1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved System Error! .....someone help!

Discussion in 'Malware and Virus Removal Archive' started by woiz, 2007/12/25.

  1. 2007/12/25
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    [Resolved] System Error! .....someone help!

    hello knowledgeable folks
    For last 2 days i am getting this stupid messege every now and then ,when ever i navigate or brows on internet or try to open a folder in my computer it says:
    System Error!
    Your computer has been infected by Torjan.win32.patched.
    Its dengerouse for your system (criticle files can be lost)!
    click on OK to download antispyware program to clean your system!(Recommended)
    OK and Cancel bottons.

    I download that program which was file.secure.exe it had found a torjan but didnt show where it was...and for removing I had to purchese the program..
    as I had my own antispyware...AVG anti spyware and Norton anti spyware but, they couldnt find any Torjan except some Tracker cookies.
    I run HiJack This ...and Deckard...the results are below..
    HiJack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:42:49 PM, on 25/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Mdn.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnp325.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://ca.search.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://ca.search.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Globe7] "D:\My downloads\Globe7.exe" /hide
    O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SystemRecovery.com TaskBar Icon.LNK = C:\Program Files\SystemRecovery.com\CBSysTray.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2F6F7954-DA8B-4838-919C-CA0B4DED9204} (eVoiceChatSecurityControl.MachineInfo) - http://afghansite.com/VoiceChat/evcSeCtl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.chatdivel.com/talk.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174757974740
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

    --
    End of file - 12050 bytes
     
    woiz,
    #1
  2. 2007/12/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS woiz :)

    Please post the log from dss for analysis.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/12/26
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    ops sorry for that i thought i had posted the dss results as well
    and I have to say that because of this Torjan....computer`s speed decreased and when i do search on google it says:
    Error!
    your browser was hijacked! some results was changed by **** advertising!
    you need to clean your system immediately to prevent it . Download the newest antispyware software.

    here is dss result:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2007-12-25 22:40:11
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    55: 2007-12-26 03:40:26 UTC - RP349 - Deckard's System Scanner Restore Point
    54: 2007-12-25 03:25:15 UTC - RP348 - Restore Operation
    53: 2007-12-24 07:05:18 UTC - RP347 - System Checkpoint
    52: 2007-12-22 23:31:11 UTC - RP346 - System Checkpoint
    51: 2007-12-21 00:07:56 UTC - RP345 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2007-10-27 05:43:25 UTC - RP295 - Installed Java(TM) 6 Update 3


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 254 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:42:49 PM, on 25/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Mdn.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnp325.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://ca.search.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://ca.search.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Globe7] "D:\My downloads\Globe7.exe" /hide
    O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SystemRecovery.com TaskBar Icon.LNK = C:\Program Files\SystemRecovery.com\CBSysTray.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2F6F7954-DA8B-4838-919C-CA0B4DED9204} (eVoiceChatSecurityControl.MachineInfo) - http://afghansite.com/VoiceChat/evcSeCtl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.chatdivel.com/talk.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174757974740
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

    --
    End of file - 12050 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 IdeBusDr - c:\windows\system32\drivers\idebusdr.sys <Not Verified; Intel Corporation; Intel Application Accelerator Driver>
    R0 IdeChnDr (Intel(R) Ultra ATA Controller) - c:\windows\system32\drivers\idechndr.sys <Not Verified; Intel Corporation; Intel Application Accelerator Driver>
    R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
    R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

    S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
    S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
    S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
    S3 SNP325 (USB PC Camera (SNPSTD325)) - c:\windows\system32\drivers\snp325.sys <Not Verified; Sonix Co. Ltd.; USB PC Camera>
    S3 snpstd (USB PC Camera (SN9C102)) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>
    S3 STV680 - c:\windows\system32\drivers\stv680.sys (file missing)
    S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
    S2 McAfee HackerWatch Service - "c:\program files\common files\mcafee\hackerwatch\hwapi.exe" (file missing)
    S2 mcmscsvc (McAfee Services) - c:\progra~1\mcafee\msc\mcmscsvc.exe (file missing)
    S2 McODS (McAfee Scanner) - c:\progra~1\mcafee\viruss~1\mcods.exe (file missing)
    S2 mcpromgr (McAfee Protection Manager) - c:\progra~1\mcafee\msc\mcpromgr.exe (file missing)
    S2 McRedirector (McAfee Redirector Service) - c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe (file missing)
    S2 McShield (McAfee Real-time Scanner) - c:\progra~1\mcafee\viruss~1\mcshield.exe (file missing)
    S2 McSysmon (McAfee SystemGuards) - c:\progra~1\mcafee\viruss~1\mcsysmon.exe (file missing)
    S2 MpfService (McAfee Personal Firewall Service) - "c:\program files\mcafee\mpf\mpfsrv.exe" (file missing)
    S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
    S3 Emproxy (McAfee E-mail Proxy) - c:\progra~1\common~1\mcafee\emproxy\emproxy.exe (file missing)
    S3 mcmispupdmgr (McAfee Update Manager) - c:\progra~1\mcafee\msc\mcupdmgr.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Ethernet Controller
    Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2007-12-25 20:38:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2007-12-25 20:34:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2007-12-15 01:00:00 264 --a------ C:\WINDOWS\Tasks\McDefragTask.job
    2007-12-07 20:00:00 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job
    2007-12-01 01:00:00 356 --a------ C:\WINDOWS\Tasks\McQcTask.job


    -- Files created between 2007-11-25 and 2007-12-25 -----------------------------

    2007-12-25 21:22:19 0 d-------- C:\Program Files\Trend Micro
    2007-12-24 19:45:34 0 d-------- C:\Program Files\FreeCall.com
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2007-12-24 14:56:51 225280 --a------ C:\WINDOWS\poswin.dll <Not Verified; Kodack; >
    2007-12-20 20:19:53 0 d-------- C:\Program Files\Circle Developement
    2007-12-16 23:26:20 0 d-------- C:\Documents and Settings\Owner\Application Data\FreeCall
    2007-12-16 22:39:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
    2007-12-02 17:44:04 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
    2007-12-02 17:43:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
    2007-12-02 17:43:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Templates
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Start Menu
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
    2007-12-02 17:43:04 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\My Documents
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Favorites
    2007-12-02 17:43:04 0 d-------- C:\Documents and Settings\Guest\Desktop
    2007-12-02 17:43:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
    2007-12-02 17:43:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
    2007-12-02 07:39:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Spam Monitor
    2007-12-02 07:39:02 0 d-------- C:\Program Files\Spam Monitor


    -- Find3M Report ---------------------------------------------------------------

    2007-12-25 15:53:01 0 d-------- C:\Program Files\Messenger
    2007-12-25 14:12:53 0 d-------- C:\Program Files\Intel
    2007-12-25 12:08:10 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
    2007-12-25 09:17:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
    2007-12-24 18:32:36 0 d-------- C:\Program Files\Yahoo!
    2007-12-24 16:47:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2007-12-20 20:19:51 0 d-------- C:\Program Files\Messenger Plus! Live
    2007-12-20 20:19:48 0 d-------- C:\Program Files\MSN Messenger
    2007-12-11 06:51:25 0 d-------- C:\Program Files\LiveFTA
    2007-12-08 23:37:32 0 d-------- C:\Program Files\JetAudio
    2007-12-08 23:37:07 0 d-------- C:\Program Files\Common Files\COWON
    2007-11-21 12:13:40 0 d-------- C:\Program Files\Veoh Networks
    2007-11-20 01:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-11 19:01:45 0 d-------- C:\Program Files\DivX
    2007-11-10 17:15:59 0 d-------- C:\Program Files\SharpC
    2007-11-09 23:29:49 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
    2007-11-09 23:29:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2007-11-04 07:33:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
    2007-11-04 07:31:56 0 d-------- C:\Program Files\Common Files
    2007-11-04 07:31:56 0 d-------- C:\Program Files\Common Files\xing shared
    2007-11-04 07:31:50 0 d-------- C:\Program Files\Common Files\Real
    2007-10-27 00:47:43 0 d-------- C:\Program Files\Java


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{369A87BB-07DF-4AB6-B23D-B5BF81338572}]
    24/12/2007 03:02 PM 225280 --a------ C:\WINDOWS\poswin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{728ef818-0160-44bf-8b46-298fcba0606e}]
    11/12/2007 06:54 AM 1502232 --a------ C:\Program Files\LiveFTA\tbLiv0.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{728EF818-0160-44BF-8B46-298FCBA0606E} "= C:\Program Files\LiveFTA\tbLiv0.dll [11/12/2007 06:54 AM 1502232]

    [-HKEY_CLASSES_ROOT\CLSID\{728EF818-0160-44BF-8B46-298FCBA0606E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [10/02/2004 10:55 AM]
    "HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [10/02/2004 10:51 AM]
    "SoundMan "= "SOUNDMAN.EXE" [11/01/2006 03:08 PM C:\WINDOWS\soundman.exe]
    "Globe7 "= "D:\My downloads\Globe7.exe" []
    "Wah "= "C:\Program Files\Common Files\Mdn.exe" [12/10/2006 06:57 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 02:23 AM]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 05:20 PM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 12:31 AM]
    "MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [29/08/2002 07:00 AM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 09:41 PM]
    "CameraFixer "= "C:\WINDOWS\CameraFixer.exe" [09/10/2006 05:32 PM]
    "tsnpstd3 "= "C:\WINDOWS\tsnpstd3.exe" []
    "snp325 "= "C:\WINDOWS\vsnp325.exe" [10/10/2006 02:11 PM]
    "Lexmark X1100 Series "= "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 05:43 AM]
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "snpstd "= "C:\WINDOWS\vsnpstd.exe" [23/08/2006 01:36 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/2007 07:31 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07/10/2006 07:20 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:56 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 11:24 AM]
    "BitTorrent "= "D:\bittorrent.exe" []
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 01:21 PM]
    "@ "=" " []
    "FreeCall "= "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [17/04/2007 02:28 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= :\WINDOWS\system32\srr

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C05E2E9-19E2-1B28-0307-060705010805}]
    C:\WINDOWS\msgmsr.exe /1



    -- End of Deckard's System Scanner: finished at 2007-12-25 22:44:09 ------------
     
    woiz,
    #3
  5. 2007/12/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Double click fix.reg and allow it to merge with the registry.

    Download SmitfraudFix by S!Ri, saving it to the desktop.

    • Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
    • Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
    • You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
    • If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
    • Reboot to normal mode when the tool completes.

    Post the contents of C:\rapport.txt and a fresh dss log.
     
    noahdfear,
    #4
  6. 2007/12/26
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    here is c:\repport.text:
    SmitFraudFix v2.274

    Scan done at 7:55:01.15, 26/12/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix.exe by S!Ri
    C:\WINDOWS\poswin.dll deleted.


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{03BB6BB1-9BE4-435F-9931-E1C469DAFD50}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1277B926-8225-4876-A7DF-FAF96F8DD7B0}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{98577903-8D98-4614-BE08-FBB1C8ED7425}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1277B926-8225-4876-A7DF-FAF96F8DD7B0}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{98577903-8D98-4614-BE08-FBB1C8ED7425}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E66860F9-DBDF-470B-8EB8-6F82E636A795}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{03BB6BB1-9BE4-435F-9931-E1C469DAFD50}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{1277B926-8225-4876-A7DF-FAF96F8DD7B0}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{98577903-8D98-4614-BE08-FBB1C8ED7425}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{98577903-8D98-4614-BE08-FBB1C8ED7425}: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    And copy of Fresh dss log:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2007-12-26 08:04:23
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 78% (more than 75%).
    Total Physical Memory: 254 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:04:36 AM, on 26/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Mdn.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnp325.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Globe7] "D:\My downloads\Globe7.exe" /hide
    O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SystemRecovery.com TaskBar Icon.LNK = C:\Program Files\SystemRecovery.com\CBSysTray.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2F6F7954-DA8B-4838-919C-CA0B4DED9204} (eVoiceChatSecurityControl.MachineInfo) - http://afghansite.com/VoiceChat/evcSeCtl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.chatdivel.com/talk.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174757974740
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

    --
    End of file - 11176 bytes

    -- Files created between 2007-11-26 and 2007-12-26 -----------------------------

    2007-12-26 07:55:13 4020 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-26 07:54:31 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-26 07:54:31 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-12-26 07:54:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-12-26 07:54:31 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-12-26 07:54:31 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2007-12-26 07:54:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-25 21:22:19 0 d-------- C:\Program Files\Trend Micro
    2007-12-24 19:45:34 0 d-------- C:\Program Files\FreeCall.com
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2007-12-20 20:19:53 0 d-------- C:\Program Files\Circle Developement
    2007-12-16 23:26:20 0 d-------- C:\Documents and Settings\Owner\Application Data\FreeCall
    2007-12-16 22:39:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
    2007-12-02 17:44:04 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
    2007-12-02 17:43:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
    2007-12-02 17:43:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Templates
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Start Menu
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
    2007-12-02 17:43:04 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\My Documents
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Favorites
    2007-12-02 17:43:04 0 d-------- C:\Documents and Settings\Guest\Desktop
    2007-12-02 17:43:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
    2007-12-02 17:43:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
    2007-12-02 07:39:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Spam Monitor
    2007-12-02 07:39:02 0 d-------- C:\Program Files\Spam Monitor


    -- Find3M Report ---------------------------------------------------------------

    2007-12-25 15:53:01 0 d-------- C:\Program Files\Messenger
    2007-12-25 14:12:53 0 d-------- C:\Program Files\Intel
    2007-12-25 12:08:10 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
    2007-12-25 09:17:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
    2007-12-24 18:32:36 0 d-------- C:\Program Files\Yahoo!
    2007-12-24 16:47:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2007-12-20 20:19:51 0 d-------- C:\Program Files\Messenger Plus! Live
    2007-12-20 20:19:48 0 d-------- C:\Program Files\MSN Messenger
    2007-12-11 06:51:25 0 d-------- C:\Program Files\LiveFTA
    2007-12-08 23:37:32 0 d-------- C:\Program Files\JetAudio
    2007-12-08 23:37:07 0 d-------- C:\Program Files\Common Files\COWON
    2007-11-21 12:13:40 0 d-------- C:\Program Files\Veoh Networks
    2007-11-20 01:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-11 19:01:45 0 d-------- C:\Program Files\DivX
    2007-11-10 17:15:59 0 d-------- C:\Program Files\SharpC
    2007-11-09 23:29:49 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
    2007-11-09 23:29:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2007-11-04 07:33:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
    2007-11-04 07:31:56 0 d-------- C:\Program Files\Common Files
    2007-11-04 07:31:56 0 d-------- C:\Program Files\Common Files\xing shared
    2007-11-04 07:31:50 0 d-------- C:\Program Files\Common Files\Real
    2007-10-27 00:47:43 0 d-------- C:\Program Files\Java


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{369A87BB-07DF-4AB6-B23D-B5BF81338572}]
    C:\WINDOWS\poswin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{728ef818-0160-44bf-8b46-298fcba0606e}]
    11/12/2007 06:54 AM 1502232 --a------ C:\Program Files\LiveFTA\tbLiv0.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{728EF818-0160-44BF-8B46-298FCBA0606E} "= C:\Program Files\LiveFTA\tbLiv0.dll [11/12/2007 06:54 AM 1502232]

    [-HKEY_CLASSES_ROOT\CLSID\{728EF818-0160-44BF-8B46-298FCBA0606E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [10/02/2004 10:55 AM]
    "HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [10/02/2004 10:51 AM]
    "SoundMan "= "SOUNDMAN.EXE" [11/01/2006 03:08 PM C:\WINDOWS\soundman.exe]
    "Globe7 "= "D:\My downloads\Globe7.exe" []
    "Wah "= "C:\Program Files\Common Files\Mdn.exe" [12/10/2006 06:57 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 02:23 AM]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 05:20 PM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 12:31 AM]
    "MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [29/08/2002 07:00 AM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 09:41 PM]
    "CameraFixer "= "C:\WINDOWS\CameraFixer.exe" [09/10/2006 05:32 PM]
    "tsnpstd3 "= "C:\WINDOWS\tsnpstd3.exe" []
    "snp325 "= "C:\WINDOWS\vsnp325.exe" [10/10/2006 02:11 PM]
    "Lexmark X1100 Series "= "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 05:43 AM]
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "snpstd "= "C:\WINDOWS\vsnpstd.exe" [23/08/2006 01:36 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/2007 07:31 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:56 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 11:24 AM]
    "BitTorrent "= "D:\bittorrent.exe" []
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 01:21 PM]
    "@ "=" " []
    "FreeCall "= "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [17/04/2007 02:28 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C05E2E9-19E2-1B28-0307-060705010805}]
    C:\WINDOWS\msgmsr.exe /1



    -- End of Deckard's System Scanner: finished at 2007-12-26 08:05:17 ------------

    ....

    So far i am not getting that messege, ist mean my system is clean now?
    if yes ...thank you very much man...you are The MAN!
     
    woiz,
    #5
  7. 2007/12/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    A few more things to do .........

    Scan again with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.

    O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe

    Delete the following files if present

    C:\WINDOWS\msgmsr.exe
    C:\Program Files\Common Files\Mdn.exe

    Highlight and copy all of the bolded text below.


    reg delete "HKLM\software\microsoft\active setup\installed components\{2C05E2E9-19E2-1B28-0307-060705010805}" /f
    exit
    cls


    Now click Start>Run and type cmd then hit enter to open a command window. Right click in the command window then Paste the copied text. The command window will close on it's own.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Now reboot into Safe Mode and logon to your user account.
    1. Open the extracted SDFix folder and double click RunThis.cmd to start the script.
    2. Type Y to begin the cleanup process.
    3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    4. Press any Key and it will restart the PC.
    5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    7. Post the contents of the Report.txt along with a new dss log.
     
    noahdfear,
    #6
  8. 2007/12/27
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    here is the copy of SDFix:


    SDFix: Version 1.119

    Run by Owner on 27/12/2007 at 09:59 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\autorun.inf - Deleted




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-27 22:10:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 10


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger "
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\Ares\\Ares.exe "= "C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe "
    "D:\\MyWorks\\utorrent.exe "= "D:\\MyWorks\\utorrent.exe:*:Enabled:æTorrent "
    "C:\\Program Files\\JetAudio\\JcServer.exe "= "C:\\Program Files\\JetAudio\\JcServer.exe:*:Enabled:jcServer "
    "C:\\Program Files\\JetAudio\\jetChat.exe "= "C:\\Program Files\\JetAudio\\jetChat.exe:*:Enabled:jetChat - chatting for jetCast "
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe "= "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
    "C:\\WINDOWS\\SYSTEM32\\rundll32.exe "= "C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Run a DLL as an App "
    "D:\\put it here\\SAMBC.exe "= "D:\\put it here\\SAMBC.exe:*:Enabled:SAMBC "
    "C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE "= "C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE "
    "C:\\Program Files\\JetAudio\\JetAudio.exe "= "C:\\Program Files\\JetAudio\\JetAudio.exe:*:Enabled:jetAudio "
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
    "D:\\Downloads\\Ares\\Ares.exe "= "D:\\Downloads\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows "
    "C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe "= "C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe:*:Enabled:Eyeball Chat "
    "C:\\Program Files\\Sop Cast\\SopCast.exe "= "C:\\Program Files\\Sop Cast\\SopCast.exe:*:Enabled:SoP Client "
    "C:\\Program Files\\Zattoo\\zattood.exe "= "C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood "
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client "
    "C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe "= "C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver "
    "C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe "= "C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Fri 23 Apr 1999 93,890 ..SH. --- "C:\COMMAND.COM "
    Fri 23 Apr 1999 53,248 A..H. --- "C:\Program Files\Accessories\mspcx32.dll "
    Sat 9 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sun 1 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp "
    Sat 9 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak "
    Wed 14 Feb 2007 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak "
    Sat 18 Nov 2006 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak "
    Wed 28 Aug 2002 6,336 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD17A.tmp "
    Wed 28 Aug 2002 4,304 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD17D.tmp "
    Wed 28 Aug 2002 23,408 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD180.tmp "
    Wed 28 Aug 2002 31,712 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD183.tmp "
    Wed 28 Aug 2002 8,368 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD186.tmp "
    Wed 28 Aug 2002 5,312 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD189.tmp "
    Wed 28 Aug 2002 57,936 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD193.tmp "
    Wed 28 Aug 2002 81,728 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD196.tmp "
    Wed 28 Aug 2002 64,656 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD199.tmp "
    Wed 28 Aug 2002 89,856 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD19C.tmp "
    Wed 28 Aug 2002 26,112 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD1DC.tmp "
    Wed 28 Aug 2002 21,504 A..H. --- "C:\Deckard\System Scanner\20071226080421\backup\WINDOWS\temp\OLD1DF.tmp "

    Finished!

    And here is copy of fresh dss:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2007-12-27 22:21:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 254 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:17 PM, on 27/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnp325.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    D:\operation spyware removing\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Globe7] "D:\My downloads\Globe7.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SystemRecovery.com TaskBar Icon.LNK = C:\Program Files\SystemRecovery.com\CBSysTray.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2F6F7954-DA8B-4838-919C-CA0B4DED9204} (eVoiceChatSecurityControl.MachineInfo) - http://afghansite.com/VoiceChat/evcSeCtl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.chatdivel.com/talk.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174757974740
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

    --
    End of file - 10771 bytes

    -- Files created between 2007-11-27 and 2007-12-27 -----------------------------

    2007-12-27 21:58:01 0 d-------- C:\WINDOWS\ERUNT
    2007-12-26 07:55:13 4020 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-26 07:54:31 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-26 07:54:31 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-12-26 07:54:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-12-26 07:54:31 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-12-26 07:54:31 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2007-12-26 07:54:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-25 21:22:19 0 d-------- C:\Program Files\Trend Micro
    2007-12-24 19:45:34 0 d-------- C:\Program Files\FreeCall.com
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2007-12-24 18:20:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2007-12-20 20:19:53 0 d-------- C:\Program Files\Circle Developement
    2007-12-16 23:26:20 0 d-------- C:\Documents and Settings\Owner\Application Data\FreeCall
    2007-12-16 22:39:48 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
    2007-12-02 17:44:04 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
    2007-12-02 17:43:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
    2007-12-02 17:43:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Templates
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Start Menu
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
    2007-12-02 17:43:04 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\My Documents
    2007-12-02 17:43:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
    2007-12-02 17:43:04 0 dr------- C:\Documents and Settings\Guest\Favorites
    2007-12-02 17:43:04 0 d-------- C:\Documents and Settings\Guest\Desktop
    2007-12-02 17:43:04 0 d--hs---- C:\Documents and Settings\Guest\Cookies
    2007-12-02 17:43:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
    2007-12-02 17:43:04 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
    2007-12-02 07:39:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Spam Monitor
    2007-12-02 07:39:02 0 d-------- C:\Program Files\Spam Monitor


    -- Find3M Report ---------------------------------------------------------------

    2007-12-27 21:52:35 0 d-------- C:\Program Files\Common Files
    2007-12-26 16:59:42 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
    2007-12-25 15:53:01 0 d-------- C:\Program Files\Messenger
    2007-12-25 14:12:53 0 d-------- C:\Program Files\Intel
    2007-12-25 09:17:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
    2007-12-24 18:32:36 0 d-------- C:\Program Files\Yahoo!
    2007-12-24 16:47:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2007-12-20 20:19:51 0 d-------- C:\Program Files\Messenger Plus! Live
    2007-12-20 20:19:48 0 d-------- C:\Program Files\MSN Messenger
    2007-12-11 06:51:25 0 d-------- C:\Program Files\LiveFTA
    2007-12-08 23:37:32 0 d-------- C:\Program Files\JetAudio
    2007-12-08 23:37:07 0 d-------- C:\Program Files\Common Files\COWON
    2007-11-21 12:13:40 0 d-------- C:\Program Files\Veoh Networks
    2007-11-20 01:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-11 19:01:45 0 d-------- C:\Program Files\DivX
    2007-11-10 17:15:59 0 d-------- C:\Program Files\SharpC
    2007-11-09 23:29:49 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
    2007-11-09 23:29:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2007-11-04 07:33:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
    2007-11-04 07:31:56 0 d-------- C:\Program Files\Common Files\xing shared
    2007-11-04 07:31:50 0 d-------- C:\Program Files\Common Files\Real
    2007-10-27 00:47:43 0 d-------- C:\Program Files\Java


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{728ef818-0160-44bf-8b46-298fcba0606e}]
    11/12/2007 06:54 AM 1502232 --a------ C:\Program Files\LiveFTA\tbLiv0.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{728EF818-0160-44BF-8B46-298FCBA0606E} "= C:\Program Files\LiveFTA\tbLiv0.dll [11/12/2007 06:54 AM 1502232]

    [-HKEY_CLASSES_ROOT\CLSID\{728EF818-0160-44BF-8B46-298FCBA0606E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [10/02/2004 10:55 AM]
    "HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [10/02/2004 10:51 AM]
    "SoundMan "= "SOUNDMAN.EXE" [11/01/2006 03:08 PM C:\WINDOWS\soundman.exe]
    "Globe7 "= "D:\My downloads\Globe7.exe" []
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 02:23 AM]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 05:20 PM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 12:31 AM]
    "MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [29/08/2002 07:00 AM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 07:00 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 09:41 PM]
    "CameraFixer "= "C:\WINDOWS\CameraFixer.exe" [09/10/2006 05:32 PM]
    "tsnpstd3 "= "C:\WINDOWS\tsnpstd3.exe" []
    "snp325 "= "C:\WINDOWS\vsnp325.exe" [10/10/2006 02:11 PM]
    "Lexmark X1100 Series "= "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 05:43 AM]
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "snpstd "= "C:\WINDOWS\vsnpstd.exe" [23/08/2006 01:36 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/2007 07:31 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:56 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 11:24 AM]
    "BitTorrent "= "D:\bittorrent.exe" []
    "QuickTime Task "= "D:\qttask.exe" [27/04/2007 08:41 AM]
    "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 01:21 PM]
    "FreeCall "= "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [17/04/2007 02:28 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\menu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16e5946-2cb7-11db-8926-806d6172696f}]
    AutoRun\command- F:\menu.exe




    -- End of Deckard's System Scanner: finished at 2007-12-27 22:23:05 ------------

    Thanx
     
    woiz,
    #7
  9. 2007/12/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Sorry for the late reply :eek:

    Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Code:
    REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\[COLOR="black"]mountpoints2\F[/COLOR]]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\[COLOR="Black"]mountpoints2\{a16e5946[/COLOR]-2cb7-11db-8926-806d6172696f}]
    Double click fix.reg and allow it to merge with the registry.

    You can delete fix.reg.

    Delete the following files left behind by SmitfraudFix.

    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\WS2Fix.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\IEDFix.exe
    C:\WINDOWS\system32\dumphive.exe


    You have a hidden file that shouldn't be there. Lets get rid of it. Highlight and copy the bolded command below.

    attrib -r -h -s C:\COMMAND.COM

    Click Start>Run and type cmd then hit enter to open a command window. Right click and paste the command into the window then hit enter. Now copy the next bolded command and pste it in then hit enter.

    del /q C:\COMMAND.COM

    Close the command window.

    Delete the SmitfraudFix file(s) and folder, as well as the SDFix.exe file from your desktop.
    Delete the folders C:\SDFix and C:\Deckard

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot

    Now lets make sure we haven't overlooked anything. Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log. Let me know how your computer is behaving.
     
    noahdfear,
    #8
  10. 2007/12/28
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    Hello !

    I didnt get any log for Kaspersky...the result was there it was saying that it didnt find any infected file.I left the pc on and it was scanning when i came back it was saying Done ..

    here is the copy of HiJack This:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:11 PM, on 28/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnp325.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: LiveFTA Toolbar - {728ef818-0160-44bf-8b46-298fcba0606e} - C:\Program Files\LiveFTA\tbLiv0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Globe7] "D:\My downloads\Globe7.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SystemRecovery.com TaskBar Icon.LNK = C:\Program Files\SystemRecovery.com\CBSysTray.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2F6F7954-DA8B-4838-919C-CA0B4DED9204} (eVoiceChatSecurityControl.MachineInfo) - http://afghansite.com/VoiceChat/evcSeCtl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.chatdivel.com/talk.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174757974740
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

    --
    End of file - 10665 bytes


    Yeah and my PC is behaving well,...thanks for the help .
     
    woiz,
    #9
  11. 2007/12/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. :)

    If you're satisfied that the computer is working properly, I recommend you clear the System Restore points.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #10
  12. 2007/12/29
    woiz

    woiz Inactive Thread Starter

    Joined:
    2007/12/25
    Messages:
    8
    Likes Received:
    0
    Thanks man I realy aprociate it....
    God bless!
     
    woiz,
    #11
  13. 2007/12/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome. :)
     
    noahdfear,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...