Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer is very slaow n is freezing


  • This topic is locked This topic is locked
13 replies to this topic

#1 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 January 2008 - 06:41 AM

Please help me, my computer keep freezing :unsure:
I have scan with AVG antivirus, Adaware, Spysweeper and have even used ccleaner but in vain, it keep freezing :wacko: and need to press reset button each time. I know that doing this will damage my harddisk but I have no choice and I have been writing this message two time coz it keep freezing :angry: :angry:


Thank in Advance

Logfile of HijackThis v1.99.1
Scan saved at 3:48:37 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
C:\Ad-aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
C:\YASPRO~1\avgamsvr.exe
C:\YASPRO~1\avgupsvc.exe
C:\bluesoleil\BlueSoleilCS.exe
F:\WINDOWS\system32\slserv.exe
F:\WINDOWS\system32\svchost.exe
C:\Spy Sweeper\SpySweeper.exe
C:\bluesoleil\BsHelpCS.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\YASPRO~1\avgcc.exe
C:\iPod\bin\iPodService.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe
C:\bluesoleil\BtTray.exe
C:\Spy Sweeper\SpySweeperUI.exe
C:\Internet Download Manager\IDMan.exe
C:\Ares\Ares.exe
C:\Internet Download Manager\IEMonitor.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Metacafe\MetacafeAgent.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.129.105.10:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\yas program\itune\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\yas program\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\YASPRO~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [BtTray] "C:\bluesoleil\BtTray.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [IDMan] "C:\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ad-aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\YASPRO~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\YASPRO~1\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\bluesoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\bluesoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot So

Edited by yasvin, 27 January 2008 - 06:42 AM.

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 February 2008 - 09:11 AM

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.

#3 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 02 February 2008 - 12:09 PM

Thank you for reply and sorry I can't post the Kaspersky Online Scanner log because I can't used IE anymore, it's always give me this error "Internet Explorer cannot display the webpage". I can't sign in with Yahoo or Msn IM n can't check my mail on outlook express too.

Here is the log for the Deckard's System Scanner and Rootchk.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 255.49 MiB / 66.45 MiB
Pagefile Memory (total/avail): 697.82 MiB / 277.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.23 GiB total, 15.35 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 38.09 GiB total, 10.43 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.23 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Pro Firewall v7.0.408.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\yas program\\ICQ6\\ICQ.exe"="C:\\yas program\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\bluesoleil\\BlueSoleil.exe"="C:\\bluesoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\LimeWire\\LimeWire.exe"="C:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="F:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"F:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="F:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\yas program\\itune\\iTunes.exe"="C:\\yas program\\itune\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"F:\\Program Files\\Common Files\\Nokia\\Tss\\Instrument API\\bin\\root.exe"="F:\\Program Files\\Common Files\\Nokia\\Tss\\Instrument API\\bin\\root.exe:*:Disabled:root"
"F:\\Program Files\\Ares\\Ares.exe"="F:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\yas program\\avginet.exe"="C:\\yas program\\avginet.exe:*:Enabled:avginet.exe"
"C:\\yas program\\avgamsvr.exe"="C:\\yas program\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\yas program\\avgcc.exe"="C:\\yas program\\avgcc.exe:*:Enabled:avgcc.exe"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\FrostWire\\FrostWire.exe"="C:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\bluesoleil\\BlueSoleilCS.exe"="C:\\bluesoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Yasvin\Application Data
CLASSPATH=.;F:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=ARV-6B5EBA240
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Yasvin
LOGONSERVER=\\ARV-6B5EBA240
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\Program Files\PC Connectivity Solution\;F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\QuickTime\QTSystem\;C:\Sun\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Yasvin\LOCALS~1\Temp
TMP=F:\DOCUME~1\Yasvin\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ARV-6B5EBA240
USERNAME=Yasvin
USERPROFILE=F:\Documents and Settings\Yasvin
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Yasvin (admin)
Baboo (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> F:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> F:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Ares\uninstall.exe"
Ashampoo WinOptimizer 4.41 --> "C:\Ashampoo WinOptimizer 4\unins000.exe"
Audacity 1.2.6 --> "F:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\yas program\setup.exe /UNINSTALL
Bluesoleil 5.0.5.178 --> MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Build-a-lot --> F:\WINDOWS\iun506.exe C:\Build-a-lot\irunin.ini
Camfrog Video Chat 3.92 (remove only) --> "C:\Camfrog Video Chat\uninstall.exe"
CCleaner (remove only) --> "C:\CCleaner\uninst.exe"
Diego --> MsiExec.exe /X{13CE281C-61CD-4896-AFB8-49060E20CDA9}
Enable S3 for USB Device --> F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
FlashUpdate --> MsiExec.exe /X{441B2BB6-A08C-41BA-BF92-C811E4E45E1E}
FLS-4 Driver Installation --> rundll32 F:\WINDOWS\system32\flsinst.dll,UnInstall
Folder Lock --> C:\Folder Lock\Uninstall.exe
Froggy's Adventures --> "C:\Froggy's Adventures\ReflexiveArcade\unins000.exe"
FrostWire 4.13.4 --> C:\FrostWire\Uninstall.exe
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
honestech VHS to DVD 3.0 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\setup.exe" -l0x9
ICQ6 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -l0x9 -removeonly
Internet Download Manager --> C:\Internet Download Manager\Uninstall.exe
iPod for Windows 2006-06-28 --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java 2 Platform, Enterprise Edition 1.4 SDK --> "C:\Sun\uninstall.exe" -javahome "C:\Sun\jdk"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Codec Pack 3.2.0 Full --> "C:\K-Lite Codec Pack\unins000.exe"
Kate's Video Cutter 2.8.4 --> "C:\Kate's Video Cutter\unins000.exe"
Metacafe --> F:\Program Files\Metacafe\uninstaller.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "F:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> F:\Program Files\mIRC\uninstall.exe _?=F:\Program Files\mIRC
Mobiola Web Camera 1.0.3 --> "C:\Mobiola Web Camera\unins000.exe"
Morph Man v.4 Trial --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D5C5D70E-33DC-4A04-92F9-63964ECC30E1}\Setup.exe"
Mozilla Firefox (2.0.0.11) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Encoder 3 --> C:\MPEG Encoder 3\Uninstall.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Demo --> MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> F:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_us_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater --> MsiExec.exe /X{FE5D756F-71E1-47C4-972A-D6775344B40B}
NSS (remove only) --> F:\Program Files\NSS\uninstall.exe
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.52 --> "F:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry Mechanic 6.0 --> "c:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Ricochet Lost Worlds: Recharged --> "C:\Ricochet Lost Worlds Recharged\unins000.exe"
SAGEM F@st 800-840 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x9
Sallys Salon --> "C:\Sallys Salon\ReflexiveArcade\unins000.exe"
SopCast 2.0.4 --> C:\SopCast\uninst.exe
SpeederXP 1.80 --> "C:\SpeederXP\unins000.exe"
Spy Sweeper --> "C:\Spy Sweeper\unins000.exe"
Unlocker 1.8.5 --> C:\Unlocker\uninst.exe
Viewpoint Media Player --> F:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WavePad Uninstall --> F:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> F:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> F:\WINDOWS\system32\regsvr32 /u F:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> F:\WINDOWS\system32\regsvr32 /u /s F:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> F:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U F:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> F:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> F:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Pro --> F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3068 / Warning
Event Submitted/Written: 01/27/2008 01:23:22 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3062 / Error
Event Submitted/Written: 01/27/2008 08:27:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.12718, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3061 / Error
Event Submitted/Written: 01/27/2008 08:27:12 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.12718, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3055 / Error
Event Submitted/Written: 01/26/2008 09:44:30 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800401FE from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type3054 / Warning
Event Submitted/Written: 01/26/2008 09:44:20 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401FE



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18170 / Error
Event Submitted/Written: 02/02/2008 09:29:30 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type18166 / Error
Event Submitted/Written: 02/02/2008 11:23:40 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register with DCOM within the required timeout.

Event Record #/Type18144 / Error
Event Submitted/Written: 02/02/2008 11:20:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NTPort Library Driver service failed to start due to the following error:
%%2

Event Record #/Type18143 / Error
Event Submitted/Written: 02/02/2008 11:20:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The windrvNT service failed to start due to the following error:
%%2

Event Record #/Type18142 / Error
Event Submitted/Written: 02/02/2008 11:20:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-02-02 21:31:58 ------------


Main

Deckard's System Scanner v20071014.68
Run by Yasvin on 2008-02-02 21:19:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-02-02 17:19:39 UTC - RP329 - Deckard's System Scanner Restore Point
22: 2008-02-02 14:47:38 UTC - RP328 - Installed honestech VHS to DVD 3.0
21: 2008-02-02 07:59:19 UTC - RP327 - System Checkpoint
20: 2008-01-31 14:29:57 UTC - RP326 - Installed Windows Media Player Firefox Plugin
19: 2008-01-30 12:45:52 UTC - RP325 - System Checkpoint


-- First Restore Point --
1: 2008-01-22 07:14:46 UTC - RP307 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Yasvin.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-02 21:21:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\system32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\explorer.exe
C:\Ad-aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
C:\yas program\avgamsvr.exe
C:\yas program\avgupsvc.exe
C:\bluesoleil\BlueSoleilCS.exe
F:\WINDOWS\system32\slserv.exe
F:\WINDOWS\system32\svchost.exe
C:\Spy Sweeper\SpySweeper.exe
C:\bluesoleil\BsHelpCS.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\yas program\avgcc.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe
C:\iPod\bin\iPodService.exe
C:\bluesoleil\BtTray.exe
C:\Spy Sweeper\SpySweeperUI.exe
C:\Internet Download Manager\IDMan.exe
C:\Ares\Ares.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Metacafe\MetacafeAgent.exe
C:\Internet Download Manager\IEMonitor.exe
F:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Spy Sweeper\ssu.exe
F:\Documents and Settings\Yasvin\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.129.105.10:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\yas program\itune\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\yas program\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\YASPRO~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [BtTray] "C:\bluesoleil\BtTray.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [IDMan] "C:\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: DSLMON.lnk = F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{14790709-F969-487C-905B-703385CD1B14}: NameServer = 202.123.2.6 202.123.2.11
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - F:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ad-aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\yas program\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\yas program\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\bluesoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\bluesoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\system32\slserv.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - F:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe


--
End of file - 9436 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070616-095147-742 O4 - HKLM\..\Run: [bpk] F:\WINDOWS\system32\bpk.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 FLE5WNNT (FLE-5 WindowsNT Driver) - f:\windows\system32\drivers\fle5wnnt.sys <Not Verified; Data Encryption Systems Limited; NMP FLS-1>
R2 FLSIFACE - f:\windows\system32\drivers\flsiface.sys <Not Verified; Data Encryption Systems Limited; FLSIface>
R2 FLSPAR - f:\windows\system32\drivers\flspar.sys <Not Verified; Data Encryption Systems Limited; FLSPar>
R2 FLSSER - f:\windows\system32\drivers\flsser.sys <Not Verified; Data Encryption Systems Limited; FLSSer>
R2 FLSVCOM - f:\windows\system32\drivers\flsvcom.sys <Not Verified; Data Encryption Systems Limited; FLSVCom>
R3 adiusbaw (USB ADSL WAN Adapter) - f:\windows\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
R3 BTCAMDRV (Mobiola Web Camera driver) - f:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S1 InCDPass - f:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - f:\windows\system32\drivers\incdrm.sys (file missing)
S2 windrvNT - f:\windows\system32\windrvnt.sys (file missing)
S2 zntport (NTPort Library Driver) - f:\windows\system32\zntport.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - f:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - f:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - f:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 BlueletAudio (Bluetooth Audio Service) - f:\windows\system32\drivers\blueletaudio.sys
S3 PRODIGY - f:\windows\system32\drivers\prodigy.sys <Not Verified; B-phreaks; >
S3 usb2vcom (DKU-5 Connectivity Adapter Cable) - f:\windows\system32\drivers\usb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>
S4 InCDFs (InCD File System) - f:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleilCS - c:\bluesoleil\bluesoleilcs.exe <Not Verified; ; BlueSoleilCS Module>
R3 BsHelpCS - c:\bluesoleil\bshelpcs.exe <Not Verified; ; BsHelpCS Module>
R3 ServiceLayer - "f:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S4 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "f:\program files\windows live\messenger\usnsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\4&1A671D0C&0&28F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\4&1A671D0C&0&28F0
Service: rtl8139

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 7270
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6680
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia 6230
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0003
Manufacturer: Nokia
Name: Nokia E50
PNP Device ID: ROOT\WPD\0003
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N70
Device ID: ROOT\WPD\0004
Manufacturer: Nokia
Name: Nokia N70
PNP Device ID: ROOT\WPD\0004
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-01-24 15:21:09 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-01-28 12:11:49 0 dr-h----- F:\Documents and Settings\Yasvin\Recent
2008-01-26 21:44:08 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Thinstall
2008-01-25 12:04:46 552 --a------ F:\WINDOWS\system32\d3d8caps.dat
2008-01-25 09:56:11 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 18:50:41 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-24 17:55:50 0 d-------- F:\Documents and Settings\Baboo\Application Data\PC Suite
2008-01-22 21:46:15 143360 --a------ F:\WINDOWS\adiras.exe <Not Verified; ; adiras Application>
2008-01-22 21:46:03 127456 --a------ F:\WINDOWS\system32\IPDETECT.EXE <Not Verified; ; IPDETECT>
2008-01-22 21:45:57 114616 --a------ F:\WINDOWS\system32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
2008-01-22 21:45:56 126489 --a------ F:\WINDOWS\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
2008-01-22 21:45:35 126976 --a------ F:\WINDOWS\system32\coclassfast.dll
2008-01-22 21:45:35 24576 --a------ F:\WINDOWS\enddisk32.exe
2008-01-22 21:45:34 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P2.BIN
2008-01-22 21:45:33 135168 --a------ F:\WINDOWS\system32\unaddrv.exe <Not Verified; Analog Devices.; UnADdrv>
2008-01-22 21:45:33 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P2.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I2.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I1.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I0.BIN
2008-01-22 21:45:33 46892 --a------ F:\WINDOWS\system32\ADADIX16.DLL
2008-01-22 21:45:32 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P1.BIN
2008-01-22 21:45:32 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P0.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P1.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P0.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I2.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I1.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I0.BIN
2008-01-22 21:45:29 176128 --a------ F:\WINDOWS\autoclk.exe <Not Verified; ; autoclk Application>
2008-01-22 21:45:17 0 d-------- F:\Program Files\SAGEM
2008-01-20 17:59:17 114688 --a------ F:\WINDOWS\system32\btcamvideosource.dll <Not Verified; Warelex LLC; Mobiola Video Source>
2008-01-20 14:57:07 228352 --a------ F:\WINDOWS\system32\drivers\BTCamDrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-01-13 22:01:28 38229 -----n--- F:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2008-01-06 20:17:27 15587 --a------ F:\WINDOWS\system32\productregistry


-- Find3M Report ---------------------------------------------------------------

2008-02-02 21:29:17 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Metacafe
2008-02-02 18:47:40 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-02-02 11:22:00 0 d-------- F:\Documents and Settings\Yasvin\Application Data\DMCache
2008-01-30 13:53:28 0 d-------- F:\Documents and Settings\Yasvin\Application Data\AVG7
2008-01-25 09:56:11 0 d-------- F:\Program Files\Common Files
2008-01-22 14:12:22 32 --a------ F:\WINDOWS\0
2008-01-20 21:35:27 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Camfrog
2008-01-20 21:34:53 0 d-------- F:\Program Files\Camfrog
2008-01-20 17:30:33 0 d-------- F:\Program Files\Online Services
2008-01-18 09:38:19 4212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2008-01-17 13:17:08 0 d-------- F:\Program Files\Nokia
2008-01-14 16:26:51 0 d-------- F:\Program Files\NCH Swift Sound
2008-01-10 08:35:22 0 d-------- F:\Documents and Settings\Yasvin\Application Data\FrostWire
2007-12-29 15:02:14 32 --a------ F:\WINDOWS\go
2007-12-28 10:23:21 1597 --a------ F:\Documents and Settings\Yasvin\Application Data\pl_accounts.pl_acc
2007-12-28 10:23:21 5188 --a------ F:\Documents and Settings\Yasvin\Application Data\froggy_scorebox
2007-12-28 10:23:20 556 --a------ F:\Documents and Settings\Yasvin\Application Data\Troll.options
2007-12-26 20:42:14 0 d-------- F:\Program Files\Windows Live
2007-12-26 19:55:53 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 14:38:21 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Yahoo!
2007-12-20 22:39:30 0 d-------- F:\Program Files\NCH Software
2007-12-20 22:39:25 0 d-------- F:\Documents and Settings\Yasvin\Application Data\NCH Swift Sound
2007-12-20 22:08:34 0 d-------- F:\Program Files\Audacity
2007-12-17 19:33:24 0 d-------- F:\Program Files\Common Files\Nokia
2007-12-17 11:44:46 0 d-------- F:\Documents and Settings\Yasvin\Application Data\PC Suite
2007-12-14 13:22:58 0 d-------- F:\Program Files\mIRC
2007-12-10 18:59:29 286720 --a------ F:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-12-07 16:57:10 4096 --a------ F:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 11:34 AM F:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"iTunesHelper"="C:\yas program\itune\iTunesHelper.exe" [06/01/2007 04:51 PM]
"Adobe Reader Speed Launcher"="C:\yas program\Adobe\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"AVG7_CC"="C:\YASPRO~1\avgcc.exe" [12/23/2007 08:31 PM]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"PCSuiteTrayApplication"="C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"BtTray"="C:\bluesoleil\BtTray.exe" [01/23/2008 07:01 PM]
"adiras"="adiras.exe" [02/16/2006 07:44 AM F:\WINDOWS\adiras.exe]
"SpySweeper"="C:\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Internet Download Manager\IDMan.exe" [09/11/2007 05:54 PM]
"ares"="C:\Ares\Ares.exe" [05/04/2007 04:32 AM]
"DWQueuedReporting"="F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [04/25/2005 01:45 PM]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\YASPRO~1\avgw.exe /RUNONCE
"Nokia.PCSync"=C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog

F:\Documents and Settings\Yasvin\Start Menu\Programs\Startup\
Metacafe.lnk - F:\Program Files\Metacafe\MetacafeAgent.exe [9/4/2007 7:04:34 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [1/22/2008 9:45:45 PM]
Metacafe.lnk - F:\Program Files\Metacafe\MetacafeAgent.exe [9/4/2007 7:04:34 PM]
Microsoft Office.lnk - C:\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\yas program\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6dff4e9-c1fd-11dc-b31b-4d6564696130}]
AutoRun\command- G:\fooool.exe
explore\Command- G:\fooool.exe
open\Command- G:\fooool.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2008-02-02 21:31:58 ------------



ROOTCHK

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Sat 02/02/2008 21:47:58.25

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 21:47:58
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000381
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE1EBA2A-38BB-78D9-2F67-6206740EFDB8}]
"hacbioenlcfnfoof"=hex:6a,61,61,66,6c,6d,70,66,6c,64,61,6b,6f,6e,6f,66,69,66,63,6b,00,..
"iaeakmnfdmcgnnffel"=hex:6a,61,61,66,6c,6d,70,66,6c,64,61,6b,6f,6e,6f,66,69,66,63,6b,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CE2BDC7B-7FCC-8F23-BE4D-4B21F96F0602}]
"iaoofhpcfhhhjncjgb"=hex:6a,61,6b,61,69,69,6a,6c,65,6e,70,68,64,62,70,6c,6e,6e,67,68,00,..
"haioljcpnahogadc"=hex:6a,61,6b,61,69,69,6a,6c,65,6e,70,68,64,62,70,6c,6e,6e,67,68,00,..

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 February 2008 - 01:09 PM

Hello


  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6dff4e9-c1fd-11dc-b31b-4d6564696130}]


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Reboot and post a new DSS log

#5 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 February 2008 - 09:35 AM

Here is the log of Dr.Web Cureit and DSS, thank

htdvdauthor.dll;C:\;Adware.Cinmus.origin;;
16120796.FIL;C:\$VAULT$.AVG;Trojan.Inject.209;Deleted.;
setup.exe;C:\AIM chat\triton_in_6.1.26.1;Probably BACKDOOR.Trojan;;
mirc.chm\ctcp_events.htm;F:\Program Files\mIRC\backups\mirc.chm;IRC.Generic.32;;
mirc.chm;F:\Program Files\mIRC\backups;Archive contains infected objects;Moved.;
mirc.exe;F:\Program Files\mIRC\backups;Program.mIRC.621;;
A0108218.dll;F:\System Volume Information\_restore{07A954EB-E42D-43CD-9981-85C741BA9B75}\RP322;Adware.BitAcc;;
A0109171.dll;F:\System Volume Information\_restore{07A954EB-E42D-43CD-9981-85C741BA9B75}\RP323;Adware.BitAcc;;

Here is the log od DSS

Deckard's System Scanner v20071014.68
Run by Yasvin on 2008-02-03 19:04:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Yasvin.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 19:04:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\system32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
C:\Ad-aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
C:\bluesoleil\BlueSoleilCS.exe
F:\WINDOWS\system32\slserv.exe
F:\WINDOWS\system32\svchost.exe
C:\Spy Sweeper\SpySweeper.exe
C:\bluesoleil\BsHelpCS.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Internet Download Manager\IDMan.exe
C:\Ares\Ares.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Metacafe\MetacafeAgent.exe
F:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Documents and Settings\Yasvin\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.129.105.10:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\yas program\itune\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\yas program\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\YASPRO~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [BtTray] "C:\bluesoleil\BtTray.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [IDMan] "C:\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\YASPRO~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: DSLMON.lnk = F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - F:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ad-aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\yas program\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\yas program\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\bluesoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\bluesoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\system32\slserv.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - F:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe


--
End of file - 9052 bytes

-- Files created between 2008-01-03 and 2008-02-03 -----------------------------

2008-02-03 14:53:40 0 d-------- F:\Documents and Settings\Yasvin\DoctorWeb
2008-02-02 23:21:13 0 drahs---- F:\autorun.inf
2008-01-28 12:11:49 0 dr-h----- F:\Documents and Settings\Yasvin\Recent
2008-01-26 21:44:08 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Thinstall
2008-01-25 12:04:46 552 --a------ F:\WINDOWS\system32\d3d8caps.dat
2008-01-25 09:56:11 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 18:50:41 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-24 17:55:50 0 d-------- F:\Documents and Settings\Baboo\Application Data\PC Suite
2008-01-22 21:46:15 143360 --a------ F:\WINDOWS\adiras.exe <Not Verified; ; adiras Application>
2008-01-22 21:46:03 127456 --a------ F:\WINDOWS\system32\IPDETECT.EXE <Not Verified; ; IPDETECT>
2008-01-22 21:45:57 114616 --a------ F:\WINDOWS\system32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
2008-01-22 21:45:56 126489 --a------ F:\WINDOWS\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
2008-01-22 21:45:35 126976 --a------ F:\WINDOWS\system32\coclassfast.dll
2008-01-22 21:45:35 24576 --a------ F:\WINDOWS\enddisk32.exe
2008-01-22 21:45:34 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P2.BIN
2008-01-22 21:45:33 135168 --a------ F:\WINDOWS\system32\unaddrv.exe <Not Verified; Analog Devices.; UnADdrv>
2008-01-22 21:45:33 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P2.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I2.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I1.BIN
2008-01-22 21:45:33 152220 --a------ F:\WINDOWS\system32\drivers\L1E4I0.BIN
2008-01-22 21:45:33 46892 --a------ F:\WINDOWS\system32\ADADIX16.DLL
2008-01-22 21:45:32 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P1.BIN
2008-01-22 21:45:32 152132 --a------ F:\WINDOWS\system32\drivers\L1E4P0.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P1.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9P0.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I2.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I1.BIN
2008-01-22 21:45:30 152126 --a------ F:\WINDOWS\system32\drivers\L1E9I0.BIN
2008-01-22 21:45:29 176128 --a------ F:\WINDOWS\autoclk.exe <Not Verified; ; autoclk Application>
2008-01-22 21:45:17 0 d-------- F:\Program Files\SAGEM
2008-01-20 17:59:17 114688 --a------ F:\WINDOWS\system32\btcamvideosource.dll <Not Verified; Warelex LLC; Mobiola Video Source>
2008-01-20 14:57:07 228352 --a------ F:\WINDOWS\system32\drivers\BTCamDrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-01-13 22:01:28 38229 -----n--- F:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2008-01-06 20:17:27 15587 --a------ F:\WINDOWS\system32\productregistry


-- Find3M Report ---------------------------------------------------------------

2008-02-03 18:52:18 0 d-------- F:\Documents and Settings\Yasvin\Application Data\DMCache
2008-02-03 14:06:42 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Metacafe
2008-02-03 10:34:27 0 d-------- F:\Documents and Settings\Yasvin\Application Data\AVG7
2008-02-02 18:47:40 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-01-25 09:56:11 0 d-------- F:\Program Files\Common Files
2008-01-22 14:12:22 32 --a------ F:\WINDOWS\0
2008-01-20 21:35:27 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Camfrog
2008-01-20 21:34:53 0 d-------- F:\Program Files\Camfrog
2008-01-20 17:30:33 0 d-------- F:\Program Files\Online Services
2008-01-18 09:38:19 4212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2008-01-17 13:17:08 0 d-------- F:\Program Files\Nokia
2008-01-14 16:26:51 0 d-------- F:\Program Files\NCH Swift Sound
2008-01-10 08:35:22 0 d-------- F:\Documents and Settings\Yasvin\Application Data\FrostWire
2007-12-29 15:02:14 32 --a------ F:\WINDOWS\go
2007-12-28 10:23:21 1597 --a------ F:\Documents and Settings\Yasvin\Application Data\pl_accounts.pl_acc
2007-12-28 10:23:21 5188 --a------ F:\Documents and Settings\Yasvin\Application Data\froggy_scorebox
2007-12-28 10:23:20 556 --a------ F:\Documents and Settings\Yasvin\Application Data\Troll.options
2007-12-26 20:42:14 0 d-------- F:\Program Files\Windows Live
2007-12-26 19:55:53 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 14:38:21 0 d-------- F:\Documents and Settings\Yasvin\Application Data\Yahoo!
2007-12-20 22:39:30 0 d-------- F:\Program Files\NCH Software
2007-12-20 22:39:25 0 d-------- F:\Documents and Settings\Yasvin\Application Data\NCH Swift Sound
2007-12-20 22:08:34 0 d-------- F:\Program Files\Audacity
2007-12-17 19:33:24 0 d-------- F:\Program Files\Common Files\Nokia
2007-12-17 11:44:46 0 d-------- F:\Documents and Settings\Yasvin\Application Data\PC Suite
2007-12-14 13:22:58 0 d-------- F:\Program Files\mIRC
2007-12-10 18:59:29 286720 --a------ F:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-12-07 16:57:10 4096 --a------ F:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 11:34 AM F:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"iTunesHelper"="C:\yas program\itune\iTunesHelper.exe" [06/01/2007 04:51 PM]
"Adobe Reader Speed Launcher"="C:\yas program\Adobe\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"AVG7_CC"="C:\YASPRO~1\avgcc.exe" [12/23/2007 08:31 PM]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"PCSuiteTrayApplication"="C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"BtTray"="C:\bluesoleil\BtTray.exe" [01/23/2008 07:01 PM]
"adiras"="adiras.exe" [02/16/2006 07:44 AM F:\WINDOWS\adiras.exe]
"SpySweeper"="C:\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Internet Download Manager\IDMan.exe" [09/11/2007 05:54 PM]
"ares"="C:\Ares\Ares.exe" [05/04/2007 04:32 AM]
"DWQueuedReporting"="F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [04/25/2005 01:45 PM]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\YASPRO~1\avgw.exe /RUNONCE
"Nokia.PCSync"=C:\Nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog

F:\Documents and Settings\Yasvin\Start Menu\Programs\Startup\
Metacafe.lnk - F:\Program Files\Metacafe\MetacafeAgent.exe [9/4/2007 7:04:34 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [1/22/2008 9:45:45 PM]
Metacafe.lnk - F:\Program Files\Metacafe\MetacafeAgent.exe [9/4/2007 7:04:34 PM]
Microsoft Office.lnk - C:\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\yas program\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"




-- End of Deckard's System Scanner: finished at 2008-02-03 19:05:52 ------------

#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 11:27 AM

Your logs are clean ! We need to do a few things

You can delete the tools that we used


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#7 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 February 2008 - 01:17 PM

No its the same, I can't used IE and I can't sign in with yahoo or msn

Here is my new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 11:16:52 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
C:\Ad-aware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
C:\YASPRO~1\avgamsvr.exe
C:\YASPRO~1\avgupsvc.exe
C:\bluesoleil\BlueSoleilCS.exe
F:\WINDOWS\system32\slserv.exe
F:\WINDOWS\system32\svchost.exe
C:\Spy Sweeper\SpySweeper.exe
C:\bluesoleil\BsHelpCS.exe
F:\WINDOWS\SOUNDMAN.EXE
C:\YASPRO~1\avgcc.exe
C:\iPod\bin\iPodService.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe
C:\bluesoleil\BtTray.exe
C:\Spy Sweeper\SpySweeperUI.exe
C:\Internet Download Manager\IDMan.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Ares\Ares.exe
C:\Internet Download Manager\IEMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Metacafe\MetacafeAgent.exe
C:\Spy Sweeper\SSU.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\WINDOWS\system32\msiexec.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.129.105.10:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\yas program\itune\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\yas program\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\YASPRO~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [BtTray] "C:\bluesoleil\BtTray.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] "C:\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\yas program\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{14790709-F969-487C-905B-703385CD1B14}: NameServer = 202.123.2.6 202.123.2.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ad-aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\YASPRO~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\YASPRO~1\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\bluesoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\bluesoleil\BsHelpCS.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe

#8 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 01:54 PM

Like I said, it is not malware related so you will need to make a topic somewhere else with this problem. I would try disable ZoneAlarm and see if the problem persists. Good luck

#9 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 February 2008 - 02:00 PM

Thank you, can u tell me where I can post it?

#10 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 02:25 PM

Browsers, Internet and email would be the best place Tell them I sent you over Let me know if you have any more questions

#11 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 February 2008 - 02:37 PM

I have a last question, what is the best antivirus n firewall available( freeware or shareware)

#12 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 04:04 PM

Best anti-virus is Kaspersky but it is not free. AVG/Avast/AntiVir are all free and very good Comodo is the best firewall and is free Let me know if you have more questions

#13 yasvin

yasvin

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 04 February 2008 - 01:52 AM

No I have no question and thank u again

#14 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 04 February 2008 - 07:14 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users