I have lots of problems, no icons, start bar help needed

anbu_zim · 12-31-2007, 03:31 AM

Hello everyone, i'm in need of help, fast. Everytime I start my computer up and it flashes like crazy, what I mean by flashing is-is that my icons and start menu go away for a brief time then reappear every 10 seconds or so, but after about 20 times, the go away for good. Then I become left with the task bar, browsing for programs to start, this is how i'm on the internet right now. This is all started after browsing Google looking for a program to boost internet speed. I was at the site, downloaded, then installed the program. I knew immediately that I had done soemthing VERY wrong, everything went blank, no icons, no nothing, this made me very curious, and kind of pissed off. I'm sure a lot of you knoe how i'm feeling right now. I am able to get on Yahoo Instant Messenger, so if you can PM/IM me on there, my ID is "Anbu_Zim" (without pertheses). About an hour after dealing with my new found problem, I went to the site (I saved the link), and the site is now gone after a mear 2 hours or so, this is very strange and I got to wondering, "why would they have a site for 2 hours?". I was in a hury to save the link, so I renamed a music file the links name, so I may have gotten it wrong. A Friend told me to download a program called "HIjack this", so I did, and he told me to go to this site sence its very useful, and you get a lot of help here.

So, here is a screen shot of me starting up my computer RIGHT BEFORE THE FINAL FLASH: here

Here's a photo of it after the main flash: here

I was also told by my friend to give a log after scanning with HIjack this, i'm sure if this is it, but here you go:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:08 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pojo.biz/board/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4635 bytes

Please someone help me, this is my only computer, and I think the world of it, it is my only means of income (I sell things online).

**LonnyRJones** · 01-03-2008, 05:07 AM

Welcome to the forum anbu_zim

Start Hijackthis Scan and place a check next to these items If there.

F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Deckard's System Scanner (DSS) to your Desktop.
Note:You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
If prompted to let dds download Hijackthis choose YES.
When the scan is complete, two text files will open - main.txt <- this one will be maximized
and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply Please
attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Post a report from one or better yet both of these free online scans

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

anbu_zim · 01-03-2008, 09:08 PM

Quote:

Originally Posted by LonnyRJones

Welcome to the forum anbu_zim

Start Hijackthis Scan and place a check next to these items If there.

F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Deckard's System Scanner (DSS) to your Desktop.
Note:You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
If prompted to let dds download Hijackthis choose YES.
When the scan is complete, two text files will open - main.txt <- this one will be maximized
and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply Please
attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Post a report from one or better yet both of these free online scans

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

I did:

Quote:

Start Hijackthis Scan and place a check next to these items If there.

F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It still flashes, but no error. :) :(

I downloaded the DSS.exe and ran it, followed all introuctions and got:

Quote:

Originally Posted by main.txt

Deckard's System Scanner v20071014.68
Run by Default on 2008-01-03 20:00:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-01-04 04:00:40 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-01-04 02:48:44 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:57 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Default\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Default.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pojo.biz/board/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\Trntfiltr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {97E29523-55A3-4730-BE0F-F9E78DC7BC57} - C:\WINDOWS\system32\gebyy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\yaywust.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: yaywust - C:\WINDOWS\SYSTEM32\yaywust.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5554 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080103-195539-490 F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe
backup-20080103-195539-781 O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.reg - regfile - DefaultIcon - c:\windows\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Serial Port
Device ID: PCI\VEN_131F&DEV_2031&SUBSYS_2031131F&REV_00\4&11CD5334&0&50F0
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_131F&DEV_2031&SUBSYS_2031131F&REV_00\4&11CD5334&0&50F0
Service:

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2008-01-02 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job

-- Files created between 2007-12-03 and 2008-01-03 -----------------------------

2008-01-03 18:46:29 0 d-------- C:\WINDOWS\Prefetch
2008-01-03 02:35:38 0 d-------- C:\WINDOWS\system32\updater
2007-12-31 02:05:05 0 d-------- C:\Program Files\Trend Micro
2007-12-31 00:46:24 348160 --a------ C:\WINDOWS\system32\gebyy.exe
2007-12-30 23:32:49 73153 --ahs---- C:\WINDOWS\system32\yybeg.ini2
2007-12-30 23:32:39 344576 --a------ C:\WINDOWS\system32\gebyy.dll
2007-12-30 23:27:04 38912 --a------ C:\WINDOWS\system32\yaywust.dll
2007-12-30 23:21:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-12-30 23:20:56 0 d-------- C:\Program Files\TweakMASTER
2007-12-30 22:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 20:26:48 0 d-------- C:\Documents and Settings\Default\Application Data\Opera
2007-12-30 20:26:31 0 d-------- C:\Program Files\Opera
2007-12-30 18:48:29 0 d-------- C:\Documents and Settings\Default\Application Data\SystemRequirementsLab
2007-12-20 23:10:38 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2007-12-20 23:10:38 1358156 --a------ C:\WINDOWS\system32\silc.dat
2007-12-20 23:10:38 926241 --a------ C:\WINDOWS\system32\model.dat
2007-12-20 23:10:38 1523712 --a------ C:\WINDOWS\system32\LDPackage.dll <Not Verified; ; LDPackag Dynamic Link Library>
2007-12-20 16:51:10 286720 --a------ C:\WINDOWS\system32\rlxf.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-20 02:38:39 0 d-------- C:\Documents and Settings\Default\Application Data\acccore
2007-12-20 02:35:10 0 d-------- C:\Program Files\Viewpoint
2007-12-20 02:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-20 02:35:03 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-12-20 02:35:01 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-20 02:34:40 0 d-------- C:\Program Files\Common Files\AOL
2007-12-20 02:33:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-19 13:13:22 0 d-------- C:\Program Files\DomPlayer
2007-12-18 16:26:31 0 d-------- C:\Downloads
2007-12-18 16:07:29 712704 --a------ C:\WINDOWS\system32\rlph.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-17 09:11:36 118784 --a------ C:\WINDOWS\system32\rlai.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-16 18:44:53 0 d-------- C:\Documents and Settings\Default\Application Data\Nexon
2007-12-16 18:43:59 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-12-16 18:37:23 0 d-------- C:\Nexon
2007-12-16 13:24:13 360448 --a------ C:\WINDOWS\system32\rlls.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-12-13 21:27:12 5 --a------ C:\WINDOWS\youtubex.dll
2007-12-13 21:27:12 0 d-------- C:\tmpDownload
2007-12-13 21:26:59 0 d-------- C:\Program Files\YoutubeGet
2007-12-12 20:20:35 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-12 20:20:09 0 d-------- C:\Program Files\BitComet
2007-12-12 19:50:52 0 d-------- C:\Documents and Settings\Default\Application Data\mIRC
2007-12-11 21:48:34 0 d-------- C:\tmp
2007-12-10 21:42:22 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-10 21:42:22 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-12-10 21:42:21 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-10 21:42:21 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-10 21:42:21 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-12-10 21:42:21 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-10 21:42:21 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-12-10 21:42:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-10 21:42:20 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-10 21:42:20 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-10 21:42:19 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-06 23

35 104671 --a------ C:\WINDOWS\system32\AckUtl.dll
2007-12-06 23:05:10 0 d-------- C:\Program Files\GStudio6
2007-12-06 22:14:59 0 d-------- C:\Program Files\ePSXe
2007-12-06 20:57:27 188960 -----n--- C:\WINDOWS\system32\Wingde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2007-12-06 20:57:27 12800 -----n--- C:\WINDOWS\system32\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2007-12-06 20:57:27 92208 -----n--- C:\WINDOWS\system32\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2007-12-06 18:21:19 0 d-------- C:\Program Files\Blender Foundation
2007-12-06 17:45:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2007-12-06 17:44:37 0 d-------- C:\Program Files\Active WebCam
2007-12-06 03:07:23 0 d-------- C:\Documents and Settings\Default\Application Data\Lost Marble
2007-12-06 03

26 0 d-------- C:\Program Files\e frontier
2007-12-06 01:27:57 264704 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2007-12-06 01:27:57 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2007-12-06 01:27:57 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-12-06 01:27:57 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2007-12-06 01:27:56 49664 --a------ C:\WINDOWS\system32\SNTI386.DLL <Not Verified; Rainbow Technologies, Inc.; Sentinel Driver Setup>
2007-12-06 01:27:56 18432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
2007-12-06 01:27:56 73728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
2007-12-06 01:27:55 20032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
2007-12-06 01:27:53 0 d-------- C:\WINDOWS\system32\RNBOSENT
2007-12-06 01:27:51 7328 --a------ C:\WINDOWS\system32\drivers\ds1410d.sys
2007-12-06 01:27:50 0 d-------- C:\Program Files\GLOBEtrotter Software Inc
2007-12-06 01:27:47 0 d-------- C:\Documents and Settings\Default\WINDOWS
2007-12-06 01:27:42 8405015 --a------ C:\WINDOWS\hlktmp
2007-12-06 01:24:57 0 d-------- C:\Program Files\Autodesk
2007-12-06 01:22:11 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-06 01:22:11 0 d-------- C:\Program Files\Common Files\Alias Shared
2007-12-06 01:16:45 0 d-------- C:\FLEXLM
2007-12-06 00:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 19:55:26 0 d-------- C:\Documents and Settings\Default\Application Data\MozillaControl
2007-12-05 19:55:06 0 d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:47:43 0 d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:47:21 0 d-------- C:\aidualc3
2007-12-05 02:38:51 0 d-------- C:\WINDOWS\pss
2007-12-04 02:17:07 0 d-------- C:\Program Files\Starcraft
2007-12-03 21:49:30 0 d-------- C:\Program Files\Game_Maker7
2007-12-03 16:19:32 0 d-------- C:\Program Files\001

-- Find3M Report ---------------------------------------------------------------

2008-01-03 18:29:34 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-02 14:59:00 2608 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-20 02:34:30 335 --a------ C:\WINDOWS\nsreg.dat
2007-12-17 00:52:56 2496 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-07 04:35:14 1890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-01 15:48:20 0 d-------- C:\Program Files\MSXML 4.0
2007-11-30 17:37:28 56 -r-hs---- C:\WINDOWS\system32\ADA3995808.sys
2007-11-30 01:17:54 0 d-------- C:\Program Files\Bonjour
2007-11-30 01:17:32 0 d-------- C:\Documents and Settings\Default\Application Data\Adobe
2007-11-30 01:08:10 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-30 00:02:46 0 d-------- C:\Documents and Settings\Default\Application Data\GameHouse
2007-11-30 00:02:04 0 d-------- C:\Program Files\GameHouse
2007-11-29 22:44:18 0 d-------- C:\Documents and Settings\Default\Application Data\FDRLab
2007-11-29 22:35:34 0 d-------- C:\Documents and Settings\Default\Application Data\OTVREG
2007-11-29 22:34:18 0 d-------- C:\Program Files\Online TV Player 3
2007-11-29 22:31:50 0 d-------- C:\Program Files\Essentials Codec Pack
2007-11-29 21:33:48 109056 --a------ C:\WINDOWS\system32\fff-ea138.exe <Not Verified; Fighting For Fun; EA Games Generic Multi Keygen>
2007-11-28 23:40:10 0 d-------- C:\Program Files\ConsoleClassix.com
2007-11-28 18:10:58 0 d-------- C:\Program Files\Common Files\Xuisoft
2007-11-28 18:10:54 0 d-------- C:\Program Files\CoolImage
2007-11-28 18:08:36 0 d-------- C:\Program Files\Common Files\Download Manager
2007-11-28 15:37:32 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2007-11-28 15:37:32 0 d-------- C:\Program Files\Text 2 Speech 1
2007-11-28 15:20:22 0 d-------- C:\Program Files\AudioBookRecorder
2007-11-27 22:49:58 0 d-------- C:\Program Files\InfiniaChess
2007-11-27 22:38:00 0 d-------- C:\Documents and Settings\Default\Application Data\DreamChess
2007-11-26 02:40:32 0 --a------ C:\WINDOWS\Infob.dat
2007-11-26 02:40:32 0 --a------ C:\WINDOWS\Infoa.dat
2007-11-26 02:30:32 0 d-------- C:\Program Files\Total Video Converter
2007-11-25 18:05:52 0 d-------- C:\Program Files\After The End
2007-11-24 22:30:52 0 d-------- C:\Documents and Settings\Default\Application Data\LEGO Company
2007-11-24 22:30:34 0 d-------- C:\Program Files\LEGO Company
2007-11-24 22:19:18 0 d-------- C:\Documents and Settings\Default\Application Data\DAEMON Tools Pro
2007-11-24 22:17:44 0 d-------- C:\Program Files\DAEMON Tools Pro
2007-11-22 20:37:00 0 d-------- C:\Documents and Settings\Default\Application Data\Sun
2007-11-22 17:25:38 0 d-------- C:\Program Files\StepMania
2007-11-22 14:17:04 0 d-------- C:\Documents and Settings\Default\Application Data\WinRAR
2007-11-22 12:04:54 0 d-------- C:\Program Files\Star Defender 4
2007-11-22 02:17:44 1480 --a------ C:\WINDOWS\mozver.dat
2007-11-22 01:11:40 0 d-------- C:\Program Files\Crimsonland
2007-11-21 20:26:38 0 d-------- C:\Program Files\Alien Shooter
2007-11-21 19:58:02 0 d-------- C:\Program Files\ReflexiveArcade
2007-11-21 19:30:18 0 d-------- C:\Documents and Settings\Default\Application Data\Talkback
2007-11-21 19:29:46 0 d-------- C:\Documents and Settings\Default\Application Data\Mozilla
2007-11-21 17:07:40 0 d-------- C:\Documents and Settings\Default\Application Data\Google
2007-11-21 17:07:02 0 d-------- C:\Program Files\Google
2007-11-21 16:24:02 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-11-21 16:04:18 0 d-------- C:\Program Files\Real Alternative
2007-11-21 16:04:18 0 d-------- C:\Documents and Settings\Default\Application Data\Real
2007-11-21 00:20:56 0 d-------- C:\Documents and Settings\Default\Application Data\DivX
2007-11-20 22:56:36 0 d-------- C:\Program Files\DivX
2007-11-20 22:13:32 0 d-------- C:\Program Files\Lavasoft
2007-11-20 22:13:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 15:52:36 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-20 15:43:22 0 d-------- C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-20 15:42:40 0 d-------- C:\Program Files\Java
2007-11-20 15:41:58 0 d-------- C:\Program Files\Common Files\Java
2007-11-20 15:28:04 0 d-------- C:\Documents and Settings\Default\Application Data\Media Player Classic
2007-11-20 15:26:14 0 d-------- C:\Program Files\Visual Networks
2007-11-20 15:25:50 0 d-------- C:\Program Files\BroadJump
2007-11-20 15:25:42 0 d-------- C:\Program Files\SBC Yahoo!
2007-11-20 15:25:28 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-20 15:14:42 0 d-------- C:\Documents and Settings\Default\Application Data\BitTorrent
2007-11-20 15:13:04 0 d-------- C:\Program Files\Yahoo!
2007-11-20 15:12:12 0 d-------- C:\Program Files\2Wire
2007-11-20 14:57:24 0 d-------- C:\Documents and Settings\Default\Application Data\AVG7
2007-11-20 14:53:40 0 d-------- C:\Program Files\microsoft frontpage
2007-11-20 14:53:30 488 --a------ C:\WINDOWS\LnkStub.dat
2007-11-20 14:53:00 0 d-------- C:\Documents and Settings\Default\Application Data\Identities
2007-11-20 14:52:52 153600 --a------ C:\WINDOWS\system32\migicons.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-20 14:50:38 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-20 14:50:14 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-20 14:50:10 0 d-------- C:\Program Files\Movie Maker
2007-11-20 14:48:40 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-20 14:48:32 0 d-------- C:\Program Files\Windows NT
2007-11-20 14:43:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-20 14:43:02 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-20 14:42:44 62 --ahs---- C:\Documents and Settings\Default\Application Data\desktop.ini
2007-11-20 14:39:38 0 d-------- C:\Documents and Settings\Default\Application Data\Macromedia
2007-11-15 20:15:02 5619 --ah----- C:\WINDOWS\ttfCache
2007-11-15 20:14:58 16384 --a------ C:\WINDOWS\MSIMGSIZ.DAT
2007-11-15 20:12:50 1448 --a------ C:\WINDOWS\DOSSTART.BAT
2007-11-15 20:12:50 0 d-------- C:\Program Files\Microsoft Hardware
2007-11-15 20:12:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-15 20:12:36 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-15 20:12:14 0 d-------- C:\Program Files\Messenger
2007-11-15 20:12:12 15120 -----n--- C:\WINDOWS\system32\icfg95.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-15 20:12:08 57344 -----n--- C:\WINDOWS\system32\icmfilter.dll <Not Verified; ; icmfilter Module>
2007-11-15 20:11:34 393 --a------ C:\AUTOEXEC.BAT
2007-11-15 20:11:32 213 --a------ C:\CONFIG.SYS
2007-11-15 20:09:08 229408 -r-h----- C:\WINDOWS\HWINFO.DAT
2007-11-15 20:08:26 11079 ---h----- C:\Program Files\folder.htt
2007-11-15 20:08:26 266 ---hs---- C:\Program Files\desktop.ini
2007-11-15 20

52 0 d-------- C:\Program Files\directx
2007-11-15 20

12 1676 -r-hs---- C:\MSDOS.SYS
2007-11-07 06:38:44 130048 --a------ C:\WINDOWS\Trntfiltr.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
11/07/2007 06:38 AM 130048 --a------ C:\WINDOWS\Trntfiltr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97E29523-55A3-4730-BE0F-F9E78DC7BC57}]
12/30/2007 11:32 PM 344576 --a------ C:\WINDOWS\system32\gebyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA16FE06-B462-470E-9653-79C54B1871FF}]
12/30/2007 11:27 PM 38912 --a------ C:\WINDOWS\system32\yaywust.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 05:07 PM]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/21/2007 5:07:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA16FE06-B462-470E-9653-79C54B1871FF}"= C:\WINDOWS\system32\yaywust.dll [12/30/2007 11:27 PM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge]
C:\WINDOWS\system32\rlls.dll 12/17/2007 09:10 AM 360448 C:\WINDOWS\SYSTEM32\rlls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywust]
yaywust.dll 12/30/2007 11:27 PM 38912 C:\WINDOWS\SYSTEM32\yaywust.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\gebyy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Matrox Powerdesk"=C:\WINDOWS\SYSTEM32\PDESK.EXE /Autolaunch
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"POINTER"=point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

-- End of Deckard's System Scanner: finished at 2008-01-03 20:03:24 ------------

and i also got this:

Quote:

Originally Posted by extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1.70GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 511.3 MiB / 291.71 MiB
Pagefile Memory (total/avail): 1249.8 MiB / 1048.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.23 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 18.64 GiB total, 9.05 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST320011A - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.65 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\InfiniaChess\\infiniachess.exe"="C:\\Program Files\\InfiniaChess\\infiniachess.exe:*:Enabled:infiniachess"
"C:\\Documents and Settings\\Default\\Desktop\\DCPlusPlus\\DCPlusPlus.exe"="C:\\Documents and Settings\\Default\\Desktop\\DCPlusPlus\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\WINDOWS\\TEMP\\~os4.tmp\\ossproxy.exe"="C:\\WINDOWS\\TEMP\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1198146883\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1198146883\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1198146883\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1198146883\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Default\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANBU_ZIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Default
LOGONSERVER=\\ANBU_ZIM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Autodesk\Maya2008\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$p$g
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Default\LOCALS~1\Temp
TMP=C:\DOCUME~1\Default\LOCALS~1\Temp
USERDOMAIN=ANBU_ZIM
USERNAME=Default
USERPROFILE=C:\Documents and Settings\Default
winbootdir=C:\WINDOWS
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Default (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\YAHOO!\browser\unyb.exe
--> C:\PROGRA~1\YAHOO!\common\unybase.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GLOBEtrotter FLEXid Drivers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PRO Ethernet Adapter and Software --> 8255xDel.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.7 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Matrox Graphics Software (remove only) --> C:\WINDOWS\SYSTEM32\PDUNINST.EXE
Maya 2008 --> MsiExec.exe /I{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}
Maya 2008 Documentation (en_US) --> MsiExec.exe /I{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}
Microsoft IntelliPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
RelevantKnowledge --> c:\windows\system32\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
SBC Yahoo! Applications --> C:\Program Files\SBC Yahoo!\UninstallManager.exe
SBC Yahoo! DSL Home Networking Installer --> C:\Program Files\2Wire\Uninstaller.exe
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Total Video Converter 3.11 070908 --> "C:\Program Files\Total Video Converter\unins000.exe"
TTS --> MsiExec.exe /X{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual IP InSight(SBC) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type1931 / Error
Event Submitted/Written: 01/03/2008 07:18:46 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-01-04 03:18:46,828 ANBU_ZIM [001628:001640] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(892) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type1894 / Warning
Event Submitted/Written: 01/03/2008 06:33:08 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type1893 / Warning
Event Submitted/Written: 01/03/2008 06:33:08 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type1892 / Warning
Event Submitted/Written: 01/03/2008 06:33:07 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type1891 / Warning
Event Submitted/Written: 01/03/2008 06:33:07 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type6190 / Error
Event Submitted/Written: 01/03/2008 07:05:51 PM / 01/03/2008 07

51 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type6162 / Warning
Event Submitted/Written: 01/03/2008 05:58:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5919 / Warning
Event Submitted/Written: 01/03/2008 00:25:33 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5232 / Warning
Event Submitted/Written: 01/02/2008 11:23:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4917 / Warning
Event Submitted/Written: 01/02/2008 10:55:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-01-03 20:03:24 ------------

And as for the free online scanners you reccommened, my computer cant take that, and it wouldnt scan.

**LonnyRJones** · 01-04-2008, 05:34 AM

Next step
Post a combofix log
1. Download this file - combofix.exe to your desktop
http://subs.geekstogo.com/Beta/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you already have combofix re-download please as it is updated often.

anbu_zim · 01-04-2008, 07:41 PM

Quote:

Originally Posted by LonnyRJones

Next step
Post a combofix log
1. Download this file - combofix.exe to your desktop
http://subs.geekstogo.com/Beta/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you already have combofix re-download please as it is updated often.

Quote:

ComboFix 08-01-05.1 - Default 2008-01-04 18:33:24.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.289 [GMT -8:00]
Running from: C:\Documents and Settings\Default\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\start.exe
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\yaywust.dll
C:\WINDOWS\SYSTEM32\yybeg.ini
C:\WINDOWS\SYSTEM32\yybeg.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 20:31 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys
2008-01-03 20:14 . 2008-01-03 20:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-03 20:14 . 2008-01-03 20:14 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-03 20:14 . 2008-01-03 20:14 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-03 20:14 . 2008-01-03 20:14 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-03 20:00 . 2008-01-03 20:00 <DIR> d-------- C:\Deckard
2008-01-03 18:39 . 2004-08-03 17:07 1,875,968 --a------ C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex
2008-01-03 18:38 . 2004-08-03 17:07 13,463,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-01-03 18:37 . 2004-08-03 17:07 2,134,528 --a------ C:\WINDOWS\SYSTEM32\dllcache\smtpsnap.dll
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-01-03 02:35 . 2008-01-03 02:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\updater
2008-01-03 02:35 . 2008-01-03 02:35 8 --a------ C:\boot.inf
2007-12-31 02:05 . 2007-12-31 02:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 00:46 . 2008-01-01 17:58 348,160 --a------ C:\WINDOWS\SYSTEM32\gebyy.exe
2007-12-30 23:21 . 2007-12-30 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-12-30 23:20 . 2007-12-30 23:20 <DIR> d-------- C:\Program Files\TweakMASTER
2007-12-30 22:50 . 2007-12-30 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 20:26 . 2007-12-30 20:26 <DIR> d-------- C:\Program Files\Opera
2007-12-30 18:48 . 2007-12-30 18:48 <DIR> d-------- C:\Documents and Settings\Default\Application Data\SystemRequirementsLab
2007-12-20 23:10 . 2007-12-20 23:10 1,358,156 --a------ C:\WINDOWS\SYSTEM32\silc.dat
2007-12-20 02:38 . 2007-12-20 02:38 <DIR> d-------- C:\Documents and Settings\Default\Application Data\acccore
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-12-20 02:33 . 2007-12-20 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-20 02:33 . 2007-12-20 02:33 29 --a------ C:\WINDOWS\atid.ini
2007-12-19 13:13 . 2007-12-19 13:13 <DIR> d-------- C:\Program Files\DomPlayer
2007-12-18 16:07 . 2007-12-18 16:07 712,704 --a------ C:\WINDOWS\SYSTEM32\rlph.dll
2007-12-17 09:11 . 2007-12-17 09:11 118,784 --a------ C:\WINDOWS\SYSTEM32\rlai.dll
2007-12-17 02:14 . 2007-12-17 02:14 1,039 --a------ C:\WINDOWS\_isenv31.ini
2007-12-16 18:44 . 2007-12-16 18:44 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Nexon
2007-12-16 18:43 . 2003-07-20 10:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2007-12-16 18:43 . 2005-01-04 01:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-12-16 18:37 . 2007-12-16 18:37 <DIR> d-------- C:\Nexon
2007-12-13 21:27 . 2007-12-13 21:27 <DIR> d-------- C:\tmpDownload
2007-12-13 21:27 . 2007-12-13 21:35 5 --a------ C:\WINDOWS\youtubex.dll
2007-12-13 21:26 . 2007-12-13 21:27 <DIR> d-------- C:\Program Files\YoutubeGet
2007-12-12 20:20 . 2007-12-12 20:20 <DIR> d-------- C:\Program Files\BitComet
2007-12-12 20:20 . 2007-12-12 20:20 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll
2007-12-12 19:50 . 2007-12-12 19:50 <DIR> d-------- C:\Documents and Settings\Default\Application Data\mIRC
2007-12-11 21:48 . 2007-12-11 21:48 <DIR> d-------- C:\tmp
2007-12-06 23:06 . 2004-01-20 16:14 104,671 --a------ C:\WINDOWS\SYSTEM32\AckUtl.dll
2007-12-06 23:05 . 2007-12-06 23:05 <DIR> d-------- C:\Program Files\GStudio6
2007-12-06 22:14 . 2007-12-06 22:15 <DIR> d-------- C:\Program Files\ePSXe
2007-12-06 20:57 . 2004-12-06 00:00 188,960 --------- C:\WINDOWS\SYSTEM32\Wingde.dll
2007-12-06 20:57 . 2004-12-06 00:00 92,208 --------- C:\WINDOWS\SYSTEM32\Wing.dll
2007-12-06 20:57 . 2004-12-06 00:00 12,800 --------- C:\WINDOWS\SYSTEM32\Wing32.dll
2007-12-06 20:57 . 2004-12-06 00:00 6,736 --------- C:\WINDOWS\SYSTEM32\Wingdib.drv
2007-12-06 20:57 . 2004-12-06 00:00 5,024 --------- C:\WINDOWS\SYSTEM32\Wingpal.wnd
2007-12-06 18:21 . 2007-12-06 18:21 <DIR> d-------- C:\Program Files\Blender Foundation
2007-12-06 17:45 . 2007-12-06 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2007-12-06 17:45 . 2007-08-13 14:51 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2007-12-06 17:44 . 2007-12-06 17:44 <DIR> d-------- C:\Program Files\Active WebCam
2007-12-06 03:07 . 2007-12-06 03:07 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lost Marble
2007-12-06 03:06 . 2007-12-06 03:06 <DIR> d-------- C:\Program Files\e frontier
2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc
2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Documents and Settings\Default\WINDOWS
2007-12-06 01:24 . 2007-12-06 01:24 <DIR> d-------- C:\Program Files\Autodesk
2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-12-06 01:21 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\SYSTEM32\d3dx9_34.dll
2007-12-06 01:21 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2007-12-06 01:16 . 2007-12-06 01:16 <DIR> d-------- C:\FLEXLM
2007-12-06 00:01 . 2007-12-06 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Documents and Settings\Default\Application Data\MozillaControl
2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\aidualc3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 02:48 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-06 09:27 6,656 ----a-w C:\WINDOWS\SYSTEM32\haspvdd.dll
2007-12-06 09:27 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2007-12-06 09:27 264,704 ----a-w C:\WINDOWS\SYSTEM32\hlvdd.dll
2007-12-06 03:55 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2007-12-04 10:17 --------- d-----w C:\Program Files\Starcraft
2007-12-04 05:49 --------- d-----w C:\Program Files\Game_Maker7
2007-12-04 00:19 --------- d-----w C:\Program Files\001
2007-12-03 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-01 23:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-30 09:17 --------- d-----w C:\Program Files\Bonjour
2007-11-30 09:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-30 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-30 08:02 --------- d-----w C:\Program Files\GameHouse
2007-11-30 08:02 --------- d-----w C:\Documents and Settings\Default\Application Data\GameHouse
2007-11-30 06:44 --------- d-----w C:\Documents and Settings\Default\Application Data\FDRLab
2007-11-30 06:35 --------- d-----w C:\Documents and Settings\Default\Application Data\OTVREG
2007-11-30 06:34 --------- d-----w C:\Program Files\Online TV Player 3
2007-11-30 06:31 --------- d-----w C:\Program Files\Essentials Codec Pack
2007-11-30 05:33 109,056 ----a-w C:\WINDOWS\SYSTEM32\fff-ea138.exe
2007-11-29 07:40 --------- d-----w C:\Program Files\ConsoleClassix.com
2007-11-29 02:10 --------- d-----w C:\Program Files\CoolImage
2007-11-29 02:10 --------- d-----w C:\Program Files\Common Files\Xuisoft
2007-11-29 02:08 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-11-28 23:37 72,192 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-28 23:37 --------- d-----w C:\Program Files\Text 2 Speech 1
2007-11-28 23:20 --------- d-----w C:\Program Files\AudioBookRecorder
2007-11-28 06:49 --------- d-----w C:\Program Files\InfiniaChess
2007-11-28 06:38 --------- d-----w C:\Documents and Settings\Default\Application Data\DreamChess
2007-11-26 10:30 --------- d-----w C:\Program Files\Total Video Converter
2007-11-26 02:05 --------- d-----w C:\Program Files\After The End
2007-11-25 06:30 --------- d-----w C:\Program Files\LEGO Company
2007-11-25 06:30 --------- d-----w C:\Documents and Settings\Default\Application Data\LEGO Company
2007-11-25 06:19 --------- d-----w C:\Documents and Settings\Default\Application Data\DAEMON Tools Pro
2007-11-25 06:17 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-23 04:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 01:25 --------- d-----w C:\Program Files\StepMania
2007-11-22 20:04 --------- d-----w C:\Program Files\Star Defender 4
2007-11-22 09:11 --------- d-----w C:\Program Files\Crimsonland
2007-11-22 04:26 --------- d-----w C:\Program Files\Alien Shooter
2007-11-22 03:58 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-22 03:30 --------- d-----w C:\Documents and Settings\Default\Application Data\Talkback
2007-11-22 01:07 --------- d-----w C:\Program Files\Google
2007-11-22 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-22 00:04 --------- d-----w C:\Program Files\Real Alternative
2007-11-21 08:20 --------- d-----w C:\Documents and Settings\Default\Application Data\DivX
2007-11-21 06:56 --------- d-----w C:\Program Files\DivX
2007-11-21 06:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-21 06:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 23:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-20 23:43 --------- d-----w C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-20 23:42 --------- d-----w C:\Program Files\Java
2007-11-20 23:41 --------- d-----w C:\Program Files\Common Files\Java
2007-11-20 23:28 --------- d-----w C:\Documents and Settings\Default\Application Data\Media Player Classic
2007-11-20 23:26 --------- d-----w C:\Program Files\Visual Networks
2007-11-20 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks
2007-11-20 23:25 --------- d-----w C:\Program Files\SBC Yahoo!
2007-11-20 23:25 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-20 23:25 --------- d-----w C:\Program Files\BroadJump
2007-11-20 23:14 --------- d-----w C:\Documents and Settings\Default\Application Data\BitTorrent
2007-11-20 23:13 155,995 ----a-w C:\WINDOWS\JAVA\Packages\935FN9N1.ZIP
2007-11-20 23:13 --------- d-----w C:\Program Files\Yahoo!
2007-11-20 23:12 --------- d-----w C:\Program Files\2Wire
2007-11-20 22:57 --------- d-----w C:\Documents and Settings\Default\Application Data\AVG7
2007-11-20 22:55 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-11-20 22:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-20 22:53 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-20 22:52 153,600 ----a-w C:\WINDOWS\SYSTEM32\migicons.exe
2007-11-20 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-16 04:12 57,344 ------w C:\WINDOWS\SYSTEM32\icmfilter.dll
2007-11-16 04:12 15,120 ------w C:\WINDOWS\SYSTEM32\icfg95.dll
2007-11-16 04:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 04:12 --------- d-----w C:\Program Files\Microsoft Hardware
2007-11-16 04:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-16 04:08 93,271 ----a-w C:\WINDOWS\JAVA\Packages\RJT3RN37.ZIP
2007-11-16 04:08 558,142 ----a-w C:\WINDOWS\JAVA\Packages\1ZPRFZ9F.ZIP
2007-11-16 04:08 266 --sh--w C:\Program Files\desktop.ini
2007-11-16 04:08 11,079 ---h--w C:\Program Files\folder.htt
2007-11-16 04:06 --------- d-----w C:\Program Files\directx
2007-11-07 14:38 130,048 ----a-w C:\WINDOWS\Trntfiltr.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
.

Code:

<pre>
----a-w           508,928 2008-01-04 02:48:50  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
2007-11-07 06:38 130048 --a------ C:\WINDOWS\Trntfiltr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 17:07 158208]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 19:05 650752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-21 17:07:02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Matrox Powerdesk"=C:\WINDOWS\SYSTEM32\PDESK.EXE /Autolaunch
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"POINTER"=point32.exe

R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-05-12 08:26]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 07:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 18:40:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 18:41:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 02:40:58
.
2008-01-04 04:48:25 --- E O F ---

**LonnyRJones** · 01-04-2008, 08:05 PM

No need to quote me, makes for realy long post and its hard on the eyes

"'Full Speed' Internet Booster + Performance Tests"
Is that the program you mentioned in your first post ?
If so uninstall IT

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt

Code:

registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-
"Updater"=-
file::
C:\WINDOWS\SYSTEM32\gebyy.exe
C:\WINDOWS\Trntfiltr.dll
C:\WINDOWS\SYSTEM32\rlph.dll
C:\WINDOWS\SYSTEM32\rlai.dll
folder::
C:\WINDOWS\system32\updater
Killall::

http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.

Post a report from one or better yet both of these free online scans

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

anbu_zim · 01-04-2008, 08:56 PM

ComboFix 08-01-05.1 - Default 2008-01-04 19:50:04.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.318 [GMT -8:00]
Running from: C:\Documents and Settings\Default\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Default\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\gebyy.exe
C:\WINDOWS\SYSTEM32\rlai.dll
C:\WINDOWS\SYSTEM32\rlph.dll
C:\WINDOWS\Trntfiltr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\gebyy.exe
C:\WINDOWS\SYSTEM32\rlai.dll
C:\WINDOWS\SYSTEM32\rlph.dll
C:\WINDOWS\system32\updater
C:\WINDOWS\system32\updater\explorer.exe
C:\WINDOWS\Trntfiltr.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:50 . 2008-01-04 18:50 <DIR> d-------- C:\Documents and Settings\Default\LimeWire Store Purchased
2008-01-04 18:49 . 2008-01-04 18:49 <DIR> d-------- C:\Program Files\LimeWire
2008-01-04 18:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 20:31 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys
2008-01-03 20:14 . 2008-01-03 20:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-03 20:14 . 2008-01-03 20:14 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-03 20:14 . 2008-01-03 20:14 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-03 20:14 . 2008-01-03 20:14 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-03 20:00 . 2008-01-03 20:00 <DIR> d-------- C:\Deckard
2008-01-03 18:39 . 2004-08-03 17:07 1,875,968 --a------ C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex
2008-01-03 18:38 . 2004-08-03 17:07 13,463,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-01-03 18:37 . 2004-08-03 17:07 2,134,528 --a------ C:\WINDOWS\SYSTEM32\dllcache\smtpsnap.dll
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-01-03 18:31 . 2008-01-03 18:31 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-01-03 02:35 . 2008-01-03 02:35 8 --a------ C:\boot.inf
2007-12-31 02:05 . 2007-12-31 02:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 23:21 . 2007-12-30 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-12-30 23:20 . 2007-12-30 23:20 <DIR> d-------- C:\Program Files\TweakMASTER
2007-12-30 22:50 . 2007-12-30 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 20:26 . 2007-12-30 20:26 <DIR> d-------- C:\Program Files\Opera
2007-12-30 18:48 . 2007-12-30 18:48 <DIR> d-------- C:\Documents and Settings\Default\Application Data\SystemRequirementsLab
2007-12-20 23:10 . 2007-12-20 23:10 1,358,156 --a------ C:\WINDOWS\SYSTEM32\silc.dat
2007-12-20 02:38 . 2007-12-20 02:38 <DIR> d-------- C:\Documents and Settings\Default\Application Data\acccore
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-12-20 02:33 . 2007-12-20 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-20 02:33 . 2007-12-20 02:33 29 --a------ C:\WINDOWS\atid.ini
2007-12-19 13:13 . 2007-12-19 13:13 <DIR> d-------- C:\Program Files\DomPlayer
2007-12-17 02:14 . 2007-12-17 02:14 1,039 --a------ C:\WINDOWS\_isenv31.ini
2007-12-16 18:44 . 2007-12-16 18:44 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Nexon
2007-12-16 18:43 . 2003-07-20 10:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2007-12-16 18:43 . 2005-01-04 01:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-12-16 18:37 . 2007-12-16 18:37 <DIR> d-------- C:\Nexon
2007-12-13 21:27 . 2007-12-13 21:27 <DIR> d-------- C:\tmpDownload
2007-12-13 21:27 . 2007-12-13 21:35 5 --a------ C:\WINDOWS\youtubex.dll
2007-12-13 21:26 . 2007-12-13 21:27 <DIR> d-------- C:\Program Files\YoutubeGet
2007-12-12 20:20 . 2007-12-12 20:20 <DIR> d-------- C:\Program Files\BitComet
2007-12-12 20:20 . 2007-12-12 20:20 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll
2007-12-12 19:50 . 2007-12-12 19:50 <DIR> d-------- C:\Documents and Settings\Default\Application Data\mIRC
2007-12-11 21:48 . 2007-12-11 21:48 <DIR> d-------- C:\tmp
2007-12-06 23:06 . 2004-01-20 16:14 104,671 --a------ C:\WINDOWS\SYSTEM32\AckUtl.dll
2007-12-06 23:05 . 2007-12-06 23:05 <DIR> d-------- C:\Program Files\GStudio6
2007-12-06 22:14 . 2007-12-06 22:15 <DIR> d-------- C:\Program Files\ePSXe
2007-12-06 20:57 . 2004-12-06 00:00 188,960 --------- C:\WINDOWS\SYSTEM32\Wingde.dll
2007-12-06 20:57 . 2004-12-06 00:00 92,208 --------- C:\WINDOWS\SYSTEM32\Wing.dll
2007-12-06 20:57 . 2004-12-06 00:00 12,800 --------- C:\WINDOWS\SYSTEM32\Wing32.dll
2007-12-06 20:57 . 2004-12-06 00:00 6,736 --------- C:\WINDOWS\SYSTEM32\Wingdib.drv
2007-12-06 20:57 . 2004-12-06 00:00 5,024 --------- C:\WINDOWS\SYSTEM32\Wingpal.wnd
2007-12-06 18:21 . 2007-12-06 18:21 <DIR> d-------- C:\Program Files\Blender Foundation
2007-12-06 17:45 . 2007-12-06 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2007-12-06 17:45 . 2007-08-13 14:51 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2007-12-06 17:44 . 2007-12-06 17:44 <DIR> d-------- C:\Program Files\Active WebCam
2007-12-06 03:07 . 2007-12-06 03:07 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lost Marble
2007-12-06 03:06 . 2007-12-06 03:06 <DIR> d-------- C:\Program Files\e frontier
2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc
2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Documents and Settings\Default\WINDOWS
2007-12-06 01:24 . 2007-12-06 01:24 <DIR> d-------- C:\Program Files\Autodesk
2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-12-06 01:21 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\SYSTEM32\d3dx9_34.dll
2007-12-06 01:21 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2007-12-06 01:16 . 2007-12-06 01:16 <DIR> d-------- C:\FLEXLM
2007-12-06 00:01 . 2007-12-06 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Documents and Settings\Default\Application Data\MozillaControl
2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\aidualc3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-06 09:27 6,656 ----a-w C:\WINDOWS\SYSTEM32\haspvdd.dll
2007-12-06 09:27 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2007-12-06 09:27 264,704 ----a-w C:\WINDOWS\SYSTEM32\hlvdd.dll
2007-12-06 03:55 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2007-12-04 10:17 --------- d-----w C:\Program Files\Starcraft
2007-12-04 05:49 --------- d-----w C:\Program Files\Game_Maker7
2007-12-04 00:19 --------- d-----w C:\Program Files\001
2007-12-03 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-01 23:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-30 09:17 --------- d-----w C:\Program Files\Bonjour
2007-11-30 09:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-30 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-30 08:02 --------- d-----w C:\Program Files\GameHouse
2007-11-30 08:02 --------- d-----w C:\Documents and Settings\Default\Application Data\GameHouse
2007-11-30 06:44 --------- d-----w C:\Documents and Settings\Default\Application Data\FDRLab
2007-11-30 06:35 --------- d-----w C:\Documents and Settings\Default\Application Data\OTVREG
2007-11-30 06:34 --------- d-----w C:\Program Files\Online TV Player 3
2007-11-30 06:31 --------- d-----w C:\Program Files\Essentials Codec Pack
2007-11-30 05:33 109,056 ----a-w C:\WINDOWS\SYSTEM32\fff-ea138.exe
2007-11-29 07:40 --------- d-----w C:\Program Files\ConsoleClassix.com
2007-11-29 02:10 --------- d-----w C:\Program Files\CoolImage
2007-11-29 02:10 --------- d-----w C:\Program Files\Common Files\Xuisoft
2007-11-29 02:08 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-11-28 23:37 72,192 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-28 23:37 --------- d-----w C:\Program Files\Text 2 Speech 1
2007-11-28 23:20 --------- d-----w C:\Program Files\AudioBookRecorder
2007-11-28 06:49 --------- d-----w C:\Program Files\InfiniaChess
2007-11-28 06:38 --------- d-----w C:\Documents and Settings\Default\Application Data\DreamChess
2007-11-26 10:30 --------- d-----w C:\Program Files\Total Video Converter
2007-11-26 02:05 --------- d-----w C:\Program Files\After The End
2007-11-25 06:30 --------- d-----w C:\Program Files\LEGO Company
2007-11-25 06:30 --------- d-----w C:\Documents and Settings\Default\Application Data\LEGO Company
2007-11-25 06:19 --------- d-----w C:\Documents and Settings\Default\Application Data\DAEMON Tools Pro
2007-11-25 06:17 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-23 04:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 01:25 --------- d-----w C:\Program Files\StepMania
2007-11-22 20:04 --------- d-----w C:\Program Files\Star Defender 4
2007-11-22 09:11 --------- d-----w C:\Program Files\Crimsonland
2007-11-22 04:26 --------- d-----w C:\Program Files\Alien Shooter
2007-11-22 03:58 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-22 03:30 --------- d-----w C:\Documents and Settings\Default\Application Data\Talkback
2007-11-22 01:07 --------- d-----w C:\Program Files\Google
2007-11-22 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-22 00:04 --------- d-----w C:\Program Files\Real Alternative
2007-11-21 08:20 --------- d-----w C:\Documents and Settings\Default\Application Data\DivX
2007-11-21 06:56 --------- d-----w C:\Program Files\DivX
2007-11-21 06:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-21 06:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 23:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-20 23:43 --------- d-----w C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-20 23:42 --------- d-----w C:\Program Files\Java
2007-11-20 23:41 --------- d-----w C:\Program Files\Common Files\Java
2007-11-20 23:28 --------- d-----w C:\Documents and Settings\Default\Application Data\Media Player Classic
2007-11-20 23:26 --------- d-----w C:\Program Files\Visual Networks
2007-11-20 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks
2007-11-20 23:25 --------- d-----w C:\Program Files\SBC Yahoo!
2007-11-20 23:25 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-20 23:25 --------- d-----w C:\Program Files\BroadJump
2007-11-20 23:14 --------- d-----w C:\Documents and Settings\Default\Application Data\BitTorrent
2007-11-20 23:13 155,995 ----a-w C:\WINDOWS\JAVA\Packages\935FN9N1.ZIP
2007-11-20 23:13 --------- d-----w C:\Program Files\Yahoo!
2007-11-20 23:12 --------- d-----w C:\Program Files\2Wire
2007-11-20 22:57 --------- d-----w C:\Documents and Settings\Default\Application Data\AVG7
2007-11-20 22:55 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-11-20 22:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-20 22:53 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-20 22:52 153,600 ----a-w C:\WINDOWS\SYSTEM32\migicons.exe
2007-11-20 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-16 04:12 57,344 ------w C:\WINDOWS\SYSTEM32\icmfilter.dll
2007-11-16 04:12 15,120 ------w C:\WINDOWS\SYSTEM32\icfg95.dll
2007-11-16 04:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 04:12 --------- d-----w C:\Program Files\Microsoft Hardware
2007-11-16 04:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-16 04:08 93,271 ----a-w C:\WINDOWS\JAVA\Packages\RJT3RN37.ZIP
2007-11-16 04:08 558,142 ----a-w C:\WINDOWS\JAVA\Packages\1ZPRFZ9F.ZIP
2007-11-16 04:08 266 --sh--w C:\Program Files\desktop.ini
2007-11-16 04:08 11,079 ---h--w C:\Program Files\folder.htt
2007-11-16 04:06 --------- d-----w C:\Program Files\directx
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
.

Code:

<pre>
----a-w           508,928 2008-01-04 02:48:50  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-04_18.40.38.39 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 19:05 650752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-21 17:07:02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Matrox Powerdesk"=C:\WINDOWS\SYSTEM32\PDESK.EXE /Autolaunch
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"POINTER"=point32.exe

R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-05-12 08:26]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 07:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 19:55:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 19:56:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 03:56:12
ComboFix2.txt 2008-01-05 02:41:04
.
2008-01-04 04:48:25 --- E O F ---

anbu_zim · 01-09-2008, 12:20 AM

my computer is fixed, thank you so much, im spreading this link around ll over the net to people with comp problems so they can get fast and easy help. once again thanks.

**LonnyRJones** · 01-09-2008, 12:55 AM

I missed your post

Id like you to re-download and run this version of combofix and post its log
http://www.forospyware.com/sUBs/Beta/ComboFix.exe

"'Full Speed' Internet Booster + Performance Tests"
Is that the program you mentioned in your first post ?

anbu_zim · 01-09-2008, 02:08 AM

no worries my comp is fixed, but ill do as told.

Quote:

Originally Posted by log

ill post this in just a few, sorry.

And as for the performance test thing, I don't know what that is, so I went into programs and unistalled it and deleted the remaining Jazzzz.

01-03-2008, 05:07 AM	#2 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,648 OS: xp	Re: I have lots of problems, no icons, start bar help needed Welcome to the forum anbu_zim Start Hijackthis Scan and place a check next to these items If there. F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyy.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll ==================================== Hit fix checked and close Hijackthis. Restart the PC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Download Deckard's System Scanner (DSS) to your Desktop. Note:You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. If prompted to let dds download Hijackthis choose YES. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. Post a report from one or better yet both of these free online scans Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Pess "scan your PC now" allow the active x to install (if prompted) Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2 http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component __________________ Our help is voluntary. But this site needs donations to operate.

01-04-2008, 05:34 AM	#4 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,648 OS: xp	Re: I have lots of problems, no icons, start bar help needed Next step Post a combofix log 1. Download this file - combofix.exe to your desktop http://subs.geekstogo.com/Beta/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. If you already have combofix re-download please as it is updated often. __________________ Our help is voluntary. But this site needs donations to operate.

01-04-2008, 08:05 PM	#6 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,648 OS: xp	Re: I have lots of problems, no icons, start bar help needed No need to quote me, makes for realy long post and its hard on the eyes "'Full Speed' Internet Booster + Performance Tests" Is that the program you mentioned in your first post ? If so uninstall IT Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents of the code box below into a new text file. (dont include the word code) Save it as file name: cfscript.txt Code: registry:: [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"=- "Updater"=- file:: C:\WINDOWS\SYSTEM32\gebyy.exe C:\WINDOWS\Trntfiltr.dll C:\WINDOWS\SYSTEM32\rlph.dll C:\WINDOWS\SYSTEM32\rlai.dll folder:: C:\WINDOWS\system32\updater Killall:: http://users.pandora.be/bluepatchy/m...s/CFScript.gif As in the picture above drag and drop cfscript.txt onto combofix.exe when it is finished a text will open, post it. Post a report from one or better yet both of these free online scans Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Pess "scan your PC now" allow the active x to install (if prompted) Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2 http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component __________________ Our help is voluntary. But this site needs donations to operate.

01-04-2008, 08:56 PM	#7 (permalink)
anbu_zim Registered User Join Date: Dec 2007 Posts: 13 OS: xp	Re: I have lots of problems, no icons, start bar help needed ComboFix 08-01-05.1 - Default 2008-01-04 19:50:04.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.318 [GMT -8:00] Running from: C:\Documents and Settings\Default\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Default\Desktop\cfscript.txt * Created a new restore point FILE C:\WINDOWS\SYSTEM32\gebyy.exe C:\WINDOWS\SYSTEM32\rlai.dll C:\WINDOWS\SYSTEM32\rlph.dll C:\WINDOWS\Trntfiltr.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\gebyy.exe C:\WINDOWS\SYSTEM32\rlai.dll C:\WINDOWS\SYSTEM32\rlph.dll C:\WINDOWS\system32\updater C:\WINDOWS\system32\updater\explorer.exe C:\WINDOWS\Trntfiltr.dll . ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))) . 2008-01-04 18:50 . 2008-01-04 18:50 <DIR> d-------- C:\Documents and Settings\Default\LimeWire Store Purchased 2008-01-04 18:49 . 2008-01-04 18:49 <DIR> d-------- C:\Program Files\LimeWire 2008-01-04 18:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 20:31 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys 2008-01-03 20:14 . 2008-01-03 20:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-01-03 20:14 . 2008-01-03 20:14 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-01-03 20:14 . 2008-01-03 20:14 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-01-03 20:14 . 2008-01-03 20:14 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-01-03 20:00 . 2008-01-03 20:00 <DIR> d-------- C:\Deckard 2008-01-03 18:39 . 2004-08-03 17:07 1,875,968 --a------ C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex 2008-01-03 18:38 . 2004-08-03 17:07 13,463,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll 2008-01-03 18:37 . 2004-08-03 17:07 2,134,528 --a------ C:\WINDOWS\SYSTEM32\dllcache\smtpsnap.dll 2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest 2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest 2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest 2008-01-03 18:31 . 2008-01-03 18:31 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest 2008-01-03 18:31 . 2008-01-03 18:31 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest 2008-01-03 02:35 . 2008-01-03 02:35 8 --a------ C:\boot.inf 2007-12-31 02:05 . 2007-12-31 02:05 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-30 23:21 . 2007-12-30 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2007-12-30 23:20 . 2007-12-30 23:20 <DIR> d-------- C:\Program Files\TweakMASTER 2007-12-30 22:50 . 2007-12-30 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-30 20:26 . 2007-12-30 20:26 <DIR> d-------- C:\Program Files\Opera 2007-12-30 18:48 . 2007-12-30 18:48 <DIR> d-------- C:\Documents and Settings\Default\Application Data\SystemRequirementsLab 2007-12-20 23:10 . 2007-12-20 23:10 1,358,156 --a------ C:\WINDOWS\SYSTEM32\silc.dat 2007-12-20 02:38 . 2007-12-20 02:38 <DIR> d-------- C:\Documents and Settings\Default\Application Data\acccore 2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Viewpoint 2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-12-20 02:35 . 2007-12-20 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Program Files\Common Files\AOL 2007-12-20 02:33 . 2007-12-20 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-20 02:33 . 2007-12-20 02:33 29 --a------ C:\WINDOWS\atid.ini 2007-12-19 13:13 . 2007-12-19 13:13 <DIR> d-------- C:\Program Files\DomPlayer 2007-12-17 02:14 . 2007-12-17 02:14 1,039 --a------ C:\WINDOWS\_isenv31.ini 2007-12-16 18:44 . 2007-12-16 18:44 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Nexon 2007-12-16 18:43 . 2003-07-20 10:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd 2007-12-16 18:43 . 2005-01-04 01:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys 2007-12-16 18:37 . 2007-12-16 18:37 <DIR> d-------- C:\Nexon 2007-12-13 21:27 . 2007-12-13 21:27 <DIR> d-------- C:\tmpDownload 2007-12-13 21:27 . 2007-12-13 21:35 5 --a------ C:\WINDOWS\youtubex.dll 2007-12-13 21:26 . 2007-12-13 21:27 <DIR> d-------- C:\Program Files\YoutubeGet 2007-12-12 20:20 . 2007-12-12 20:20 <DIR> d-------- C:\Program Files\BitComet 2007-12-12 20:20 . 2007-12-12 20:20 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll 2007-12-12 19:50 . 2007-12-12 19:50 <DIR> d-------- C:\Documents and Settings\Default\Application Data\mIRC 2007-12-11 21:48 . 2007-12-11 21:48 <DIR> d-------- C:\tmp 2007-12-06 23:06 . 2004-01-20 16:14 104,671 --a------ C:\WINDOWS\SYSTEM32\AckUtl.dll 2007-12-06 23:05 . 2007-12-06 23:05 <DIR> d-------- C:\Program Files\GStudio6 2007-12-06 22:14 . 2007-12-06 22:15 <DIR> d-------- C:\Program Files\ePSXe 2007-12-06 20:57 . 2004-12-06 00:00 188,960 --------- C:\WINDOWS\SYSTEM32\Wingde.dll 2007-12-06 20:57 . 2004-12-06 00:00 92,208 --------- C:\WINDOWS\SYSTEM32\Wing.dll 2007-12-06 20:57 . 2004-12-06 00:00 12,800 --------- C:\WINDOWS\SYSTEM32\Wing32.dll 2007-12-06 20:57 . 2004-12-06 00:00 6,736 --------- C:\WINDOWS\SYSTEM32\Wingdib.drv 2007-12-06 20:57 . 2004-12-06 00:00 5,024 --------- C:\WINDOWS\SYSTEM32\Wingpal.wnd 2007-12-06 18:21 . 2007-12-06 18:21 <DIR> d-------- C:\Program Files\Blender Foundation 2007-12-06 17:45 . 2007-12-06 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software 2007-12-06 17:45 . 2007-08-13 14:51 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll 2007-12-06 17:44 . 2007-12-06 17:44 <DIR> d-------- C:\Program Files\Active WebCam 2007-12-06 03:07 . 2007-12-06 03:07 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lost Marble 2007-12-06 03:06 . 2007-12-06 03:06 <DIR> d-------- C:\Program Files\e frontier 2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc 2007-12-06 01:27 . 2007-12-06 01:27 <DIR> d-------- C:\Documents and Settings\Default\WINDOWS 2007-12-06 01:24 . 2007-12-06 01:24 <DIR> d-------- C:\Program Files\Autodesk 2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared 2007-12-06 01:22 . 2007-12-06 01:22 <DIR> d-------- C:\Program Files\Common Files\Alias Shared 2007-12-06 01:21 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\SYSTEM32\d3dx9_34.dll 2007-12-06 01:21 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll 2007-12-06 01:16 . 2007-12-06 01:16 <DIR> d-------- C:\FLEXLM 2007-12-06 00:01 . 2007-12-06 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2007-12-05 19:55 . 2007-12-05 19:55 <DIR> d-------- C:\Documents and Settings\Default\Application Data\MozillaControl 2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2007-12-05 19:47 . 2007-12-05 19:47 <DIR> d-------- C:\aidualc3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll 2007-12-06 09:27 6,656 ----a-w C:\WINDOWS\SYSTEM32\haspvdd.dll 2007-12-06 09:27 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys 2007-12-06 09:27 264,704 ----a-w C:\WINDOWS\SYSTEM32\hlvdd.dll 2007-12-06 03:55 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2007-12-04 10:17 --------- d-----w C:\Program Files\Starcraft 2007-12-04 05:49 --------- d-----w C:\Program Files\Game_Maker7 2007-12-04 00:19 --------- d-----w C:\Program Files\001 2007-12-03 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-12-01 23:48 --------- d-----w C:\Program Files\MSXML 4.0 2007-11-30 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-30 09:17 --------- d-----w C:\Program Files\Bonjour 2007-11-30 09:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-30 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2007-11-30 08:02 --------- d-----w C:\Program Files\GameHouse 2007-11-30 08:02 --------- d-----w C:\Documents and Settings\Default\Application Data\GameHouse 2007-11-30 06:44 --------- d-----w C:\Documents and Settings\Default\Application Data\FDRLab 2007-11-30 06:35 --------- d-----w C:\Documents and Settings\Default\Application Data\OTVREG 2007-11-30 06:34 --------- d-----w C:\Program Files\Online TV Player 3 2007-11-30 06:31 --------- d-----w C:\Program Files\Essentials Codec Pack 2007-11-30 05:33 109,056 ----a-w C:\WINDOWS\SYSTEM32\fff-ea138.exe 2007-11-29 07:40 --------- d-----w C:\Program Files\ConsoleClassix.com 2007-11-29 02:10 --------- d-----w C:\Program Files\CoolImage 2007-11-29 02:10 --------- d-----w C:\Program Files\Common Files\Xuisoft 2007-11-29 02:08 --------- d-----w C:\Program Files\Common Files\Download Manager 2007-11-28 23:37 72,192 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-11-28 23:37 --------- d-----w C:\Program Files\Text 2 Speech 1 2007-11-28 23:20 --------- d-----w C:\Program Files\AudioBookRecorder 2007-11-28 06:49 --------- d-----w C:\Program Files\InfiniaChess 2007-11-28 06:38 --------- d-----w C:\Documents and Settings\Default\Application Data\DreamChess 2007-11-26 10:30 --------- d-----w C:\Program Files\Total Video Converter 2007-11-26 02:05 --------- d-----w C:\Program Files\After The End 2007-11-25 06:30 --------- d-----w C:\Program Files\LEGO Company 2007-11-25 06:30 --------- d-----w C:\Documents and Settings\Default\Application Data\LEGO Company 2007-11-25 06:19 --------- d-----w C:\Documents and Settings\Default\Application Data\DAEMON Tools Pro 2007-11-25 06:17 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-11-23 04:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-23 01:25 --------- d-----w C:\Program Files\StepMania 2007-11-22 20:04 --------- d-----w C:\Program Files\Star Defender 4 2007-11-22 09:11 --------- d-----w C:\Program Files\Crimsonland 2007-11-22 04:26 --------- d-----w C:\Program Files\Alien Shooter 2007-11-22 03:58 --------- d-----w C:\Program Files\ReflexiveArcade 2007-11-22 03:30 --------- d-----w C:\Documents and Settings\Default\Application Data\Talkback 2007-11-22 01:07 --------- d-----w C:\Program Files\Google 2007-11-22 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-22 00:04 --------- d-----w C:\Program Files\Real Alternative 2007-11-21 08:20 --------- d-----w C:\Documents and Settings\Default\Application Data\DivX 2007-11-21 06:56 --------- d-----w C:\Program Files\DivX 2007-11-21 06:13 --------- d-----w C:\Program Files\Lavasoft 2007-11-21 06:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-21 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-20 23:52 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-20 23:43 --------- d-----w C:\Documents and Settings\Default\Application Data\LimeWire 2007-11-20 23:42 --------- d-----w C:\Program Files\Java 2007-11-20 23:41 --------- d-----w C:\Program Files\Common Files\Java 2007-11-20 23:28 --------- d-----w C:\Documents and Settings\Default\Application Data\Media Player Classic 2007-11-20 23:26 --------- d-----w C:\Program Files\Visual Networks 2007-11-20 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks 2007-11-20 23:25 --------- d-----w C:\Program Files\SBC Yahoo! 2007-11-20 23:25 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-20 23:25 --------- d-----w C:\Program Files\BroadJump 2007-11-20 23:14 --------- d-----w C:\Documents and Settings\Default\Application Data\BitTorrent 2007-11-20 23:13 155,995 ----a-w C:\WINDOWS\JAVA\Packages\935FN9N1.ZIP 2007-11-20 23:13 --------- d-----w C:\Program Files\Yahoo! 2007-11-20 23:12 --------- d-----w C:\Program Files\2Wire 2007-11-20 22:57 --------- d-----w C:\Documents and Settings\Default\Application Data\AVG7 2007-11-20 22:55 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll 2007-11-20 22:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll 2007-11-20 22:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-20 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-11-20 22:53 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-20 22:52 153,600 ----a-w C:\WINDOWS\SYSTEM32\migicons.exe 2007-11-20 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-11-16 04:12 57,344 ------w C:\WINDOWS\SYSTEM32\icmfilter.dll 2007-11-16 04:12 15,120 ------w C:\WINDOWS\SYSTEM32\icfg95.dll 2007-11-16 04:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-16 04:12 --------- d-----w C:\Program Files\Microsoft Hardware 2007-11-16 04:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-16 04:08 93,271 ----a-w C:\WINDOWS\JAVA\Packages\RJT3RN37.ZIP 2007-11-16 04:08 558,142 ----a-w C:\WINDOWS\JAVA\Packages\1ZPRFZ9F.ZIP 2007-11-16 04:08 266 --sh--w C:\Program Files\desktop.ini 2007-11-16 04:08 11,079 ---h--w C:\Program Files\folder.htt 2007-11-16 04:06 --------- d-----w C:\Program Files\directx 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe . Code: <pre> ----a-w 508,928 2008-01-04 02:48:50 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-04_18.40.38.39 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay] @={7D688A77-C613-11D0-999B-00C04FD655E1} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 19:05 650752] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-21 17:07:02] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "Matrox Powerdesk"=C:\WINDOWS\SYSTEM32\PDESK.EXE /Autolaunch "Promon.exe"=Promon.exe "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "POINTER"=point32.exe R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-05-12 08:26] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser] RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP . Contents of the 'Scheduled Tasks' folder "2008-01-03 07:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job" . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 19:55:05 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-04 19:56:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-05 03:56:12 ComboFix2.txt 2008-01-05 02:41:04 . 2008-01-04 04:48:25 --- E O F ---

01-09-2008, 12:20 AM	#8 (permalink)
anbu_zim Registered User Join Date: Dec 2007 Posts: 13 OS: xp	Re: I have lots of problems, no icons, start bar help needed my computer is fixed, thank you so much, im spreading this link around ll over the net to people with comp problems so they can get fast and easy help. once again thanks.

01-09-2008, 12:55 AM	#9 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,648 OS: xp	Re: I have lots of problems, no icons, start bar help needed I missed your post Id like you to re-download and run this version of combofix and post its log http://www.forospyware.com/sUBs/Beta/ComboFix.exe "'Full Speed' Internet Booster + Performance Tests" Is that the program you mentioned in your first post ? __________________ Our help is voluntary. But this site needs donations to operate. Last edited by LonnyRJones; 01-09-2008 at 12:56 AM.