C:\WINDOWS\system32\moveex.exe
2007-04-23 18:49:55 49152 --a------ C:\WINDOWS\nircmd.exe
2007-04-23 18:49:55 86528 --a------ C:\WINDOWS\catchme.exe
2007-04-23 15:29:10 45056 -ra------ C:\WINDOWS\retadpu11.exe<RETADP~1.EXE>
2007-04-22 16:31:22 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 16:30:01 0 d-------- C:\ie-spyad
2007-04-22 16:28:48 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3>
2007-04-22 16:24:55 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-22 16:24:46 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-04-22 15:16:38 0 d-------- C:\Documents and Settings\Ryan\Application Data\Lavasoft
2007-04-22 15:13:53 0 d-------- C:\Program Files\Lavasoft
2007-04-22 15:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-22 12:57:51 0 d-------- C:\WINDOWS\pss
2007-04-21 23:15:45 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-21 23:15:45 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-21 23:15:45 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-21 23:15:45 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-21 23:15:45 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-21 23:15:39 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-21 23:03:54 2 --a------ C:\WINDOWS\system32\wnsinticomsv.exe<WNSINT~1.EXE>
2007-04-21 23:03:47 60928 --a------ C:\WINDOWS\system32\sfbhuuf.dll
2007-04-20 17:17:47 0 d-------- C:\Program Files\Lizard
2007-04-15 04:48:38 0 d-------- C:\Documents and Settings\Ryan\Application Data\Help
2007-04-15 03:12:52 0 d-------- C:\Documents and Settings\Ryan\Application Data\Dev-Cpp
2007-04-15 03:03:51 0 d-------- C:\Dev-Cpp
2007-03-31 15:37:49 0 d-------- C:\Program Files\PlayLinc
2007-03-25 18:56:28 0 d-------- C:\ijji
2007-03-23 16:41:36 0 d-------- C:\rscache

-- Find3M Report ---------------------------------------------------------------

2007-04-20 17:17:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-15 08:08:13 101438 --a------ C:\WINDOWS\b122.exe
2007-03-03 14:30:10 0 d-------- C:\Program Files\Winamp
2007-03-03 14:29:29 0 d-------- C:\Program Files\Yahoo!
2007-03-03 14:28:31 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-27 22:09:22 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-02-25 22:28:22 0 d-------- C:\Documents and Settings\Ryan\Application Data\Sun
2007-02-25 22:28:08 0 d-------- C:\Program Files\Java
2007-02-25 22:26:39 0 d-------- C:\Program Files\Common Files\Java

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Iejvp"="C:\\WINDOWS\\system32\\s?stem\\?ti2evxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1158802577\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-04-23 at 18:56:32 ---------

extra.txt

Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.70GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 503.37 MiB / 202.63 MiB
Pagefile Memory (total/avail): 1230.05 MiB / 815.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1986.65 MiB

C: is Fixed (NTFS) - 33.82 GiB total, 22.21 GiB free.
D: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYANSCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan
LOGONSERVER=\\RYANSCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp
USERDOMAIN=RYANSCOMPUTER
USERNAME=Ryan
USERPROFILE=C:\Documents and Settings\Ryan
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Ryan (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
croNous --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE92B35C-4527-488D-AB03-88882FFDF451}\Setup.exe"
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
Gunbound Revolution --> "C:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HijackThis 2.0.0 --> "C:\Documents and Settings\Ryan\Desktop\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
Media Share Starter Kit --> MsiExec.exe /I{75FE7905-EDEF-436A-9950-146F8F978450}
PlayLinc --> MsiExec.exe /I{E3E0DA6E-F2D3-437F-9876-9491D46B2AF8}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- End of Deckard's System Scanner: finished at 2007-04-23 at 18:56:32 ---------

combo fix log

"Ryan" - 07-04-23 18:44:21 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Ryan\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\inetget2\Installeur.exe
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\ipwindows
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Ryan
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\dvdplay.exe
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0000
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0001
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0002
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0003
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0004
C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0005
C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1\?ti2evxx.exe

((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))

2007-04-23 15:29 45,056 -ra------ C:\WINDOWS\retadpu11.exe
2007-04-22 16:31 21,312 --a------ C:\WINDOWS\choice.exe
2007-04-22 16:30 <DIR> d-------- C:\ie-spyad
2007-04-22 16:28 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 16:24 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-22 16:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 15:16 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Lavasoft
2007-04-22 15:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 15:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 12:57 <DIR> d-------- C:\WINDOWS\pss
2007-04-21 23:15 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-21 23:15 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-21 23:15 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-21 23:15 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-21 23:15 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-21 23:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-21 23:03 60,928 --a------ C:\WINDOWS\system32\sfbhuuf.dll
2007-04-21 23:03 2 --a------ C:\WINDOWS\system32\wnsinticomsv.exe
2007-04-20 17:17 <DIR> d-------- C:\Program Files\Lizard
2007-04-15 04:48 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Help
2007-04-15 03:12 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Dev-Cpp
2007-04-15 03:03 <DIR> d-------- C:\Dev-Cpp
2007-03-31 15:37 <DIR> d-------- C:\Program Files\PlayLinc
2007-03-25 18:56 <DIR> d-------- C:\ijji
2007-03-23 16:41 <DIR> d-------- C:\rscache

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-15 08:08 101438 --a------ C:\WINDOWS\b122.exe
2007-03-03 14:30 -------- d-------- C:\Program Files\winamp
2007-03-03 14:29 -------- d-------- C:\Program Files\yahoo!

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{60C7D512-66A7-3A22-F63A-6CE33EEFFF96} C:\WINDOWS\system32\sfbhuuf.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1158802577\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Iejvp"="C:\\WINDOWS\\system32\\s?stem\\?ti2evxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ \0scecli\0scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 18:48:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\45KRSZ21\AppID_4100[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\6F42MZA0\AppID_6930[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\8KIGXKGH\AppID_7220[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\8ZPWXH8U\AppID_3910[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GTYNG1YB\AppID_3970[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\OF29MZ0V\AppID_3980[1].txt 0 bytes
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\UPYR6LGV\AppID_919[1].txt 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7

********************************************************************

Completion time: 07-04-23 18:49:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-23 18:49

All seems better

04-23-2007, 05:59 PM	#5 (permalink)
Cynister Registered User Join Date: Apr 2007 Posts: 9 OS: XP	Re: ATi Fake driver main.txt Deckard's System Scanner v20070411.38 Run by Ryan on 2007-04-23 at 18:54:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 24: 2007-04-24 00:54:38 UTC - RP122 - Deckard's System Scanner Restore Point 23: 2007-04-23 00:32:36 UTC - RP121 - Software Distribution Service 2.0 22: 2007-04-22 21:13:51 UTC - RP120 - Installed Ad-Aware SE Personal 21: 2007-04-22 06:02:11 UTC - RP119 - System Checkpoint 20: 2007-04-20 22:27:51 UTC - RP118 - System Checkpoint -- First Restore Point -- 1: 2007-02-16 20:53:41 UTC - RP99 - Software Distribution Service 2.0 Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-04-23 18:56:05 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.0.2900.2180) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\alg.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ryan\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spoono.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {60C7D512-66A7-3A22-F63A-6CE33EEFFF96} - C:\WINDOWS\system32\sfbhuuf.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158802577\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Iejvp] C:\WINDOWS\system32\s?stem\?ti2evxx.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158804736482 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158804726529 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jin...ws-i586-jc.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} () - http://www.gamengame.com/KALogoutComponent.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys R1 APPDRV - c:\windows\system32\drivers\appdrv.sys R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys R1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys R1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys R1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys R1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys R2 DLADResN - c:\windows\system32\dla\dladresn.sys R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys R3 BCM43XX (Dell Wireless WLAN Card Driver) - c:\windows\system32\drivers\bcmwl5.sys R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys R3 ialm - c:\windows\system32\drivers\ialmnt5.sys R3 STAC97 (SigmaTel C-Major Audio) - c:\windows\system32\drivers\stac97.sys R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing) S3 SE402RefCameraStill (SE402 Still Camera (WDM)) - c:\windows\system32\drivers\se402sc.sys S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) S3 w600bus (Sony Ericsson W600 driver (WDM)) - c:\windows\system32\drivers\w600bus.sys (file missing) S3 w600mdfl (Sony Ericsson W600 USB WMC Modem Filter) - c:\windows\system32\drivers\w600mdfl.sys (file missing) S3 w600mdm (Sony Ericsson W600 USB WMC Modem Drivers) - c:\windows\system32\drivers\w600mdm.sys (file missing) S3 w600mgmt (Sony Ericsson W600 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w600mgmt.sys (file missing) S3 w600obex (Sony Ericsson W600 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w600obex.sys (file missing) S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe R2 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe S3 usnsvc (Messenger Sharing USN Journal Reader service) - c:\windows\system32\svchost.exe -k usnsvc S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs -- Files created between 2007-03-23 and 2007-04-23 ----------------------------- 2007-04-23 18:49:55 49152 --a------ C:\WINDOWS\system32\vfind.exe 2007-04-23 18:49:55 212480 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-23 18:49:55 370688 --a------ C:\WINDOWS\system32\swsc.exe 2007-04-23 18:49:55 428032 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-23 18:49:55 38400 --a------ C:\WINDOWS\system32\moveex.exe 2007-04-23 18:49:55 49152 --a------ C:\WINDOWS\nircmd.exe 2007-04-23 18:49:55 86528 --a------ C:\WINDOWS\catchme.exe 2007-04-23 15:29:10 45056 -ra------ C:\WINDOWS\retadpu11.exe<RETADP~1.EXE> 2007-04-22 16:31:22 21312 --a------ C:\WINDOWS\choice.exe 2007-04-22 16:30:01 0 d-------- C:\ie-spyad 2007-04-22 16:28:48 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3> 2007-04-22 16:24:55 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-04-22 16:24:46 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2> 2007-04-22 15:16:38 0 d-------- C:\Documents and Settings\Ryan\Application Data\Lavasoft 2007-04-22 15:13:53 0 d-------- C:\Program Files\Lavasoft 2007-04-22 15:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-04-22 12:57:51 0 d-------- C:\WINDOWS\pss 2007-04-21 23:15:45 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-04-21 23:15:45 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-04-21 23:15:45 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-04-21 23:15:45 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS> 2007-04-21 23:15:45 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS> 2007-04-21 23:15:39 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1> 2007-04-21 23:03:54 2 --a------ C:\WINDOWS\system32\wnsinticomsv.exe<WNSINT~1.EXE> 2007-04-21 23:03:47 60928 --a------ C:\WINDOWS\system32\sfbhuuf.dll 2007-04-20 17:17:47 0 d-------- C:\Program Files\Lizard 2007-04-15 04:48:38 0 d-------- C:\Documents and Settings\Ryan\Application Data\Help 2007-04-15 03:12:52 0 d-------- C:\Documents and Settings\Ryan\Application Data\Dev-Cpp 2007-04-15 03:03:51 0 d-------- C:\Dev-Cpp 2007-03-31 15:37:49 0 d-------- C:\Program Files\PlayLinc 2007-03-25 18:56:28 0 d-------- C:\ijji 2007-03-23 16:41:36 0 d-------- C:\rscache -- Find3M Report --------------------------------------------------------------- 2007-04-20 17:17:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-15 08:08:13 101438 --a------ C:\WINDOWS\b122.exe 2007-03-03 14:30:10 0 d-------- C:\Program Files\Winamp 2007-03-03 14:29:29 0 d-------- C:\Program Files\Yahoo! 2007-03-03 14:28:31 0 d-------- C:\Program Files\Common Files\Scanner 2007-02-27 22:09:22 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1> 2007-02-25 22:28:22 0 d-------- C:\Documents and Settings\Ryan\Application Data\Sun 2007-02-25 22:28:08 0 d-------- C:\Program Files\Java 2007-02-25 22:26:39 0 d-------- C:\Program Files\Common Files\Java -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent" "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "Iejvp"="C:\\WINDOWS\\system32\\s?stem\\?ti2evxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1158802577\\ee\\AOLSoftware.exe" "IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe" "igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-04-23 at 18:56:32 --------- extra.txt Deckard's System Scanner v20070411.38 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) M processor 1.70GHz Percentage of Memory in Use: 59% Physical Memory (total/avail): 503.37 MiB / 202.63 MiB Pagefile Memory (total/avail): 1230.05 MiB / 815.5 MiB Virtual Memory (total/avail): 2047.88 MiB / 1986.65 MiB C: is Fixed (NTFS) - 33.82 GiB total, 22.21 GiB free. D: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is enabled. AntiVirusDisableNotify is set. UpdatesDisableNotify is set. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Ryan\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=RYANSCOMPUTER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Ryan LOGONSERVER=\\RYANSCOMPUTER NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp TMP=C:\DOCUME~1\Ryan\LOCALS~1\Temp USERDOMAIN=RYANSCOMPUTER USERNAME=Ryan USERPROFILE=C:\Documents and Settings\Ryan windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Ryan (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} croNous --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE92B35C-4527-488D-AB03-88882FFDF451}\Setup.exe" Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe" Gunbound Revolution --> "C:\ijji\ENGLISH\Gunbound Revolution\unins000.exe" HijackThis 2.0.0 --> "C:\Documents and Settings\Ryan\Desktop\HijackThis.exe" /uninstall Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 Intel(R) PRO Network Connections Drivers --> Prounstl.exe J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG Media Share Starter Kit --> MsiExec.exe /I{75FE7905-EDEF-436A-9950-146F8F978450} PlayLinc --> MsiExec.exe /I{E3E0DA6E-F2D3-437F-9876-9491D46B2AF8} QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C} SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe" Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe" Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812} Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- End of Deckard's System Scanner: finished at 2007-04-23 at 18:56:32 --------- combo fix log "Ryan" - 07-04-23 18:44:21 Service Pack 2 ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Ryan\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\inetget2\Installeur.exe C:\Program Files\ipwindows\ipwins.dll C:\Program Files\ipwindows\ipwins.exe C:\Program Files\ipwindows\UnInstall.exe C:\Program Files\ipwindows ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\DOCUME~1 C:\qoobox\purity\C\DOCUME~1\Ryan C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\dvdplay.exe C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0000 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0001 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0002 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0003 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0004 C:\qoobox\purity\C\DOCUME~1\Ryan\MYDOCU~1\STEM~1\??stem\ctxad-552.0005 C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1 C:\qoobox\purity\C\WINDOWS\system32\SSTEM~1\?ti2evxx.exe ((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 )))))))))))))))))))))))))))))))))) 2007-04-23 15:29 45,056 -ra------ C:\WINDOWS\retadpu11.exe 2007-04-22 16:31 21,312 --a------ C:\WINDOWS\choice.exe 2007-04-22 16:30 <DIR> d-------- C:\ie-spyad 2007-04-22 16:28 <DIR> d-------- C:\Program Files\SpywareGuard 2007-04-22 16:24 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-04-22 16:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-04-22 15:16 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Lavasoft 2007-04-22 15:13 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-22 15:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-22 12:57 <DIR> d-------- C:\WINDOWS\pss 2007-04-21 23:15 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-04-21 23:15 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-04-21 23:15 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-04-21 23:15 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-04-21 23:15 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-04-21 23:15 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-04-21 23:03 60,928 --a------ C:\WINDOWS\system32\sfbhuuf.dll 2007-04-21 23:03 2 --a------ C:\WINDOWS\system32\wnsinticomsv.exe 2007-04-20 17:17 <DIR> d-------- C:\Program Files\Lizard 2007-04-15 04:48 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Help 2007-04-15 03:12 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Dev-Cpp 2007-04-15 03:03 <DIR> d-------- C:\Dev-Cpp 2007-03-31 15:37 <DIR> d-------- C:\Program Files\PlayLinc 2007-03-25 18:56 <DIR> d-------- C:\ijji 2007-03-23 16:41 <DIR> d-------- C:\rscache (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-15 08:08 101438 --a------ C:\WINDOWS\b122.exe 2007-03-03 14:30 -------- d-------- C:\Program Files\winamp 2007-03-03 14:29 -------- d-------- C:\Program Files\yahoo! (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL {60C7D512-66A7-3A22-F63A-6CE33EEFFF96} C:\WINDOWS\system32\sfbhuuf.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1158802577\\ee\\AOLSoftware.exe" "IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe" "igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent" "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "Iejvp"="C:\\WINDOWS\\system32\\s?stem\\?ti2evxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ \0scecli\0scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-23 18:48:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\45KRSZ21\AppID_4100[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\6F42MZA0\AppID_6930[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\8KIGXKGH\AppID_7220[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\8ZPWXH8U\AppID_3910[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GTYNG1YB\AppID_3970[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\OF29MZ0V\AppID_3980[1].txt 0 bytes C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\UPYR6LGV\AppID_919[1].txt 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 7 ****************************************************************** Completion time: 07-04-23 18:49:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-23 18:49 All seems better