Hi,
Okay, please post that Malwarebytes' Anti-Malware log here. You can find the log in the Logs tab on Malwarebytes' Anti-Malware. The bottom most log is the latest.
Are you set IE to use this proxy?
66.98.238.8
Disable TeaTimer...
If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
If you already have SDFix, please delete this copy and download it again as it's being updated regularly.
Please download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) by AndyManchesta and save it to your desktop.
Double click on SDFix.exe. By default, it will install to C:\.
Click on Install.
Please print out or save this set of instructions as you will not have internet access during the fix.
Next, boot into Safe Mode.
Note! Let me know if you can't boot into Safe Mode. Do not continue with the fixes.
When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.
Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it) Double click on RunThis.bat
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key to reboot.
When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.
Then...
Please download Deckard's System Scanner from Tech Support Forum (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
Save all your work and close all opened programs.
Double click on dss.exe to run it. Follow the prompts.
When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
Please post the contents of the 2 log files in your next reply.
Please post SDFix log(report.txt), Dss logs and Malwarebytes' Anti-Malware log.
gotbob69
2008-06-24, 18:25
OK here are the logs the only one i won't show is the extra one because it has alot of personal info. also just to let you know i deleted some stuff from the main log sorry. i know your trying to help but hey its personal. to answer your question no i don't use that ip address but i do have it set to that it was a little test i did a while back why?. one more thing anything else is my computer clean ?
Malwarebytes' Anti-Malware 1.18
Database version: 881
11:31:52 PM 6/22/2008
mbam-log-6-22-2008 (23-31-52).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 98991
Time elapsed: 1 hour(s), 2 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\dadef.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\dadef.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{55BCE910-63B8-4FE0-AC84-E085287634D8}\RP461\A0058415.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
SDFIX LOG
SDFix: Version 1.196
Run by Owner on Tue 06/24/2008 at 10:08 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
MSDisk
MSWindows
Path :
"C:\WINDOWS\System32\irdvxc.exe" /service
"C:\WINDOWS\System32\urdvxc.exe" /service
MSDisk - Deleted
MSWindows - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\i - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 10:22:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:82,f0,3e,78,88,da,7c,c4,fd,d8,a5,14,81,57,e2,22,9f,c2,91,01,cf,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a5,42,89,a0,78,24,26,07,6f,bc,65,cd,b2,22,84,9d,..
"khjeh"=hex:3f,40,f2,bc,c6,83,19,b7,02,76,5a,91,1f,2e,b8,e8,da,a0,ad,50,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,4f,ff,a7,15,d8,d8,4e,1e,cd,db,cb,7e,e1,e2,fe,f7,19,be,12,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:82,f0,3e,78,88,da,7c,c4,fd,d8,a5,14,81,57,e2,22,9f,c2,91,01,cf,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a5,42,89,a0,78,24,26,07,6f,bc,65,cd,b2,22,84,9d,..
"khjeh"=hex:3f,40,f2,bc,c6,83,19,b7,02,76,5a,91,1f,2e,b8,e8,da,a0,ad,50,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,4f,ff,a7,15,d8,d8,4e,1e,cd,db,cb,7e,e1,e2,fe,f7,19,be,12,71,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 9 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 3 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Finished!
Deckard's main log
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-24 10:30:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
60: 2008-06-24 14:30:37 UTC - RP467 - Deckard's System Scanner Restore Point
59: 2008-06-23 21:21:46 UTC - RP466 -- Software Distribution Service 3.0
58: 2008-06-23 21:05:35 UTC - RP465 - Software Distribution Service 3.0
57: 2008-06-23 14:04:00 UTC - RP464 - Installed Psi Ops
56: 2008-06-22 23:12:13 UTC - RP463 - Removed Codec Checker
-- First Restore Point --
1: 2008-04-24 19:11:59 UTC - RP408 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:34 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192639527781
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4144 bytes
-- File Associations -----------------------------------------------------------
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 sysmgr64 - "c:\windows\sysmgr64.exe" (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-24 and 2008-06-24 -----------------------------
2008-06-24 10:03:34 0 d-------- C:\WINDOWS\ERUNT
2008-06-23 20:30:38 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-22 22:16:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-22 22:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 22:16:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 21:49:35 0 d-------- C:\Program Files\Trend Micro
2008-06-22 20:42:51 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-20 13:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-06-20 12:42:11 0 d-------- C:\Documents and Settings\Owner\Application Data\SuperEasy
2008-06-20 12:02:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 22:12:54 0 d-------- C:\Program Files\Media Converter SA Edition
2008-06-11 23:59:15 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-11 23:54:41 0 d-------- C:\Program Files\AVIcodec
-- Find3M Report ---------------------------------------------------------------
2008-06-23 18:57:56 0 d-------- C:\Documents and Settings\Owner\Application Data\wsInspector
2008-06-21 15:02:04 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 14:00:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 12:25:16 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-20 12:02:50 0 d-------- C:\Program Files\Common Files
2008-05-24 15:21:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-11 22:18:13 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-05-01 10:19:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07/25/2007 10:59 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [12/16/2007 10:09 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Task Manager 32]
C:\WINDOWS\System32\mstskmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1368f064-57d6-11dc-90dc-000d5664b6ef}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-06-24 10:33:01 ------------
gotbob69
2008-06-25, 04:33
DAFT Log saved on 2008-06-24 21:14:49
-----------------------------------------------------------------------
All associations okay!
UNINSTALL LIST
??
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Apple Mobile Device Support
Apple Software Update
AVIcodec (remove only)
Big Pack 8.4
Broadcom 440x 10/100 Integrated Controller
Broadcom Driver Installer
Broadcom Management Programs
CCleaner (remove only)
Combined Community Codec Pack 2007-07-22
Conexant SmartHSFi V.9x 56K DF PCI Modem
Dell ResourceCD
Dragon Ball M.U.G.E.N Edition 2007
Dragon Ball Z Budokai X 2.0
ffdshow [rev 610] [2006-12-01]
Half-Life
HijackThis 2.0.2
ImgBurn (Remove Only)
Java 2 Runtime Environment, SE v1.4.2
Labtec Media Keyboard V5.1
LG USB Modem Drivers
Little Fighter 2 1.9c
Logitech Audio Echo Cancellation Component
Logitech Video Enumerator
Malwarebytes' Anti-Malware
Media Converter SA Edition 0.8
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AppLocale
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
Modem Helper
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NOD32 antivirus system
NOD32 FiX
NVIDIA Drivers
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Shareaza version 2.2.5.0
SoundMAX
Spybot - Search & Destroy
Spyware Doctor 5.5
Trillian
TweakNow RegCleaner Standard
Uninstall Startup Inspector
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6d
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Video 9 Advanced Profile Codec
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 11
ZoneAlarm
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-24 21:25:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:16 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192639527781
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4283 bytes
-- Files created between 2008-05-24 and 2008-06-24 -----------------------------
2008-06-24 10:03:34 0 d-------- C:\WINDOWS\ERUNT
2008-06-23 20:30:38 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-22 22:16:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-22 22:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 22:16:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 21:49:35 0 d-------- C:\Program Files\Trend Micro
2008-06-22 20:42:51 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-20 13:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-06-20 12:42:11 0 d-------- C:\Documents and Settings\Owner\Application Data\SuperEasy
2008-06-20 12:02:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 22:12:54 0 d-------- C:\Program Files\Media Converter SA Edition
2008-06-18 19:28:22 0 d-------- C:\Program Files\DAEMON Tools
2008-06-11 23:59:15 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-11 23:54:41 0 d-------- C:\Program Files\AVIcodec
-- Find3M Report ---------------------------------------------------------------
2008-06-23 18:57:56 0 d-------- C:\Documents and Settings\Owner\Application Data\wsInspector
2008-06-21 15:02:04 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 14:00:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 12:25:16 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-20 12:02:50 0 d-------- C:\Program Files\Common Files
2008-05-24 15:21:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-11 22:18:13 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-05-01 10:19:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07/25/2007 10:59 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [12/16/2007 10:09 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1368f064-57d6-11dc-90dc-000d5664b6ef}]
AutoRun\command- G:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-06-24 21:26:20 ------------
ok here you go so what now ? also if you need me to do anything else please tell me why before i do it. so i don't do something that i might not want to do.