Tech Support Forum banner
Status
Not open for further replies.
1 - 18 of 18 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter · #1 ·
Hi there, before i start, i would like to thank the moderators on this thread for contributing and helping out less tech savvy people like my self.

so my problem consists of several disruptions in what my computer normally does. For one thing, my internet has slowed considerably. My MSN seems to be really fragile, i cant send files back and forth and whenever i try, the program crashes and i cant turn it back on without rebooting. Windows media player doesnt respond, the window pops up, the music file plays once, and than it stops working. i cant click anything, and the timer mouse icon appears everytime i scroll over the player.

another thing is that my games dont seem to be working. steam does not open, coming up with a message that says: unable to load library steamui.dll, win32 error 998. i have tried everything to correct this problem, and nothing works. starcraft wont work, something about a standard.snp and avast, superantispyware, and malwarebytes, all refuse to upgrade. when prompted, it just sorta sits there, no progress is made and the application eventually freezes. avast has given me quite a few virus warnings in the past 24 hours, 3-4, and everything just seems way too slow. opening up more than two windows will cause everything to freeze and i have to end several process trees. also, i often get redirected to when im googling something, or sometimes just randomly, while surfing i get redirected.

ive recently bought and downloaded MW2, a massive file, but i dont think that has anything to do with the recent problems. i've done a system restore and that hasn't solved anything. i doubt the installation of a game like MW2 would result in the failures of several unrelated programs. please help!

NOTE:
when i run DDS, i get an application error consisting of: The procedure * could not be located in the DLL sfc.dll., hence the lack of another file in the attachments.

and attaching the gmer text file doesnt work either, the screen for the attachment option does not load.

If somebody can tell me how to remedy these problems, ill be sure to try it out and post the required logs ASAP

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-26 22:55:16
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3C286B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3C28574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3C28A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3C2814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3C2864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3C2808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3C280F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3C2876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3C2872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3C288AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3D840B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort4 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort5 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [F74A29F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\optionalcomponents\[email protected] 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Roy\Recent\-Dj Tiesto-Forbidden Paradise (Deep Trance Mix).lnk 0 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
 

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

See if RSIT will run:
  • Download RSIT by random/random and Save it to your Desktop.
  • Double-click RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please copy/paste the contents of log.txt in your next reply.
  • Please attach info.txt to your reply.
To attach a file to a reply, simply
  • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  • Copy and Paste the following into the Upload File from your Computer box:
    C:\rsit\info.txt
  • Click Upload
------------------------------------------------------
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #3 ·
hi, i ran the program and only the log.txt file came up, there was no minimized info.txt.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roy at 2009-12-01 18:45:49
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 104 GB (34%) free of 305 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45, on 2009-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Roy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: e&xport to microsoft excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fish%20Tycoon/Images/stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fish%20Tycoon/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f84e0b64-1e86-4640-8094-5b38ceb28c1e} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device (apple mobile device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (ctdevice_srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (ctupnpsv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp165.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 13096 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-30 2001648]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-11-30 1217808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Roy\Start Menu\Programs\StartUp
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atiextevent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Steam\steamapps\blaze1661\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\blaze1661\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Downloads\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe"="C:\Downloads\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Steam\steamapps\fobmobz\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\fobmobz\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Raptr\RaptrBT.exe"="C:\Program Files\Raptr\RaptrBT.exe:*:Enabled:RaptrBT"
"C:\Program Files\Raptr\Raptr.exe"="C:\Program Files\Raptr\Raptr.exe:*:Enabled:Raptr Client"
"C:\Documents and Settings\All Users\Application Data\IJJIGame\ExLauncher.exe"="C:\Documents and Settings\All Users\Application Data\IJJIGame\ExLauncher.exe:*:Enabled:Extensible Launching System"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:purpleBean.exe"
"C:\ijji\ENGLISH\OutBound_Pul.exe"="C:\ijji\ENGLISH\OutBound_Pul.exe:*:Enabled:OutBound Application"
"C:\Program Files\DriftCity\DriftCity.exe"="C:\Program Files\DriftCity\DriftCity.exe:*:Enabled:DriftCity"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

2009-11-30 11:41:33 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2009-11-28 16:24:35 ----D---- C:\Program Files\Easytoon 1.9.5 EN
2009-11-26 19:50:00 ----D---- C:\rsit
2009-11-26 16:15:16 ----D---- C:\Program Files\Steam(5)
2009-11-26 16:03:39 ----D---- C:\Program Files\Steam
2009-11-25 20:11:27 ----D---- C:\Program Files\Steam(2)
2009-11-25 17:02:24 ----D---- C:\Program Files\Steam(3)
2009-11-23 18:22:47 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-11-23 18:22:21 ----D---- C:\Program Files\NVIDIA Corporation
2009-11-23 13:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-23 13:03:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-23 13:03:01 ----A---- C:\WINDOWS\system32\java.exe
2009-11-23 06:04:22 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-23 06:04:22 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-23 06:04:22 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-23 06:04:22 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-23 06:04:21 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-23 06:04:21 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-23 06:04:20 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-11-23 06:04:20 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-11-23 06:04:20 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-11-23 06:04:20 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-11-23 06:04:19 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-11-23 06:04:19 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-11-23 06:04:19 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-11-23 06:04:18 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-11-07 19:19:46 ----D---- C:\ebd899b5f94c5f794f53a5c7
2009-11-07 19:06:40 ----RHD---- C:\AHCache
2009-10-31 13:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-10-31 13:53:38 ----D---- C:\Program Files\Common Files\AVSMedia
2009-10-31 13:53:38 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-10-31 13:53:37 ----D---- C:\Program Files\AVS4YOU
2009-10-31 13:53:37 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-10-30 20:32:24 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-10-28 11:04:17 ----D---- C:\Program Files\Beneton Movie GIF
2009-10-27 15:27:00 ----D---- C:\Program Files\Pivot Stickfigure Animator
2009-10-15 18:19:47 ----A---- C:\WINDOWS\system32\CMStarterCore.exe
2009-10-15 18:19:47 ----A---- C:\WINDOWS\system32\CMStarter_Kor.dll
2009-10-15 18:19:47 ----A---- C:\WINDOWS\system32\CMStarter_Eng.dll
2009-10-15 18:12:46 ----D---- C:\Program Files\Webzen
2009-10-13 11:16:15 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-10-13 11:16:15 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2009-10-13 11:16:14 ----D---- C:\Program Files\Cheat Engine
2009-10-02 14:33:15 ----D---- C:\Program Files\iPod
2009-10-02 14:32:54 ----D---- C:\Program Files\iTunes
2009-10-01 18:40:15 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-27 18:20:04 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-09-27 18:19:52 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-09-27 18:19:50 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-09-27 18:19:40 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-09-19 18:57:05 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

======List of files/folders modified in the last 3 months======

2009-12-01 18:45:49 ----D---- C:\WINDOWS\Temp
2009-12-01 18:44:26 ----D---- C:\WINDOWS\Prefetch
2009-12-01 16:16:50 ----D---- C:\Program Files\Mozilla Firefox
2009-12-01 16:16:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-01 16:13:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-30 15:49:28 ----D---- C:\Program Files\BitComet
2009-11-30 15:49:05 ----D---- C:\Downloads
2009-11-30 11:58:49 ----SHD---- C:\WINDOWS\Installer
2009-11-30 11:58:49 ----HD---- C:\Config.Msi
2009-11-30 11:58:49 ----D---- C:\WINDOWS
2009-11-30 11:55:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-30 11:47:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-30 11:44:00 ----HD---- C:\WINDOWS\inf
2009-11-30 11:43:20 ----D---- C:\WINDOWS\system32
2009-11-30 11:42:36 ----D---- C:\WINDOWS\system32\config
2009-11-30 11:42:08 ----D---- C:\WINDOWS\system32\wbem
2009-11-30 11:42:08 ----D---- C:\WINDOWS\Registration
2009-11-30 11:41:34 ----RD---- C:\Program Files
2009-11-30 11:40:45 ----D---- C:\Program Files\Pando Networks
2009-11-30 11:40:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-30 11:40:33 ----D---- C:\WINDOWS\Help
2009-11-30 11:40:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-30 11:40:23 ----D---- C:\Program Files\AGEIA Technologies
2009-11-30 11:40:15 ----D---- C:\WINDOWS\system32\drivers
2009-11-30 11:39:57 ----D---- C:\WINDOWS\system32\DirectX
2009-11-30 11:39:40 ----D---- C:\Program Files\Paint.NET
2009-11-30 11:39:05 ----D---- C:\Documents and Settings\Roy\Application Data\Atari
2009-11-30 11:38:15 ----D---- C:\ComboFix
2009-11-30 01:57:06 ----D---- C:\WINDOWS\Minidump
2009-11-29 23:50:23 ----D---- C:\Program Files\PeerGuardian2
2009-11-28 19:16:08 ----D---- C:\Documents and Settings\Roy\Application Data\LimeWire
2009-11-26 21:45:09 ----D---- C:\WINDOWS\system32\NtmsData
2009-11-26 16:16:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-26 16:15:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 16:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-25 16:19:14 ----D---- C:\Starcraft
2009-11-23 18:21:14 ----D---- C:\NVIDIA
2009-11-23 13:02:59 ----D---- C:\Program Files\Java
2009-11-23 06:03:58 ----RSD---- C:\WINDOWS\assembly
2009-11-23 06:03:36 ----D---- C:\WINDOWS\Logs
2009-11-22 11:23:35 ----D---- C:\WINDOWS\WinSxS
2009-11-17 21:48:37 ----SD---- C:\Documents and Settings\Roy\Application Data\Microsoft
2009-11-14 20:53:04 ----D---- C:\Documents and Settings\Roy\Application Data\Vso
2009-11-14 18:50:59 ----D---- C:\Documents and Settings\Roy\Application Data\Image Zone Express
2009-11-08 08:06:28 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-07 19:21:14 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-07 19:21:10 ----D---- C:\WINDOWS\system32\en-US
2009-11-07 19:21:05 ----RSD---- C:\WINDOWS\Fonts
2009-11-07 19:18:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-07 19:17:11 ----D---- C:\Program Files\Internet Explorer
2009-10-31 13:53:38 ----D---- C:\Program Files\Common Files
2009-10-26 20:28:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-16 17:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-10-11 15:46:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-10 10:08:01 ----D---- C:\Program Files\LimeWire
2009-10-02 14:33:13 ----D---- C:\Program Files\Common Files\Apple
2009-10-01 18:43:06 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-01 18:40:15 ----D---- C:\Program Files\Common Files\System
2009-10-01 18:39:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-01 18:38:55 ----D---- C:\Program Files\Windows Live
2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-09-22 15:05:02 ----D---- C:\Documents and Settings\Roy\Application Data\Apple Computer
2009-09-21 16:37:25 ----A---- C:\WINDOWS\win.ini
2009-09-20 17:20:32 ----D---- C:\Documents and Settings
2009-09-20 17:20:06 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-02-28 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 gearaspiwdm;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-25 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory2\MapleStory 55\npkcrypt.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT; \??\C:\WINDOWS\TEMP\nsr342.tmp\TfFRegNt.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Roy\LOCALS~1\Temp\catchme.sys []
S3 eaglent;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\WINDOWS\Temp\{4B5124ED-5EC8-4DBA-A951-9FECEEA1CE27}\fsgk.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-21 26056]
S3 hdaudaddservice;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2006-02-28 40320]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys []
S3 rthdmiazaudservice;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-11-12 3720832]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wpdusb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xdva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys []
S3 xdva202;XDva202; \??\C:\WINDOWS\system32\XDva202.sys []
S3 XDva277;XDva277; \??\C:\WINDOWS\system32\XDva277.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 apple mobile device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ctdevice_srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-01 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp165.exe C:\Program Files\SeekappSrch\seekapp.dll Service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ctupnpsv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-27 2747421]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 

·
Premium Member
Joined
·
29,790 Posts
Hello fatboyslimz. One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Please try running dds again and attach the second log, Attach.txt, to your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #5 ·
Unable to get combofix working properly. Multiple pop ups bearing the title of Application error pop up with some text: The procedure * could not be located in the DLL sfc.dll. this message constantly keeps popping up even when i close the firewall and the turn off avast. This is the same for DDS as well. but now i get both the Attach.txt and the log txt.
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello again, fatboyslimz. It appears you didn't post the log.txt that dds produced.

If dds eventually worked, ComboFix should also. Please try again. If ComboFix still won't run, do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    sfc.dll
  • Click the Look button to start the scan.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #7 ·
DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Roy at 20:19:58.78 on 2009-12-03
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.299 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091203-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware 2007\Ad-Watch2007.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [combofix] "c:\combofix\cf26879.cfxxe" /c "c:\combofix\C.bat"
StartupFolder: c:\docume~1\roy\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: e&xport to microsoft excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000a-7350-4f3c-8081-5663ee0c6c49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780b25-18cc-41c8-b9be-3c9c571a8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Fish%20Tycoon/Images/stg_drm.ocx
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {cafeefac-0016-0000-0007-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Fish%20Tycoon/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {f84e0b64-1e86-4640-8094-5b38ceb28c1e} - hxxps://skyfex.com/download/SkyFexClient.cab
Handler: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 87.118.118.162 nprotect.roseonlinegame.com
Hosts: 87.118.118.162 update.nprotect.com

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-31 26624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-13 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-13 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-12 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-13 352920]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S2 SeekappSrch Service;SeekappSrch Service;"c:\documents and settings\all users\application data\seekappsrch\seekapp165.exe" "c:\program files\seekappsrch\seekapp.dll" service --> c:\documents and settings\all users\application data\seekappsrch\seekapp165.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\windows\temp\nsr342.tmp\tffregnt.sys --> c:\windows\temp\nsr342.tmp\TfFRegNt.sys [?]
S3 ctupnpsv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\windows\temp\{4b5124ed-5ec8-4dba-a951-9feceea1ce27}\fsgk.sys [2009-3-31 55808]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 xdva092;XDva092;\??\c:\windows\system32\xdva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 xdva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 20:23:26.71 ===============

system look:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:20 on 03/12/2009 by Roy (Administrator - Elevation successful)

========== filefind ==========

Searching for "sfc.dll"
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [12:00 28/02/2006] [12:00 28/02/2006] E8A12A12EA9088B4327D49EDCA3ADD3E

-=End Of File=-
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, fatboyslimz. Navigate to this file and drag it to your desktop:

c:\windows\system32\sfc.dll

Close your window.

  • Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    sfc.dll
  • Click the Look button to start the scan.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, fatboyslimz. Do you have an XP Home SP2 CD or can you borrow one? Do you have access to another machine with XP Home SP2?

We need a copy of c:\windows\system32\sfc.dll to place on your machine.

------------------------------------------------------
 

·
Premium Member
Joined
·
29,790 Posts
or get a friend to send it to me via instant messanger?
Yes, get a friend with Home SP2 to send it to you then place it in this folder:

c:\windows\system32

If successful, see if ComboFix will run.
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #15 ·
i did what u told me to do earlier, i attained the sfc.dll file, put it on my desktop and ran the system look thing.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:15 on 06/12/2009 by Roy (Administrator - Elevation successful)

========== filefind ==========

Searching for "sfc.dll"
C:\Documents and Settings\Roy\Desktop\sfc.dll --a--- 5120 bytes [04:56 07/12/2009] [04:56 07/12/2009] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [12:00 28/02/2006] [12:00 28/02/2006] E8A12A12EA9088B4327D49EDCA3ADD3E

-=End Of File=-
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, fatboyslimz. Are you sure that file is from a machine with XP Home SP2, and not SP3? It has to be from SP2.
 

·
Premium Member
Joined
·
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
1 - 18 of 18 Posts
Status
Not open for further replies.
Top