[doguden]

Can anyone please help me with this message, it always pops up.

c:\windows\system32\..... is either not designed to run on windows or it contains an error. Try installing the program again using the original installations media or contact your system administrator.

this ... part is everything, whatever I run it gives this error for eachone, I cant even change page on the internet I have to close this error to change the page

hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 17:42:26, on 06.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AvltMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: swsxachu.dll - {13FD5987-65D2-C58D-D87E-987451F12531} - C:\WINDOWS\system32\swsxachu.dll (file missing)
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll (file missing)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: zywmfime.dll - {6319A1F1-9410-9654-3201-345FFA349136} - C:\WINDOWS\system32\zywmfime.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll (file missing)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oguzhan0686.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dehkj.dll,dtrgjy.dll,grgrjj.dll,wergjuk.dll,sergy.dll,ergfwe.dll,hjfgth.dll,trhth.dll,rthrk.dll,dgrdgr.dll,hrergh.dll,ghthhh.dll,hjk.dll,gjbhr.dll,gfcfg.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,thyut.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,fgffthui.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

I had a problem at first(the screen was freezing when I connect to the internet in 6 minutes) and none of the anti virus programms found out what happened. then I installed panda 2008 and it found lots of things and removed them but then it started to give this error for everything,each 15 seconds it gives this error for each of the ....exe files which are runnig.

 

[Angelfire777]

Hi, welcome to tsf!

You are using an older version of hijackthis. Please uninstall it via add/remove programs in control panel.

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, close it and exit hijackthis.

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.

 

[doguden]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02, on 2008-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LifeView TVR\RecSche.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: swsxachu.dll - {13FD5987-65D2-C58D-D87E-987451F12531} - C:\WINDOWS\system32\swsxachu.dll (file missing)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll (file missing)
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll (file missing)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll (file missing)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll (file missing)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll (file missing)
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll (file missing)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll (file missing)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll (file missing)
O2 - BHO: arjrcler.dll - {5C69034A-F45F-D34D-A33A-C33C4D324FC5} - C:\WINDOWS\system32\arjrcler.dll (file missing)
O2 - BHO: zywmfime.dll - {6319A1F1-9410-9654-3201-345FFA349136} - C:\WINDOWS\system32\zywmfime.dll (file missing)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:\WINDOWS\system32\apsgfjba.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll (file missing)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll (file missing)
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - C:\WINDOWS\system32\yzztjmsn.dll (file missing)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oguzhan0686.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10490 bytes










DECKARD---------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1023.23 MiB / 626.05 MiB
Pagefile Memory (total/avail): 2461.32 MiB / 2160.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.16 GiB total, 11.22 GiB free.
D: is Fixed (NTFS) - 38.16 GiB total, 1.06 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.16 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\dogukan\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\dogukan\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dogukan\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=1VE0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dogukan
LOGONSERVER=\\1VE0
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dogukan\LOCALS~1\Temp
TMP=C:\DOCUME~1\dogukan\LOCALS~1\Temp
USERDOMAIN=1VE0
USERNAME=dogukan
USERPROFILE=C:\Documents and Settings\dogukan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

dogukan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AntiARP v5.0.1 --> MsiExec.exe /I{C685F900-9C04-4C30-996F-C7B0302CF33E}
Artisan DVD/DivX Player --> "C:\Program Files\ArtisanDVDPlayer\unins000.exe"
ATI - Yazylym Kaldyr Yardymcy Programy --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Vista Plus Driver (1.00.05.0906) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0090.uns -unsext NT -plugin V0090Pin.dll -pluginres CtCamPin.crl
Creative WebCam Vista Plus User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Vista Plus\Creative WebCam Vista Plus User's Guide\English\CTManual.isu"
Fiesta --> C:\Program Files\Outspark\Fiesta\uninstall.exe
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160000}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 2.69 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LifeView TVR --> C:\Program Files\LifeView TVR\Uninstal.EXE
Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041F-6000-11D3-8CFE-0150048383C9}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NetBeans IDE 5.5.1 --> C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
Outspark Launcher --> C:\Program Files\Outspark\Launcher\uninstall.exe
PageBreeze Free HTML Editor --> C:\PROGRA~1\PAGEBR~1\UNWISE.EXE C:\PROGRA~1\PAGEBR~1\INSTALL.LOG
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{CB7D9F91-E82E-450C-B884-3DB9A7099C73}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type8217 / Warning
Event Submitted/Written: 06/19/2008 00:00:03 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.7680C:\WINDOWS\system32\asfjthj.dll

Event Record #/Type8216 / Warning
Event Submitted/Written: 06/19/2008 00:00:01 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.7680C:\WINDOWS\system32\hmsdvf.dll

Event Record #/Type8215 / Warning
Event Submitted/Written: 06/19/2008 00:00:00 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.7680C:\WINDOWS\system32\asfjthj.dll

Event Record #/Type8214 / Warning
Event Submitted/Written: 06/18/2008 11:59:43 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.7680C:\WINDOWS\system32\hmsdvf.dll

Event Record #/Type8213 / Warning
Event Submitted/Written: 06/18/2008 11:59:42 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.7680C:\WINDOWS\system32\asfjthj.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3711 / Error
Event Submitted/Written: 06/18/2008 11:52:59 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ShldDrv

Event Record #/Type3710 / Error
Event Submitted/Written: 06/18/2008 11:52:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Service service failed to start due to the following error:
%%3

Event Record #/Type3709 / Error
Event Submitted/Written: 06/18/2008 11:52:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panda Process Protection Driver service failed to start due to the following error:
%%2

Event Record #/Type3708 / Error
Event Submitted/Written: 06/18/2008 11:52:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The OMSCAN service failed to start due to the following error:
%%2

Event Record #/Type3703 / Error
Event Submitted/Written: 06/18/2008 11:51:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-06-19 00:00:33 ------------

 

[doguden]

I know that asfjthj.dll and hmsdvf.dll are trojans but i cant remove them with any of programs

 

[Angelfire777]

Hi,

You forgot to post the other log that dss created- main.txt

It could be found here: C:\Deckard\System Scanner\main.txt

 

[doguden]

Deckard's System Scanner v20071014.68
Run by dogukan on 2008-06-18 23:55:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-06-18 20:55:28 UTC - RP195 - Deckard's System Scanner Restore Point
20: 2008-06-18 19:41:08 UTC - RP194 - Avira AntiVir Personal - 2008-06-18 22:41
19: 2008-06-17 21:32:10 UTC - RP193 - Avira AntiVir Personal - 2008-06-18 00:32
18: 2008-06-17 21:29:39 UTC - RP192 - Avira AntiVir Personal - 2008-06-18 00:28
17: 2008-06-17 19:13:13 UTC - RP191 - System Checkpoint


-- First Restore Point --
1: 2008-05-31 14:26:19 UTC - RP175 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as dogukan.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 23:58:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\LifeView TVR\RecSche.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\dogukan\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: swsxachu.dll - {13FD5987-65D2-C58D-D87E-987451F12531} - C:\WINDOWS\system32\swsxachu.dll (file missing)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll (file missing)
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll (file missing)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll (file missing)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll (file missing)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll (file missing)
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll (file missing)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll (file missing)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll (file missing)
O2 - BHO: arjrcler.dll - {5C69034A-F45F-D34D-A33A-C33C4D324FC5} - C:\WINDOWS\system32\arjrcler.dll (file missing)
O2 - BHO: zywmfime.dll - {6319A1F1-9410-9654-3201-345FFA349136} - C:\WINDOWS\system32\zywmfime.dll (file missing)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:\WINDOWS\system32\apsgfjba.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll (file missing)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll (file missing)
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - C:\WINDOWS\system32\yzztjmsn.dll (file missing)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oguzhan0686.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 11078 bytes

-- File Associations -----------------------------------------------------------

.chm - unable to read key
.chm - unable to read key
.cpl - unable to read key
.cpl - unable to read key
.hlp - unable to read key
.hlp - unable to read key
.inf - unable to read key
.inf - unable to read key
.ini - unable to read key
.ini - unable to read key
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R2 AntiArpNdisProt (AntiARP NDIS Protocol Driver) - c:\windows\system32\drivers\antiarpndisprot.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 xAntiArp (xAntiArpSpoof Service) - c:\windows\system32\drivers\xantiarp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys (file missing)
S2 cdralw (NVIDIA Compatible Windows Miniport Driver) - c:\windows\system32\drivers\nvmini.sys (file missing)
S2 OMSCAN - \sys? (file missing)
S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)
S3 eth8023 - c:\windows\system32\drivers\eth8023.sys
S3 jbridgep - c:\docume~1\dogukan\locals~1\temp\jbridgep.sys (file missing)
S3 XDva143 - c:\windows\system32\xdva143.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiARPClientLoader (AntiARP Client Loader) - "c:\program files\colorsoft\antiarp\antiarpclientloader.exe"
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 LvHidSvc (Remote HID Service) - c:\windows\system32\lvhidsvc.exe <Not Verified; Philips; TV Card>

S2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 23:10:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-18 15:10:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-06-18 00:32:20 0 d-------- C:\Program Files\Avira
2008-06-18 00:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 00:26:27 156 --a------ C:\WINDOWS\system32\unxxx.bat
2008-06-18 00:16:34 24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-06-18 00:15:47 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-14 00:23:50 0 d-------- C:\Program Files\Common Files\DirectX
2008-06-13 13:24:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-06-13 13:15:16 0 d-------- C:\Program Files\Outspark
2008-06-08 20:31:04 70656 --a------ C:\WINDOWS\system32\vspell32.dll <Not Verified; Visual Components, Inc.; VisualSpeller(TM)>
2008-06-08 20:31:03 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-08 20:31:03 84992 --a------ C:\WINDOWS\system32\Ledit32.dll <Not Verified; AY Software Corporation; >
2008-06-08 20:31:01 0 d-------- C:\Program Files\PageBreeze
2008-06-08 02:17:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-08 02:17:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-08 02:17:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-08 02:17:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-08 02:17:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-08 02:17:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-08 02:17:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-08 02:17:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-08 02:17:32 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-08 02:17:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-08 02:17:32 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-08 02:17:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-08 02:17:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-08 02:17:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-08 01:47:58 20512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-08 01:47:58 575520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-08 01:46:57 84 --a------ C:\Scans.dat
2008-06-08 01:43:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 01:35:27 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-08 00:22:59 0 d-------- C:\cmdcons
2008-06-08 00:18:46 68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 00:18:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 00:18:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 00:18:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-08 00:18:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 00:18:46 98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 00:18:46 80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 00:18:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-06 15:59:58 0 --a------ C:\WINDOWS\system32\hjk.dll
2008-06-06 15:29:01 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-06 15:26:30 0 d-------- C:\Program Files\Panda Security
2008-06-06 15:10:25 0 d-------- C:\Program Files\ColorSoft
2008-06-06 15:09:48 0 d-------- C:\Program Files\Common Files\Panda Software
2008-06-05 19:22:29 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-06-05 19:22:27 24 --a------ C:\WINDOWS\system32\toqnabib.sys
2008-06-05 19:22:18 24 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-06-05 19:22:07 24 --a------ C:\WINDOWS\system32\tiwxattb.sys
2008-06-05 19:22:05 24 --a------ C:\WINDOWS\system32\lesxachu.sys
2008-05-30 22:45:07 24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-05-29 01:57:21 18048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys


-- Find3M Report ---------------------------------------------------------------

2008-06-18 16:50:15 0 d-------- C:\Program Files\Starcraft
2008-06-18 00:17:52 0 d-------- C:\Documents and Settings\dogukan\Application Data\Hamachi
2008-06-14 03:19:11 0 d-------- C:\Documents and Settings\dogukan\Application Data\Winamp
2008-06-14 00:23:50 0 d-------- C:\Program Files\Common Files
2008-06-13 01:48:42 0 d-------- C:\Program Files\Warcraft III
2008-06-08 22:14:33 0 d-------- C:\Documents and Settings\dogukan\Application Data\AdobeUM
2008-06-06 18:02:18 0 d-------- C:\Program Files\LimeWire
2008-06-06 15:26:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 18:15:11 0 d-------- C:\Program Files\GuitarFX 3
2008-05-27 18:09:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 17:53:44 0 d-------- C:\Documents and Settings\dogukan\Application Data\Adobe
2008-05-19 21:38:41 0 d-------- C:\Documents and Settings\dogukan\Application Data\Skype
2008-05-12 19:12:35 0 d-------- C:\Program Files\Incomplete
2008-05-12 18:01:01 0 d-------- C:\Documents and Settings\dogukan\Application Data\LimeWire
2008-05-05 22:44:56 0 d-------- C:\Program Files\Empire Interactive


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13FD5987-65D2-C58D-D87E-987451F12531}]
C:\WINDOWS\system32\swsxachu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18093456-9012-4568-9076-908765467181}]
C:\WINDOWS\system32\tisqatyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22596546-2036-9451-6058-658402589722}]
C:\WINDOWS\system32\opshbbty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
C:\WINDOWS\system32\rijxbkin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32023698-6984-8541-9654-698745012523}]
C:\WINDOWS\system32\skqncbib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
C:\WINDOWS\system32\yxcschlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37AC9076-C898-B098-D098-A18319080973}]
C:\WINDOWS\system32\nhmxcjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A908760-8000-4000-A000-9000322145A3}]
C:\WINDOWS\system32\akjsckaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43512378-9874-5641-1025-985420368734}]
C:\WINDOWS\system32\oswxdttb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FD45A54-9875-698F-E56E-65102358FDF4}]
C:\WINDOWS\system32\apsgdjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50940F85-F015-14F1-A05F-F69858AC6D05}]
C:\WINDOWS\system32\zptlcsys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A069845-2036-6084-9054-6087502480A5}]
C:\WINDOWS\system32\ozfyebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C69034A-F45F-D34D-A33A-C33C4D324FC5}]
C:\WINDOWS\system32\arjrcler.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6319A1F1-9410-9654-3201-345FFA349136}]
C:\WINDOWS\system32\zywmfime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FD45A54-9875-698F-E56E-65102358FDF6}]
C:\WINDOWS\system32\apsgfjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}]
2004-08-09 00:15 538120 ---hs---- C:\WINDOWS\system32\mnmhgsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81954FAC-1023-154F-895A-1458258AD818}]
C:\WINDOWS\system32\ypdjfbmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}]
C:\WINDOWS\system32\yxfhcjpg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91698482-6555-3666-1222-954784129019}]
C:\WINDOWS\system32\zxptejpg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91954FAC-1023-154F-895A-1458258AD819}]
C:\WINDOWS\system32\ypdjgbmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9490415F-65F8-B5C5-D8BA-9405FB120549}]
C:\WINDOWS\system32\yzztimsn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A490415F-65F8-B5C5-D8BA-9405FB12054A}]
C:\WINDOWS\system32\yzztjmsn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 13:53]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 21:10]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"RecSche"="C:\Program Files\LifeView TVR\RecSche.exe" [2004-05-10 05:34]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" []
"ScanRegistry"="C:\W" []
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2004-12-10 01:17]
"PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\dogukan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-13 02:01:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}"= C:\WINDOWS\system32\hhrdxd.dll [ ]
"{7C8D1401-A58D-A81C-CD24-A5915C4517C7}"= C:\WINDOWS\system32\mnmhgsrv.dll [2004-08-09 00:15 538120]
"{13FD5987-65D2-C58D-D87E-987451F12531}"= C:\WINDOWS\system32\swsxachu.dll [ ]
"{22596546-2036-9451-6058-658402589722}"= C:\WINDOWS\system32\opshbbty.dll [ ]
"{50940F85-F015-14F1-A05F-F69858AC6D05}"= C:\WINDOWS\system32\zptlcsys.dll [ ]
"{6319A1F1-9410-9654-3201-345FFA349136}"= C:\WINDOWS\system32\zywmfime.dll [ ]
"{9490415F-65F8-B5C5-D8BA-9405FB120549}"= C:\WINDOWS\system32\yzztimsn.dll [ ]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [ ]
"{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}"= C:\WINDOWS\system32\yxfhcjpg.dll [ ]
"{81954FAC-1023-154F-895A-1458258AD818}"= C:\WINDOWS\system32\ypdjfbmp.dll [ ]
"{35671234-7890-ABCD-CDEF-567801237653}"= C:\WINDOWS\system32\yxcschlp.dll [ ]
"{4FD45A54-9875-698F-E56E-65102358FDF4}"= C:\WINDOWS\system32\apsgdjba.dll [ ]
"{37AC9076-C898-B098-D098-A18319080973}"= C:\WINDOWS\system32\nhmxcjkl.dll [ ]
"{91698482-6555-3666-1222-954784129019}"= C:\WINDOWS\system32\zxptejpg.dll [ ]
"{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}"= C:\WINDOWS\system32\jggtsr.dll [ ]
"{32023698-6984-8541-9654-698745012523}"= C:\WINDOWS\system32\skqncbib.dll [ ]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
"{43512378-9874-5641-1025-985420368734}"= C:\WINDOWS\system32\oswxdttb.dll [ ]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [ ]
"{18093456-9012-4568-9076-908765467181}"= C:\WINDOWS\system32\tisqatyu.dll [ ]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [ ]
"{A490415F-65F8-B5C5-D8BA-9405FB12054A}"= C:\WINDOWS\system32\yzztjmsn.dll [ ]
"{25FD6584-698F-BCD2-602C-698745210352}"= C:\WINDOWS\system32\rijxbkin.dll [ ]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zdesfx.dll [ ]
"{5C69034A-F45F-D34D-A33A-C33C4D324FC5}"= C:\WINDOWS\system32\arjrcler.dll [ ]
"{6FD45A54-9875-698F-E56E-65102358FDF6}"= C:\WINDOWS\system32\apsgfjba.dll [ ]
"{91954FAC-1023-154F-895A-1458258AD819}"= C:\WINDOWS\system32\ypdjgbmp.dll [ ]
"{84143967-B645-4BFF-B873-DA1DC886E9A7}"= C:\WINDOWS\system32\cedafb.dll [ ]
"{875E07B1-0614-43D9-A76E-D76A28AB3D7B}"= C:\WINDOWS\system32\tfsdmz.dll [ ]
"{3A908760-8000-4000-A000-9000322145A3}"= C:\WINDOWS\system32\akjsckaq.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c900c122-203f-11dd-99af-00138f37901d}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-19 00:00:33 ------------

 

[Angelfire777]

Hi,

Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick all the boxes that will appear then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply.
__________

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
DSS daft log
New HijackThis log.