Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 · (Edited)
Yeah umm here's my earlier thread that tells you what's my problem.(Virus count is over 300

http://www.techsupportforum.com/f10/pressing-shut-down-button-doesnt-appear-257321.html

And now I'm doing the 5steps that sobeit told me to do, and here's my log

my DSS scan main log:
Deckard's System Scanner v20071014.68
Run by VAlued Acer customer on 2008-06-07 16:36:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-07 23:36:36 UTC - RP284 - Deckard's System Scanner Restore Point
1: 2008-06-07 06:56:16 UTC - RP283 - Installed ijji Auto Installer


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-07 16:38:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\VAlued Acer customer\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1188.com/?index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ali213.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: nhmxbjkl.dll - {27AC9076-C898-B098-D098-A18319080972} - C:\WINDOWS\system32\nhmxbjkl.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: mpmydapi.dll - {4629FF4F-ACDB-5C90-A098-FACB3456A264} - C:\WINDOWS\system32\mpmydapi.dll (file missing)
O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll
O2 - BHO: mndsfsrv.dll - {67FD640A-158F-48AC-FD14-1597F14A9776} - C:\WINDOWS\system32\mndsfsrv.dll
O2 - BHO: ypcqfhlp.dll - {70AF1289-F140-A140-D012-C1458759FC07} - C:\WINDOWS\system32\ypcqfhlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe C:\WINDOWS\system32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe"
O4 - HKCU\..\Run: [360safe] C:\WINDOWS\system32\lhec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll SysWoWCt.dll SysWmWacz.dll,nhmxbjkl.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll
O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll (file missing)
O21 - SSODL: midimapwd - {4F4F0064-71E0-4f0d-0018-708476C7815F} - C:\WINDOWS\system32\midimapwd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPCap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--
End of file - 12115 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)
S3 aavwtq - c:\windows\system32\aavwtq (file missing)
S3 dump_wmimmc - c:\program files\driftcity\gameguard\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 XDva078 - c:\windows\system32\xdva078.sys (file missing)
S3 XDva081 - c:\windows\system32\xdva081.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>
R2 PowerManager (Power Manager) - c:\windows\svchost.exe <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&28F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&28F0
Service: w29n51


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 03:00:02 526 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 16:31:15 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 16:30:53 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-07 16:30:52 0 d-------- C:\Program Files\SpywareBlaster
2008-06-07 15:34:02 0 d-------- C:\WINDOWS\LastGood
2008-06-07 15:32:49 0 d-------- C:\Program Files\Panda Security
2008-06-07 00:09:05 0 d-------- C:\Documents and Settings\VAlued Acer customer\Application Data\NPLUTO Corporation
2008-06-06 23:56:16 0 d-------- C:\Program Files\NHN USA
2008-06-06 23:50:30 0 d-------- C:\Program Files\DriftCity
2008-06-06 21:55:12 0 d-------- C:\ijji
2008-06-05 23:12:56 0 d--hs---- C:\FOUND.003
2008-06-05 09:42:02 0 d--hs---- C:\FOUND.002
2008-06-04 15:42:54 0 d--hs---- C:\FOUND.001
2008-06-03 15:07:29 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-06-03 15:07:04 24 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-05-30 15:33:02 0 d--h----- C:\WINDOWS\PIF
2008-05-30 15:27:29 0 d-------- C:\Nexon
2008-05-30 15:07:10 0 d--h----- C:\$AVG8.VAULT$
2008-05-27 19:29:16 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-27 17:14:30 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-27 17:14:24 0 d-------- C:\Program Files\AVG
2008-05-27 17:14:23 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-23 14:39:02 0 d--hs---- C:\FOUND.000
2008-05-22 23:44:03 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-21 23:10:46 0 d-------- C:\RICH6
2008-05-09 21:13:37 0 d-------- C:\Program Files\Tencent


-- Find3M Report ---------------------------------------------------------------

2008-06-06 13:55:18 554 --a------ C:\WINDOWS\system32\cid_store.dat
2008-04-24 18:26:48 0 d-------- C:\Documents and Settings\VAlued Acer customer\Application Data\vlc
2008-04-24 15:41:22 0 d-------- C:\Program Files\VideoLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27AC9076-C898-B098-D098-A18319080972}]
C:\WINDOWS\system32\nhmxbjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
08/08/2004 03:07 PM 533512 ---hs---- C:\WINDOWS\system32\yxcschlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4629FF4F-ACDB-5C90-A098-FACB3456A264}]
C:\WINDOWS\system32\mpmydapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C648541-1025-9650-9057-6541258720C4}]
C:\WINDOWS\system32\mndhddwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FD45A54-9875-698F-E56E-65102358FDF4}]
08/08/2004 03:07 PM 536584 ---hs---- C:\WINDOWS\system32\apsgdjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67FD640A-158F-48AC-FD14-1597F14A9776}]
08/08/2004 03:07 PM 533512 ---hs---- C:\WINDOWS\system32\mndsfsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70AF1289-F140-A140-D012-C1458759FC07}]
08/08/2004 03:07 PM 538632 ---hs---- C:\WINDOWS\system32\ypcqfhlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}]
C:\WINDOWS\system32\mnmhgsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81954FAC-1023-154F-895A-1458258AD818}]
08/08/2004 03:07 PM 536072 --------- C:\WINDOWS\system32\ypdjfbmp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [04/20/2006 09:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 11:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"preload"="C:\Windows\RUNXMLPL.exe" [05/19/2005 05:09 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [07/25/2005 10:45 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [01/24/2006 06:00 PM]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [11/10/2005 07:09 PM]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [09/16/2003 02:28 PM]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [10/24/2005 04:45 PM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [11/09/2005 11:04 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/04/2005 11:11 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/04/2005 11:12 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [08/24/2005 12:51 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [08/24/2005 12:47 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [08/24/2005 12:50 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [12/27/2005 03:50 PM]
"ExFilter"="C:\WINDOWS\system32\hookdll.dll" []
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [01/05/2008 02:37 PM]
"Thunder"="C:\Program Files\Thunder Network\Thunder\Thunder.exe" [12/14/2007 04:08 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/27/2008 05:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"DesktopX"="C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe" [08/03/2005 12:58 PM]
"360safe"="C:\WINDOWS\system32\lhec.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\VAlued Acer customer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [5/13/2008 6:29:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe [1/3/2008 11:19:25 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7C8D1401-A58D-A81C-CD24-A5915C4517C7}"= C:\WINDOWS\system32\mnmhgsrv.dll [ ]
"{4C648541-1025-9650-9057-6541258720C4}"= C:\WINDOWS\system32\mndhddwd.dll [ ]
"{4F4F0064-71E0-4f0d-0017-708476C7815F}"= C:\WINDOWS\system32\midimaptl.dll [ ]
"{4629FF4F-ACDB-5C90-A098-FACB3456A264}"= C:\WINDOWS\system32\mpmydapi.dll [ ]
"{4F4F0064-71E0-4f0d-0018-708476C7815F}"= C:\WINDOWS\system32\midimapwd.dll [ ]
"{28EB3777-3E23-4E72-8449-A992D09D24C3}"= C:\WINDOWS\system32\zgfdet.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zdesfx.dll [ ]
"{4FD45A54-9875-698F-E56E-65102358FDF4}"= C:\WINDOWS\system32\apsgdjba.dll [08/08/2004 03:07 PM 536584]
"{1DB3C525-5271-46F7-887A-D4E1ADAA7632}"= C:\WINDOWS\system32\hfrdzx.dll [ ]
"{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}"= C:\WINDOWS\system32\hhrdxd.dll [ ]
"{81954FAC-1023-154F-895A-1458258AD818}"= C:\WINDOWS\system32\ypdjfbmp.dll [08/08/2004 03:07 PM 536072]
"{67FD640A-158F-48AC-FD14-1597F14A9776}"= C:\WINDOWS\system32\mndsfsrv.dll [08/08/2004 03:07 PM 533512]
"{841529CB-7F77-4B99-A895-B5441E0D302F}"= C:\WINDOWS\system32\jfrwdh.dll [ ]
"{F99DEFDD-200B-4410-B572-E90883D527D2}"= C:\WINDOWS\system32\wrqszl.dll [ ]
"{70AF1289-F140-A140-D012-C1458759FC07}"= C:\WINDOWS\system32\ypcqfhlp.dll [08/08/2004 03:07 PM 538632]
"{35671234-7890-ABCD-CDEF-567801237653}"= C:\WINDOWS\system32\yxcschlp.dll [08/08/2004 03:07 PM 533512]
"{27AC9076-C898-B098-D098-A18319080972}"= C:\WINDOWS\system32\nhmxbjkl.dll [ ]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [ ]
"{84143967-B645-4BFF-B873-DA1DC886E9A7}"= C:\WINDOWS\system32\cedafb.dll [ ]
"{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}"= C:\WINDOWS\system32\jhrcar.dll [ ]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= C:\WINDOWS\system32\jdsaex.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"midimaptl"= {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll [ ]
"midimapwd"= {4F4F0064-71E0-4f0d-0018-708476C7815F} - C:\WINDOWS\system32\midimapwd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll SysWoWCt.dll SysWmWacz.dll,nhmxbjkl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
"C:\Program Files\Launch Manager\LaunchAp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
"C:\Program Files\Launch Manager\HotkeyApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

*Newly Created Service* - POWERMANAGER
*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-07 16:39:05 ------------
 

Attachments

·
TSF-Emeritus
Joined
·
15,384 Posts
Hello and welcome to TSF.

I am sorry but the system is severely infected with a file infector and I am not surprised.

C:\RICH6\Rich6Keygen.exe
D:\Games\XileRO\RO\FindHack.exe
Visiting crack sites and downloading keygens are a sure way to get infected, and it's also against the policies of this forum, as stated here which you should have read before posting.

STEP 1

If you have cracked (illegal) software installed, click here.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top