Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Task manager greyed out, pop-ups Task manager greyed out, pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 05-11-2008, 06:53 PM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Task manager greyed out, pop-ups
extra.txtI got some kind of virus on my PC this morning. The task manager button is greyed out, both when I hit ctrl-alt-del and also if I right click the empty task bar area at the bottom of the screen. There is a pop-up about every minute from an icon on the bottom right of my screen saying I have spyware, and if I click on it, it tries to sell me software. It also added an "internet speed monitor" program, but I think I was able to delete that through add/remove programs. Here's my DSS report:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-11 18:29:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:20 PM, on 5/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\b2new.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kevin Butler.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A350914C-78B2-4012-AF9A-824333363C99} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINNT\system32\iifgGYop.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: iifgGYop - C:\WINNT\SYSTEM32\iifgGYop.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\b2new.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8128 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cmosa - c:\winnt\system32\drivers\cmosa.sys <Not Verified; Dell Computer Corporation.; DellŪ OpenManage Client Instrumentation>
R2 tcaicchg - c:\winnt\system32\tcaicchg.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic/Configuration>
R2 TCAITDI (TCAITDI Protocol) - c:\winnt\system32\drivers\tcaitdi.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic TDI Driver>
R3 hcwPP2 (Hauppauge WinTV PVR PCI II ([23|25|26]xxx)) - c:\winnt\system32\drivers\hcwpp2.sys <Not Verified; Hauppauge Computer Works, Inc.; WinTV>
R3 WinDriver6 - c:\winnt\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>
R3 X10UIF (%DESCRIPTION%) - c:\winnt\system32\drivers\x10uif.sys <Not Verified; X10 Wireless Technology, Inc.; X10 USB Control Interface>

S3 CA504AV (Mega Camera, WDM Video Capture) - c:\winnt\system32\drivers\ca504av.sys <Not Verified; Digital Camera.; Digital Camera Driver>
S3 DLPortIO (DriverLINX Port I/O Driver) - c:\winnt\system32\drivers\dlportio.sys
S3 Sunplus (Mega Camera Still Image Capture, Sunplus Version 1.00) - c:\winnt\system32\drivers\bulk504.sys <Not Verified; Sunplus; Bulk IO Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winnt\b2new.exe service
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\snapst~1\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\MGMT180\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\MGMT180\2&DABA3FF&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2006-09-04 17:20:39 426 --a------ C:\WINNT\Tasks\Symantec NetDetect.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:26:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_658.dat
2008-05-11 18:18:36 0 d-------- C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 15:02:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_27c.dat
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 14:19:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_284.dat
2008-05-11 10:47:21 21504 --a------ C:\WINNT\stcloader.exe
2008-05-11 10:47:19 13568 --a------ C:\WINNT\voiceip.dll
2008-05-11 10:47:19 31232 --a------ C:\WINNT\swin32.dll
2008-05-11 10:47:18 18432 --a------ C:\WINNT\cdsm32.dll
2008-05-11 10:47:18 25856 --a------ C:\WINNT\bokja.exe
2008-05-11 10:47:17 29440 --a------ C:\WINNT\mssvr.exe
2008-05-11 10:47:16 24064 --a------ C:\WINNT\mspphe.dll
2008-05-11 10:47:16 27136 --a------ C:\WINNT\bjam.dll
2008-05-11 10:47:15 22016 --a------ C:\WINNT\2020search2.dll
2008-05-11 10:47:14 22016 --a------ C:\WINNT\2020search.dll
2008-05-11 10:47:07 13824 --a------ C:\WINNT\saiemod.dll
2008-05-11 10:47:06 26368 --a------ C:\WINNT\msapasrc.dll
2008-05-11 10:47:06 25600 --a------ C:\WINNT\msa64chk.dll
2008-05-11 10:47:04 14848 --a------ C:\WINNT\shdocpl.dll
2008-05-11 10:47:03 12544 --a------ C:\WINNT\shdocpe.dll
2008-05-11 10:47:03 22016 --a------ C:\WINNT\ntnut.exe
2008-05-11 10:47:02 15616 --a------ C:\WINNT\winsb.dll
2008-05-11 10:47:02 31744 --a------ C:\WINNT\browserad.dll
2008-05-11 10:47:01 31744 --a------ C:\WINNT\aviwrap32.dll
2008-05-11 10:47:00 10752 --a------ C:\WINNT\avisynthex32.dll
2008-05-11 10:47:00 11008 --a------ C:\WINNT\avifile32.dll
2008-05-11 10:47:00 25600 --a------ C:\WINNT\autodisc32.dll
2008-05-11 10:46:59 11264 --a------ C:\WINNT\audiosrv32.dll
2008-05-11 10:46:59 24320 --a------ C:\WINNT\ati2dvag32.dll
2008-05-11 10:46:59 9216 --a------ C:\WINNT\ati2dvaa32.dll
2008-05-11 10:46:58 21248 --a------ C:\WINNT\athprxy32.dll
2008-05-11 10:46:58 25344 --a------ C:\WINNT\asycfilt32.dll
2008-05-11 10:46:57 16384 --a------ C:\WINNT\asferror32.dll
2008-05-11 10:46:57 30720 --a------ C:\WINNT\apphelp32.dll
2008-05-11 10:46:56 24832 --a------ C:\WINNT\changeurl_30.dll
2008-05-11 09:41:15 8069 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-05-11 09:36:13 0 d-------- C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:59 25728 --a------ C:\WINNT\system32\iifgGYop.dll
2008-05-11 09:35:56 0 d-------- C:\Program Files\QdrModule
2008-05-11 09:35:55 0 d-------- C:\Program Files\QdrDrive
2008-05-11 09:35:55 0 d-------- C:\Program Files\ISM
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-05-11 09:35:09 91563 --a------ C:\WINNT\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:35:09 91563 --a------ C:\WINNT\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:34:55 25600 --a------ C:\WINNT\b2new.exe
2008-05-09 12:10:08 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-09 11:10:10 229514 --a------ C:\WINNT\system32\000080.exe
2008-05-03 10:48:00 270709 --a------ C:\WINNT\system32\000060.exe
2008-05-01 17:52:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_28c.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-11 09:37:46 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat
2008-02-20 20:27:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5c4.dat
2008-02-20 20:11:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_e4.dat
2008-02-16 10:47:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
04/03/08 02:05p 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A350914C-78B2-4012-AF9A-824333363C99}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/11/08 09:36a 25728 --a------ C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/08 11:37a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [04/25/08 12:23p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINNT\system32\iifgGYop.dll [05/11/08 09:36a 25728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgGYop]
iifgGYop.dll 05/11/08 09:36a 25728 C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-11 18:31:36 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-15-2008, 12:57 AM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,389
OS: XP


Re: Task manager greyed out, pop-ups
Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt report.
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-15-2008, 09:07 PM   #3 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
Sorry for the delay, my computer has gotten really bad and it's difficult to access the internet. I keep getting a Microsoft Visual C++ Runtime Library error saying "Buffer overrun detected! Program:C:\WINNT\Explorer.EXE A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated." At this point my PC freezes up completely and (since the task manager button is greyed out) I have to restart my computer. Here's a fresh DSS report:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-15 18:40:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:56 PM, on 5/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\b2new.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {BCA86068-A178-45AE-A05D-EBFD19A43265} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINNT\system32\iifgGYop.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: {721e2b5f-26e5-7a7a-bf04-89cc5a44f7bf} - {fb7f44a5-cc98-40fb-a7a7-5e62f5b2e127} - C:\WINNT\system32\qybjykpk.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [b880c3d9] rundll32.exe "C:\WINNT\system32\lvqwfjio.dll",b
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: iifgGYop - C:\WINNT\SYSTEM32\iifgGYop.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\b2new.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8028 bytes

-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 18:40:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_638.dat
2008-05-15 17:23:13 98960 --a------ C:\WINNT\system32\qybjykpk.dll
2008-05-15 09:50:10 82960 --a------ C:\WINNT\system32\lvqwfjio.dll
2008-05-15 09:47:11 90304 --a------ C:\WINNT\system32\lnvepyvk.dll
2008-05-14 09:56:37 98928 --a------ C:\WINNT\system32\jewhhrgr.dll
2008-05-14 09:50:10 2048 --a------ C:\WINNT\system32\oajpqhhj.exe
2008-05-14 09:44:17 90208 --a------ C:\WINNT\system32\mkkibxpi.dll
2008-05-13 19:46:29 553548 ---h----- C:\WINNT\ShellIconCache
2008-05-13 09:53:12 98864 --a------ C:\WINNT\system32\eheejsbs.dll
2008-05-13 09:47:10 2048 --a------ C:\WINNT\system32\mqkjddwn.exe
2008-05-13 09:44:10 90176 --a------ C:\WINNT\system32\ndhfepxt.dll
2008-05-12 09:50:10 98896 --a------ C:\WINNT\system32\gkwigkko.dll
2008-05-12 09:47:10 2048 --a------ C:\WINNT\system32\qfldurte.exe
2008-05-12 09:44:10 90176 --a------ C:\WINNT\system32\ttofxqyb.dll
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-------- C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 15:02:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_27c.dat
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 14:19:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_284.dat
2008-05-11 10:47:21 21504 --a------ C:\WINNT\stcloader.exe
2008-05-11 10:47:19 13568 --a------ C:\WINNT\voiceip.dll
2008-05-11 10:47:19 31232 --a------ C:\WINNT\swin32.dll
2008-05-11 10:47:18 18432 --a------ C:\WINNT\cdsm32.dll
2008-05-11 10:47:18 25856 --a------ C:\WINNT\bokja.exe
2008-05-11 10:47:17 29440 --a------ C:\WINNT\mssvr.exe
2008-05-11 10:47:16 24064 --a------ C:\WINNT\mspphe.dll
2008-05-11 10:47:16 27136 --a------ C:\WINNT\bjam.dll
2008-05-11 10:47:15 22016 --a------ C:\WINNT\2020search2.dll
2008-05-11 10:47:14 22016 --a------ C:\WINNT\2020search.dll
2008-05-11 10:47:07 13824 --a------ C:\WINNT\saiemod.dll
2008-05-11 10:47:06 26368 --a------ C:\WINNT\msapasrc.dll
2008-05-11 10:47:06 25600 --a------ C:\WINNT\msa64chk.dll
2008-05-11 10:47:04 14848 --a------ C:\WINNT\shdocpl.dll
2008-05-11 10:47:03 12544 --a------ C:\WINNT\shdocpe.dll
2008-05-11 10:47:03 22016 --a------ C:\WINNT\ntnut.exe
2008-05-11 10:47:02 15616 --a------ C:\WINNT\winsb.dll
2008-05-11 10:47:02 31744 --a------ C:\WINNT\browserad.dll
2008-05-11 10:47:01 31744 --a------ C:\WINNT\aviwrap32.dll
2008-05-11 10:47:00 10752 --a------ C:\WINNT\avisynthex32.dll
2008-05-11 10:47:00 11008 --a------ C:\WINNT\avifile32.dll
2008-05-11 10:47:00 25600 --a------ C:\WINNT\autodisc32.dll
2008-05-11 10:46:59 11264 --a------ C:\WINNT\audiosrv32.dll
2008-05-11 10:46:59 24320 --a------ C:\WINNT\ati2dvag32.dll
2008-05-11 10:46:59 9216 --a------ C:\WINNT\ati2dvaa32.dll
2008-05-11 10:46:58 21248 --a------ C:\WINNT\athprxy32.dll
2008-05-11 10:46:58 25344 --a------ C:\WINNT\asycfilt32.dll
2008-05-11 10:46:57 16384 --a------ C:\WINNT\asferror32.dll
2008-05-11 10:46:57 30720 --a------ C:\WINNT\apphelp32.dll
2008-05-11 10:46:56 24832 --a------ C:\WINNT\changeurl_30.dll
2008-05-11 09:41:15 1221139 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-05-11 09:36:13 0 d-------- C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:59 25728 --a------ C:\WINNT\system32\iifgGYop.dll
2008-05-11 09:35:55 0 d-------- C:\Program Files\QdrDrive
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-05-11 09:35:09 91563 --a------ C:\WINNT\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:35:09 91563 --a------ C:\WINNT\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:34:55 25600 --a------ C:\WINNT\b2new.exe
2008-05-09 12:10:08 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-09 11:10:10 229514 --a------ C:\WINNT\system32\000080.exe
2008-05-03 10:48:00 270709 --a------ C:\WINNT\system32\000060.exe
2008-05-01 17:52:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_28c.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-11 09:37:46 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat
2008-02-20 20:27:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5c4.dat
2008-02-20 20:11:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_e4.dat
2008-02-16 10:47:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA86068-A178-45AE-A05D-EBFD19A43265}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/11/08 09:36a 25728 --a------ C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb7f44a5-cc98-40fb-a7a7-5e62f5b2e127}]
05/15/08 05:23p 98960 --a------ C:\WINNT\system32\qybjykpk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/08 11:37a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]
"b880c3d9"="C:\WINNT\system32\lvqwfjio.dll" [05/15/08 09:50a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINNT\system32\iifgGYop.dll [05/11/08 09:36a 25728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgGYop]
iifgGYop.dll 05/11/08 09:36a 25728 C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-15 18:42:11 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-15-2008, 09:39 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,389
OS: XP


Re: Task manager greyed out, pop-ups
Hi,

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-16-2008, 04:56 PM   #5 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
After running Combofix, the task manager button is back. I'm still getting popups and the Visual C++ crash I discussed below. First, here's the combofix log:

ComboFix 08-05-15.3 - Kevin Butler 05/16/2008 13:07:14.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.176 [GMT -6:00]
Running from: C:\Documents and Settings\Kevin Butler\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\WINNT\123messenger.per
C:\WINNT\2020search.dll
C:\WINNT\2020search2.dll
C:\WINNT\apphelp32.dll
C:\WINNT\asferror32.dll
C:\WINNT\asycfilt32.dll
C:\WINNT\athprxy32.dll
C:\WINNT\ati2dvaa32.dll
C:\WINNT\ati2dvag32.dll
C:\WINNT\audiosrv32.dll
C:\WINNT\autodisc32.dll
C:\WINNT\avifile32.dll
C:\WINNT\avisynthex32.dll
C:\WINNT\aviwrap32.dll
C:\WINNT\b2new.exe
C:\WINNT\bjam.dll
C:\WINNT\bokja.exe
C:\WINNT\browserad.dll
C:\WINNT\cdsm32.dll
C:\WINNT\changeurl_30.dll
C:\WINNT\default.htm
C:\WINNT\didduid.ini
C:\WINNT\lfn.exe
C:\WINNT\licencia.txt
C:\WINNT\mainms.vpi
C:\WINNT\megavid.cdt
C:\WINNT\msa64chk.dll
C:\WINNT\msapasrc.dll
C:\WINNT\mspphe.dll
C:\WINNT\mssvr.exe
C:\WINNT\muotr.so
C:\WINNT\ntnut.exe
C:\WINNT\pskt.ini
C:\WINNT\saiemod.dll
C:\WINNT\shdocpe.dll
C:\WINNT\shdocpl.dll
C:\WINNT\stcloader.exe
C:\WINNT\swin32.dll
C:\WINNT\system32\000060.exe
C:\WINNT\system32\000080.exe
C:\WINNT\system32\bwmoxylf.dll
C:\WINNT\system32\eheejsbs.dll
C:\WINNT\system32\gkwigkko.dll
C:\WINNT\system32\HNWDNqru.ini
C:\WINNT\system32\HNWDNqru.ini2
C:\WINNT\system32\iifgGYop.dll
C:\WINNT\system32\jewhhrgr.dll
C:\WINNT\system32\jttrjxew.ini
C:\WINNT\system32\kmptuott.dll
C:\WINNT\system32\lnvepyvk.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\mkkibxpi.dll
C:\WINNT\system32\mqkjddwn.exe
C:\WINNT\system32\MSINET.oca
C:\WINNT\system32\ndhfepxt.dll
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\oajpqhhj.exe
C:\WINNT\system32\oijfwqvl.ini
C:\WINNT\system32\pac.txt
C:\WINNT\system32\pbyancum.ini
C:\WINNT\system32\qfldurte.exe
C:\WINNT\system32\qybjykpk.dll
C:\WINNT\system32\sft.res
C:\WINNT\system32\ttofxqyb.dll
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\system32\wxmmdigw.ini
C:\WINNT\telefonos.txt
C:\WINNT\textos.txt
C:\WINNT\voiceip.dll
C:\WINNT\Web\default.htt
C:\WINNT\winsb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 13:26 . 08-05-16 13:26 345 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-16 13:26 . 08-05-16 13:28 345 --ahs---- C:\WINNT\system32\HNWDNqru.ini
2008-05-16 13:26 . 08-05-16 13:26 294 ---hs---- C:\WINNT\system32\nhtjxvyk.ini
2008-05-16 09:58 . 08-05-16 09:58 82,992 --a------ C:\WINNT\system32\kyvxjthn.dll
2008-05-15 19:00 . 08-05-15 19:00 <DIR> d-------- C:\WINNT\McAfee.com
2008-05-13 19:46 . 08-05-13 19:46 553,548 ---h----- C:\WINNT\ShellIconCache
2008-05-12 09:44 . 08-05-16 09:46 109,807 --a------ C:\WINNT\BMbbb3f045.xml
2008-05-11 18:30 . 08-05-11 18:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 18:29 . 08-05-11 18:29 <DIR> d-------- C:\Deckard
2008-05-11 18:18 . 08-05-11 18:18 <DIR> d-a------ C:\WINNT\system32\BITS
2008-05-11 18:12 . 07-07-30 19:19 549,720 --a------ C:\WINNT\system32\wuapi.dll
2008-05-11 18:12 . 07-07-30 19:19 325,976 --a------ C:\WINNT\system32\wucltui.dll
2008-05-11 18:12 . 07-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll
2008-05-11 18:12 . 07-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 33,624 --a------ C:\WINNT\system32\wups.dll
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:04 . 08-05-11 18:04 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe
2008-05-11 16:29 . 08-05-11 16:31 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 14:52 . 08-05-11 14:58 2,822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28 . 08-05-11 14:59 <DIR> d-------- C:\Program Files\SmitfraudFix
2008-05-11 14:25 . 08-05-11 14:25 1,390,255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 09:41 . 08-05-11 09:41 316,464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37 . 08-05-11 09:37 578 --a------ C:\WINNT\index.html
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-a------ C:\WINNT\system32\dFrnx06
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-------- C:\Temp\tmpvc14
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-------- C:\Temp
2008-05-01 17:52 . 08-05-01 17:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_28c.dat
2008-04-17 18:32 . 08-04-17 18:32 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-04-17 18:32 . 08-04-17 18:32 1,409 --a------ C:\WINNT\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 02:02 --------- d-----w C:\Program Files\Ahead
2008-04-02 01:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-02 01:46 830,293 ----a-w C:\WINNT\hpdvd840b_HJ86.exe
2008-02-23 03:59 50 ----a-w C:\tmp.bat
2007-10-01 02:06 60,720 ----a-w C:\Documents and Settings\Kevin Butler\Application Data\GDIPFONTCACHEV1.DAT
2007-09-16 22:02 40,738,456 ----a-w C:\Program Files\zlsSetup_70_337_000_en.exe
2007-08-21 03:14 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe
2007-08-21 01:48 247,608 ----a-w C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2007-05-15 04:44 23,875,478 ----a-w C:\Program Files\WinAVR-20060421-install.exe
2007-05-15 04:34 47,631,556 ----a-w C:\Program Files\aStudio4b460.exe
2007-05-15 04:20 77,414,298 ----a-w C:\Program Files\aStudio4b528.exe
2007-05-15 03:54 26,874,781 ----a-w C:\Program Files\aStudio412SP4b498.exe
2007-05-13 03:24 23,984,334 ----a-w C:\Program Files\WinAVR-20070122-install.exe
2007-04-29 22:00 943,376 ----a-w C:\Program Files\ttermp23.zip
2007-01-27 16:13 14,231,915 ----a-w C:\Program Files\moonshell16_with_dpgtools121.zip
2007-01-14 15:29 138 ----a-w C:\Program Files\DPGPlay.ini
2007-01-09 00:53 1,658,957 ----a-w C:\Program Files\gerbmagi.zip
2007-01-07 17:32 3,799,568 ----a-w C:\Program Files\BatchDPG_v1.2.zip
2007-01-07 17:31 3,799,092 ----a-w C:\Program Files\BatchDPG_v1.2.7z
2007-01-07 17:30 24,265,736 ----a-w C:\Program Files\dotnetfx.exe
2007-01-06 00:19 3,158,471 ----a-w C:\Program Files\Avisynth_256.exe
2006-12-31 04:24 836,783 ----a-w C:\Program Files\7z442.exe
2006-12-31 04:04 6,769,576 ----a-w C:\Program Files\moonshell10_dpgtools.zip
2006-12-28 03:24 602,688 ----a-w C:\Program Files\SP4Express_EN.exe
2006-12-28 02:58 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2006-12-28 02:34 11,293,184 ----a-w C:\Program Files\eagle-win-eng-4.16r2.exe
2006-12-08 23:33 1,876,384 ----a-w C:\Program Files\ezip35.exe
2006-11-15 00:08 556 ----a-w C:\Program Files\Readme.txt
2006-11-15 00:07 211,838 ----a-w C:\Program Files\dpgplay.exe
2006-11-15 00:04 6,621 ----a-w C:\Program Files\dpgplay.au3
2006-11-14 20:41 3,161 ----a-w C:\Program Files\demux.pb
2006-11-14 20:36 7,168 ----a-w C:\Program Files\demux.exe
2006-10-27 01:56 8,645,474 ----a-w C:\Program Files\ce2kmain.exe
2006-09-24 11:23 7,812,065 ----a-w C:\Program Files\mplayer.exe
2006-09-05 03:27 11,682,968 ----a-w C:\Program Files\setupeng.exe
2006-09-05 01:17 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-09-04 21:36 271 ---h--w C:\Program Files\desktop.ini
2006-09-04 21:36 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3405B89F-B93E-45A6-A932-8B32477CC11D}]
08-05-11 09:41 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38c60d79-637e-4e19-86a3-0d49aff229e0}]
08-05-16 13:32 98896 --a------ C:\WINNT\system32\uhuudgbf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [07-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 111376 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [04-07-15 11:42 4112384]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [04-07-15 11:42 843776 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [04-07-15 11:42 81920]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [04-08-18 13:07 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-06 18:08 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-10-10 20:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-11-14 17:05 919016]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [04-09-03 02:58 65536]
"BMbbb3f045"="C:\WINNT\system32\ibyvwkcp.dll" [08-05-16 13:29 90240]
"b880c3d9"="C:\WINNT\system32\jgxkcigu.dll" [08-05-16 13:30 82992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\urqNDWNH

R0 idebd;idebd;C:\WINNT\system32\DRIVERS\idebd.sys [00-05-30 00:00 ]
R0 IntelATA;IntelATA;C:\WINNT\system32\DRIVERS\intelata.sys [00-05-30 00:00 ]
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-03-29 11:31 ]
R1 cmosa;cmosa;C:\WINNT\system32\drivers\cmosa.sys [00-05-08 20:50 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 09:34 ]
R2 tcaicchg;tcaicchg;C:\WINNT\System32\tcaicchg.sys [00-06-06 18:08 ]
R2 TCAITDI;TCAITDI Protocol;C:\WINNT\system32\DRIVERS\TCAITDI.sys [00-06-07 20:49 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 06:22 ]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [03-06-19 13:05 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 13:05 ]
R3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys [99-09-24 17:55 ]
S3 CA504AV;Mega Camera, WDM Video Capture;C:\WINNT\system32\Drivers\CA504AV.SYS [02-01-31 00:02 ]
S3 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [00-06-29 16:24 ]
S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;C:\WINNT\system32\Drivers\Bulk504.sys [01-10-05 17:33 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2006-09-04 23:20:39 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:25:30
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

\WINNT\explorer.exe [1152] 0x816AB2E0

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINNT\system32\ibyvwkcp.dll 90240 bytes executable
C:\WINNT\system32\nhtjxvyk.ini 294 bytes
C:\WINNT\system32\ugickxgj.ini 1468970 bytes
C:\WINNT\system32\uhuudgbf.dll 98896 bytes executable
C:\WINNT\system32\jgxkcigu.dll 82992 bytes executable
C:\WINNT\system32\ihnqlgii.exe 2048 bytes executable
C:\WINNT\system32\HNWDNqru.ini 1348605 bytes
C:\WINNT\system32\HNWDNqru.ini2 1348304 bytes
C:\WINNT\system32\Perflib_Perfdata_3b4.dat 16384 bytes
C:\WINNT\system32\Perflib_Perfdata_430.dat 16384 bytes

scan completed successfully
hidden files: 10

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\explorer.exe
-> C:\WINNT\system32\jgxkcigu.dll
-> C:\WINNT\system32\ibyvwkcp.dll
-> C:\WINNT\system32\urqNDWNH.dll
-> ?:\WINNT\System32\TXFAUX.DLL
.
Completion time: 2008-05-16 13:38:59 - machine was rebooted [Kevin Butler]
ComboFix-quarantined-files.txt 2008-05-16 19:38:36

Pre-Run: 21,070,467,072 bytes free
Post-Run: 22,146,449,408 bytes free

267


And here's the fresh DSS log:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-16 17:50:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:59 PM, on 5/16/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: {0e922ffa-94d0-3a68-91e4-e73697d06c83} - {38c60d79-637e-4e19-86a3-0d49aff229e0} - C:\WINNT\system32\uhuudgbf.dll
O2 - BHO: (no name) - {46FFD7B8-AB32-4AA5-BD9C-126D97C1C7AF} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [b880c3d9] rundll32.exe "C:\WINNT\system32\jgxkcigu.dll",b
O4 - HKLM\..\Run: [BMbbb3f045] Rundll32.exe "C:\WINNT\system32\ibyvwkcp.dll",s
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 7291 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 17:50:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_60c.dat
2008-05-16 17:46:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_294.dat
2008-05-16 13:32:24 98896 --a------ C:\WINNT\system32\uhuudgbf.dll
2008-05-16 13:30:48 2048 --a------ C:\WINNT\system32\ihnqlgii.exe
2008-05-16 13:30:28 82992 --a------ C:\WINNT\system32\jgxkcigu.dll
2008-05-16 13:29:12 90240 --a------ C:\WINNT\system32\ibyvwkcp.dll
2008-05-16 13:26:23 1349836 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-16 1312 68096 --a------ C:\WINNT\zip.exe
2008-05-16 1312 49152 --a------ C:\WINNT\VFind.exe
2008-05-16 1312 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-16 1312 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-16 1312 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-16 1312 98816 --a------ C:\WINNT\sed.exe
2008-05-16 1312 80412 --a------ C:\WINNT\grep.exe
2008-05-16 1312 73728 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-15 19:00:23 0 d-------- C:\WINNT\McAfee.com
2008-05-13 19:46:29 553548 ---h----- C:\WINNT\ShellIconCache
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-a------ C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:36:13 0 d-a------ C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-05-16 08:52:40 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38c60d79-637e-4e19-86a3-0d49aff229e0}]
05/16/08 01:32p 98896 --a------ C:\WINNT\system32\uhuudgbf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46FFD7B8-AB32-4AA5-BD9C-126D97C1C7AF}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]
"b880c3d9"="C:\WINNT\system32\jgxkcigu.dll" [05/16/08 01:30p]
"BMbbb3f045"="C:\WINNT\system32\ibyvwkcp.dll" [05/16/08 01:29p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-16 17:51:53 ------------


Thanks so much for your help, I really appreciate it!
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-17-2008, 04:50 AM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,389
OS: XP


Re: Task manager greyed out, pop-ups
Hi,

were you the one who created this index.html page? C:\WINNT\index.html? If not, can you check it out for me please.

Also, were you the one who created this batch file: C:\tmp.bat? If not, please right click it and select edit. Notepad will open with some contents. Please post the contents here. DO NOT double click it.


*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

Internet Speed Monitor
Outerinfo

The following are leftovers from your norton installation. You can remove them now.

LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
________

Open HijackThis > cho