PDA

View Full Version : VIRUS/TROJAN/MALWARE ? Need help please :(



Owhat
2007-07-09, 21:04
Hello,

This is my 1st time being attacked by a virus/trojan/malware and not being able to fix it. I have NO idea how it attacked my system. I 1st noticed that something was wrong when I tried playing counter-strike source 2 days ago on steam. When I tried to open up the game this message popped up saying that the game was unavailable and then my anti-virus popped up with a trojan/virus alert. All of a sudden, my anti-virus icon on the bottom right of the screen would disappear every restart when I would put my mouse over it. Then I couldnt open up the task manager. Then it wouldnt lemme update my anti-virus or lemme run regedit. I've run all sorts of programs to try to fix this like spybot, ad-aware se, spybot, registry mechanic, spydoctor, tune-up utilities, CWS shredder and thats all I can remember. I did sort of fix it a little cuz my anti-virus is able to update and it doesnt disappear anymore, I can access task manager and run commands like regedit. I don't know how I did it, I just restarted after running all the software I mentioned above and I got SOME control back. I know that it is still in my system because my computer is ultra sluggish when I surf the web and I am still unable to start games on steam cuz my anti-virus keeps giving me the same warning.

I did some online research about the trojan name I got from my anti-virus and thought I had found the solution here:
http://www.geekstogo.com/forum/lofiversion/index.php/t86459.html

I did everything that the thread mention but still no luck :(

These are my logs after my attempt to fix.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:58:02 AM, on 07/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremy Thomas\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O15 - Trusted Zone: www.dell.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128189775953
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\Temporary Directory 1 for CWShredder.zip\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: My Current Home Page - http://g.myspace.com/00054/23/69/54429632_l.jpg

-------------------------------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:33:36 PM 07/08/07

+ Scan result:



F:\Programs_Software_Games\EVEREST Ultimate Edition 2006 Build 3.00.630 & Keygen.rar/EVEREST Ultimate Edition 2006 Build 3.00.630 & Keygen\Everest Ultimate Edition 2006 Build 3.00.630 Final & Keygen\New Folder\keygen.exe -> Adware.180Solutions : Cleaned.
F:\Programs_Software_Games\EVEREST Ultimate Edition 2006 Build 3.00.630 & Keygen\Everest Ultimate Edition 2006 Build 3.00.630 Final & Keygen\New Folder\keygen.exe -> Adware.180Solutions : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#DISPLAY#nvcap#5&a5c9b29&0&ca000002&01&00#{6994ad04-93ef-11d0-a3cc-00a0c9223196} -> Adware.RapidBlaster : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#DISPLAY#nvcap#5&a5c9b29&0&ca000002&01&00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#GLOBAL -> Adware.RapidBlaster : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#DISPLAY#nvcap#5&a5c9b29&0&ca000002&01&00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#GLOBAL\Device Parameters -> Adware.RapidBlaster : Cleaned.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP980\A0163580.exe/lmonit.exe -> Backdoor.Agent.aqb : Cleaned.
C:\WINDOWS\SYSTEM32\netshield.exe -> Backdoor.Agent.aqb : Cleaned.
F:\Programs_Software_Games\Wintasks Professional 5.03 Cracked-Tsrh.zip/cracked.zip/wintasks.exe -> Downloader.Small : Cleaned.
F:\Programs_Software_Games\Wintasks Professional 5.03 Cracked-Tsrh\cracked.zip/wintasks.exe -> Downloader.Small : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@2.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Cookies\jeremy thomas@www.paypal[1].txt -> TrackingCookie.Paypal : Ignored.
:mozilla.11:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Profiles\default\28b5ghi1.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.12:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Profiles\default\28b5ghi1.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.6:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Firefox\Profiles\n72ewefg.Owhat\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.7:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Firefox\Profiles\n72ewefg.Owhat\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.6:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Profiles\default\28b5ghi1.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.7:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Profiles\default\28b5ghi1.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.8:C:\Documents and Settings\Jeremy Thomas\Application Data\Mozilla\Profiles\default\28b5ghi1.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\6.0\35\588592a3-2fc0e0f1/Dex.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\6.0\35\588592a3-2fc0e0f1/Dix.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\6.0\35\588592a3-2fc0e0f1/Dux.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-620552de-7341a337.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-620552de-7341a337.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Jeremy Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-620552de-7341a337.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned.


::Report end

-------------------------------------------------------------------------

Please help :sad: Thanks in advance.

Owhat

Owhat
2007-07-09, 21:05
OG post was too long and had to be shortened so here is my smitfiles.txt log:

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 07/08/07
The current time is: 20:54:46.01

Running from
C:\Documents and Settings\Jeremy Thomas\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server"
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"="C:\\Program Files\\Xfire\\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"G:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe"="G:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe:*:Enabled:Brothers In Arms: Road to Hill 30"
"G:\\Program Files\\Steam\\SteamApps\\owhat\\day of defeat source\\hl2.exe"="G:\\Program Files\\Steam\\SteamApps\\owhat\\day of defeat source\\hl2.exe:*:Enabled:hl2.exe"
"G:\\Program Files\\Steam\\Steam.exe"="G:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"G:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="G:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"G:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="G:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE:*:Enabled:LiveUpdate"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"G:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="G:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.12.6"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1484 'explorer.exe'
Killing PID 1484 'explorer.exe'
Killing PID 1484 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

tashi
2007-07-17, 02:19
Hello.

The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)