MAJOR Computer problems - Programs won't run, System Restore fails

Hello all. This is my first post on these forums and it's quite a grim one.

I use Windows XP. At some point in the past few days I contracted some sort of spyware that was making my computer run slow. I updated my antivirus software (AVG) and it told me that I had to reboot after fixing the errors, which I chose to do later rather than right away. However, I noticed my computer was still running rather slowly, so I finally rebooted, except when I came back to windows, none of my programs started up. I usually had a ton of startup programs; Steam, Windows Live Messenger, AIM, but none of them came on this time at all, not even Norton Personal Firewall, which was always there up until this. In addition, the instant I got on, a pop-up notification came up stating that the system was trying to run a program called "ddayv.exe ", yet it failed because it tried to run as an MS-DOS Application.

Double-clicking on the messenger shortcuts on my desktop told me either that the specified filenames could not be found, the shortcuts lead to an invalid path, or that I simply do not have the permissions to access the file. Looking for a way around this, I discovered that Windows Live messenger managed to run when I clicked on its icon in the Start menu, but when I tried to sign in, it said that it couldn't. I ran the troubleshooter and it said it was having trouble with its Key Ports, citing something like incorrect proxy settings or a firewall blocking its access. However, as I said before, Norton Personal Firewall just plain ceased to exist, and I checked Windows Firewall and it said it was off.

Setting that problem aside for later, I decided that my only hope was to try and reinstall all these programs. I reinstalled AIM, and it ran, only to tell me the same thing; that the AIM Service could not be found. I uninstalled and reinstalled Windows Live messenger only for it to stop dead in its tracks midway through the installation because it still couldn't connect. The only thing that ran just fine for me was Internet Explorer, which seemed to do okay even though it was plagued by random, gigantic "TEXT THIS NUMBER TO REVEAL YOUR DESTINY" pop-ups and it randomly caused explorer.exe to shut down, making my taskbar flicker on and off.

This was the final straw for me, so I decided to reboot yet again and try to run System Restore in safe mode so I could hopefully regain my lost programs and my rapidly waning sanity. Unfortunately even this turned out to be a lost cause, as when I clicked the "No" option in the box that pops up ( "If you would like to continue in Safe Mode, click Yes, if you would like to use System Restore, click No ") my computer made a dangerous-sounding shutdown noise, then it froze indefinitely.

I tried this a few more times and gave up, trying to return to Windows normally to see if I could solve the problem. I found a way to run System Restore in normal Windows, so I jumped at this opportunity. I decided to test Restore to see if I could get my computer back to the way it was a few days prior (Friday, January 4th, 2008), but to no avail, as it still came back to this same corrupted system where nothing runs but a spyware-infested IE.

So after that, I decided to restore it to the earliest possible restore point in my records, which was December 5th, 2007. I had high hopes that it would work, but it still didn't and I'm still stuck in this devastated machine where nothing runs the way it should. And now here I am in front of all of you, making this post in the extremely desperate hope that I can recover my machine.

I hope my post was sufficiently informative to recieve some help. Please, please help me. I'm on my last legs here.

 

Welcome to WindowsBBS PsychoJosh

Please read through this topic, then post a main.txt log from Deckard's System Scanner, after first installing HijackThis and saving a scan log (no need to post the HijackThis log, as Deckards will have that information).

 

I followed the instructions in that topic carefully, installed HijackThis and ran DSS afterwards. However, I am unable to post the log, because by the time DSS got to "Gathering System Information ", my computer made the same dreadful shutdown noise it did when I tried to run System Restore in Safe Mode, and just as I expected, it completely froze 30 seconds later.

I also forgot to mention that the first time I restarted my computer about a day or two ago, windows said my system was NTFS and ran CHKDSK, after which it restarted on its own and started this hell.

 

Check C:\Deckard for a main.txt file and post it is present. Some of the log may have been created.

 

I searched and main.txt is not present.

 

Please close all other programs and open windows then try the scan again.

 

But I DID close all programs the first time and it still froze.

Following your instructions, I tried it again, and it froze again on the exact same spot.

 

Assuming dss.exe is indeed on your desktop, copy the following command then click Star>Run and paste it in then hit enter.

"%userprofile%\desktop\dss.exe" /config

The Deckard's interface will open. Click Select All, then Unselect all.
Now select the following items only then click Scan.

• HijackThis (leave Ignored and Fixed blank)
• Drivers
• Services
• Files Created/Modified
• Registry Dump

Post the main.txt log it porduces if it runs successfully.

 

Finally! It ran successfully. Here is the log:

Deckard's System Scanner v20071014.68
Run by Josh on 2008-01-09 10:23:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:28 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\??crosoft.NET\w?auboot.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Josh\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thefriendsociety.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.121.224.11:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: HyperSearchHook - {4BCFEE53-B7CB-4D8F-AC15-D99167D95A23} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddayv.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\strCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {419F413A-E749-45E4-A9EC-F15F31AF35D4} - C:\Program Files\WindowsUpdate\hope83122.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8344C63D-FBF6-41F7-88DF-667B6C5A1D5C} - C:\WINDOWS\Cursors\cpolg.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9076167A-AC65-4737-88C5-18C4DEDFE3B7} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: (no name) - {B4EAA49E-5850-4DCC-BFF1-19C378D67D62} - C:\Program Files\WindowsUpdate\hope4444.dll (file missing)
O2 - BHO: (no name) - {B8DFDD65-468B-1D50-D82B-3DE678840AC6} - C:\WINDOWS\system32\immvm.dll (file missing)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\pmnlmnl.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\meucvyst.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [flag open bin grid] C:\Documents and Settings\All Users\Application Data\knob safe flag open\Waitglobal.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rhujbor] C:\WINDOWS\system32\??crosoft.NET\w?auboot.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\strCodec\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\strCodec\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Josh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
O20 - Winlogon Notify: cpolg - C:\WINDOWS\Cursors\cpolg.dll (file missing)
O20 - Winlogon Notify: pmnlmnl - pmnlmnl.dll (file missing)
O20 - Winlogon Notify: winiae32 - winiae32.dll (file missing)
O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - C:\WINDOWS\system32\syycum.dll (file missing)
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - C:\WINDOWS\system32\syycum.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10953 bytes

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ETDrv - c:\windows\system32\drivers\etdrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 MarkFun_NT - c:\program files\gigabyte\gigabyte windows utility manager\markfun.w32 <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 DP1112 - c:\windows\system32\drivers\dp.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 hp4200c (%usbscan.SvcDesc%) - c:\windows\system32\drivers\hp4200c.sys <Not Verified; Hewlett-Packard; Windows (R) 2000 driver>
S3 huadio - c:\huadio.tmp (file missing)
S3 npkcrypt - c:\documents and settings\josh\desktop\stupid faggot game for stupid fags\ro\npkcrypt.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 WMIBIOS (%WMIBIOS.ServiceName%) - c:\windows\system32\drivers\wmibios.sys <Not Verified; Gigabyte Technology; WMI Information>
S3 WMIINFO (WMIINFO Driver) - c:\windows\system32\drivers\wmiinfo.sys <Not Verified; Gigabyte Technology; WMI Information>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-08 21:37:25 0 d-------- C:\Program Files\Trend Micro
2008-01-08 19:52:44 3584 --a------ C:\WINDOWS\system32\ddayv.exe
2008-01-07 23:23:35 0 d-------- C:\Documents and Settings\Josh\.housecall6.6
2008-01-07 23:08:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-07 23:08:01 0 d-------- C:\Program Files\Windows Live
2008-01-07 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-07 23:06:52 0 d-------- C:\Program Files\AIM
2008-01-07 14:31:13 0 d--hs---- C:\found.000
2008-01-06 23:25:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-06 22:42:04 266267 --ahs---- C:\WINDOWS\system32\vyadd.ini2
2008-01-06 22:41:52 324608 --a------ C:\WINDOWS\system32\ddayv.dll
2008-01-06 22:41:12 0 d-------- C:\Program Files\kernel
2008-01-06 22:41:10 0 d-------- C:\Program Files\Temporary
2008-01-06 22:39:47 2 --a------ C:\WINDOWS\system32\wnscpicom.exe
2008-01-06 22:38:15 0 d-------- C:\Program Files\Outerinfo
2008-01-06 22:38:12 0 d-------- C:\WINDOWS\system32\??crosoft.NET
2008-01-06 22:36:43 0 d-------- C:\WINDOWS\system32\map3
2008-01-06 22:36:42 0 d-------- C:\WINDOWS\system32\lv2
2008-01-06 22:36:42 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-01-06 22:36:41 0 d-------- C:\Program Files\Common Files\T?sks
2008-01-06 22:36:21 0 d-------- C:\WINDOWS\system32\ardCo01
2008-01-06 22:36:19 0 d-------- C:\Temp
2008-01-04 01:11:48 0 d-a------ C:\Ace Combat X-Skies Of Deception OST
2007-12-31 11:21:20 53760 --a------ C:\WINDOWS\b122.exe
2007-12-13 15:06:31 0 --a------ C:\05 quant - slide


-- Find3M Report ---------------------------------------------------------------

2008-01-08 19:51:36 0 d-------- C:\Documents and Settings\Josh\Application Data\AVG7
2008-01-08 01:40:36 0 d-------- C:\Program Files\MSN Messenger
2008-01-08 01:39:07 0 d-------- C:\Documents and Settings\Josh\Application Data\third roam
2008-01-07 23:08:08 0 d-------- C:\Program Files\Common Files
2008-01-07 23:06:56 0 d-------- C:\Program Files\AOD
2008-01-07 23:03:57 0 d-------- C:\Program Files\AIM95
2008-01-07 02:59:29 0 d-------- C:\Program Files\Common Files\T?sks
2008-01-07 02:59:06 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-07 02:59:01 0 d-------- C:\Program Files\Winamp
2008-01-07 02:59:01 0 d-------- C:\Program Files\Virus-Burst
2008-01-07 02:59:00 0 d-------- C:\Program Files\SymNetDrv
2008-01-07 02:59:00 0 d-------- C:\Program Files\SP2 Connection Patcher
2008-01-07 02:58:59 0 d-------- C:\Program Files\QuickTime
2008-01-07 02:58:58 0 d-------- C:\Program Files\DAP
2008-01-07 02:58:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-06 23:16:25 0 d-------- C:\Program Files\BitTorrent
2008-01-06 22:47:02 0 d-------- C:\Program Files\Messenger
2008-01-06 19:39:25 0 d-------- C:\Documents and Settings\Josh\Application Data\BitTorrent
2008-01-06 16:29:09 0 d-------- C:\Program Files\mIRC
2008-01-05 18:47:55 0 d-------- C:\Program Files\DOSBox-0.71
2007-12-24 02:09:41 0 d-------- C:\Program Files\Soulseek
2007-12-22 21:24:06 0 d-------- C:\Program Files\FileZilla
2007-12-22 21:22:55 0 d-------- C:\Program Files\Common Files\Real
2007-12-22 21:22:49 0 d-------- C:\Documents and Settings\Josh\Application Data\Real
2007-12-22 20:55:01 0 d-------- C:\Program Files\Gish
2007-12-22 17:41:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-13 22:13:50 0 d-------- C:\Program Files\EA GAMES
2007-12-06 16:24:19 0 d-------- C:\Documents and Settings\Josh\Application Data\Adobe
2007-12-05 14:48:43 0 d-------- C:\Program Files\NVIDIA Corporation
2007-12-05 14:47:59 151552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2007-12-05 14:44:56 0 d-------- C:\Program Files\VTFEdit
2007-12-02 13:05:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-01 21:31:02 0 d--h----- C:\Documents and Settings\Josh\Application Data\ijjigame
2007-11-30 19:26:59 0 d-------- C:\Program Files\Windows Journal Viewer
2007-11-30 12:37:36 0 d-------- C:\Program Files\Stella
2007-11-03 11:49:34 26688 --a------ C:\WINDOWS\system32\Ag0DdPd6.exe
2007-10-31 17:31:47 27200 --a------ C:\WINDOWS\system32\opV06grU.exe
2007-10-30 18:01:13 27200 --a------ C:\WINDOWS\system32\3Wg67RvO.exe
2007-10-19 04:04:39 6820 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-19 03:58:57 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}]
C:\Program Files\strCodec\isaddon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{419F413A-E749-45E4-A9EC-F15F31AF35D4}]
C:\Program Files\WindowsUpdate\hope83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}]
C:\Program Files\VSAdd-in\VSAdd-in.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8344C63D-FBF6-41F7-88DF-667B6C5A1D5C}]
C:\WINDOWS\Cursors\cpolg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9076167A-AC65-4737-88C5-18C4DEDFE3B7}]
01/06/2008 10:41 PM 324608 --a------ C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4EAA49E-5850-4DCC-BFF1-19C378D67D62}]
C:\Program Files\WindowsUpdate\hope4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8DFDD65-468B-1D50-D82B-3DE678840AC6}]
C:\WINDOWS\system32\immvm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}]
C:\WINDOWS\system32\pmnlmnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}]
C:\WINDOWS\system32\meucvyst.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{74DD705D-6834-439C-A735-A6DBE2677452} "= C:\Program Files\VSAdd-in\VSAdd-in.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{74DD705D-6834-439C-A735-A6DBE2677452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [10/13/2004 02:01 PM C:\WINDOWS\SoundMan.exe]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"NAV CfgWiz "= "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" []
"Advanced Tools Check "= "C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" []
"ViewMgr "= "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" []
"flag open bin grid "= "C:\Documents and Settings\All Users\Application Data\knob safe flag open\Waitglobal.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"Rhujbor "= "C:\WINDOWS\system32\??crosoft.NET\w?auboot.exe" [11/01/2007 06:45 AM]
"AIM "= "C:\PROGRA~1\AIM\aim.exe" [01/09/2008 10:12 AM]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [01/09/2008 10:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
gwum.lnk - C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [12/24/2004 6:28:43 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [6/10/2007 4:25:35 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/24/2004 6:01:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll "=
"pmsngr.exe "=C:\Program Files\strCodec\pmsngr.exe
"homepage.monitor.exe "=C:\Program Files\strCodec\isamonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6076d2b1-634c-4685-843b-f826045ea5dc} "= C:\WINDOWS\system32\syycum.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E1759A31-E627-4758-9562-6899DF36C9C2} "= C:\WINDOWS\system32\pmnlmnl.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hemadynamometer "= {6076d2b1-634c-4685-843b-f826045ea5dc} - C:\WINDOWS\system32\syycum.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cpolg]
C:\WINDOWS\Cursors\cpolg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmnl]
pmnlmnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winiae32]
winiae32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\ddayv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-01-09 10:25:03 ------------

 

You've got quite a mess there.

Download SmitfraudFix by S!Ri, saving it to the desktop.

• Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
• Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
• You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
• If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
• Reboot to normal mode when the tool completes.

Post the contents of C:\rapport.txt and a fresh HijackThis log.


Then, download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

A registry cleaner, eh.

I followed your instructions and by the time I got to SmitfraudFix it destroyed my computer and it wouldn't even start up anymore. Through the help of a friend I managed to get it back up and running by TODAY, but I still have these same problems.

 

It's not exactly a registry cleaner. It has a list of known rogue registry entries associated with one of the infections on your machine, and removes those entries when you click Yes.

What destroyed your computer ...... the infections or running SmitfraudFix? What exactly did it do (what is implied by 'destroyed')? What did you do to get it up and running again?