Member Panel

evanwood

here are the two reports and my problems are at the bottom. thanks for the help.

Deckard's System Scanner v20071014.68
Run by Tony on 2008-06-19 17:13:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-20 00:06:50 UTC - RP125 - Deckard's System Scanner Restore Point
1: 2008-06-20 00:02:15 UTC - RP124 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tony.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:35 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PKR\pkrpal.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tony\Desktop\dss.exe
C:\DOCUME~1\Tony\Desktop\Tony.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O1 - Hosts: 91.185.193.200 l2authd.lineage2.com
O1 - Hosts: 91.185.193.200 l2patcher.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {f970371c-1a32-1f0a-7074-640beb784a87} - {78a487be-b046-4707-a0f1-23a1c173079f} - C:\WINDOWS\system32\iikbyggr.dll
O2 - BHO: (no name) - {84A46358-4001-4E42-A966-A3CAC5F91716} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E0A2AD94-EB66-4229-BD74-EA2BDAC09235} - C:\WINDOWS\system32\kHawWmNd.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM27de3d06] Rundll32.exe "C:\WINDOWS\system32\fambcsag.dll",s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - WinSpywareProtect (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - WinSpywareProtect (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nNeefEtT - nNeefEtT.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8036 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R2 HPW5ECP - c:\windows\system32\drivers\hpw5ecp.sys <Not Verified; Hewlett-Packard Company; HP Printing System for Windows>
S3 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB camera
Device ID: USB\VID_0C45&PID_60FB&MI_00\6&2E75DFD7&0&0000
Manufacturer:
Name: USB camera
PNP Device ID: USB\VID_0C45&PID_60FB&MI_00\6&2E75DFD7&0&0000
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\3&61A AA01&0&58
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\3&61A AA01&0&58
Service:

-- Scheduled Tasks -------------------------------------------------------------
2008-06-10 20:43:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-05-19 and 2008-06-19 -----------------------------
2008-06-19 16:15:10 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-19 16:15:10 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-19 16:15:10 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-19 16:15:10 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-19 16:15:10 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-19 16:15:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-19 10:16:53 0 d-------- C:\Program Files\Alwil Software
2008-06-16 03:00:36 1986560 --a------ C:\Documents and Settings\Evan\ntuser.dat
2008-06-16 03:00:35 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-14 15:53:57 130560 --a------ C:\WINDOWS\system32\iikbyggr.dll
2008-06-14 15:50:57 119296 --a------ C:\WINDOWS\system32\luenbygp.dll
2008-06-14 15:47:57 133632 --a------ C:\WINDOWS\system32\fambcsag.dll
2008-06-13 15:45:17 129536 --a------ C:\WINDOWS\system32\sggrlbrd.dll
2008-06-13 11:31:44 115200 -----n--- C:\WINDOWS\system32\jktujedp.dll
2008-06-13 11:29:35 133632 --a------ C:\WINDOWS\system32\cjnxeidi.dll
2008-06-13 11:27:29 129536 --a------ C:\WINDOWS\system32\antqtakt.dll
2008-06-12 11:25:14 125952 --a------ C:\WINDOWS\system32\dgvagspr.dll
2008-06-12 06:08:24 125952 --a------ C:\WINDOWS\system32\innxxkwx.dll
2008-06-11 06:09:28 114688 --a------ C:\WINDOWS\system32\lpoyexho.dll
2008-06-11 06:06:28 100352 --a------ C:\WINDOWS\system32\kjjkowin.dll
2008-06-10 19:43:19 0 d-------- C:\WINDOWS\system32\514852
2008-06-10 18:04:17 678941 --ahs---- C:\WINDOWS\system32\dNmWwaHk.ini2
2008-06-10 15:58:37 0 d-------- C:\Documents and Settings\Tony\Application Data\Yahoo!
2008-06-10 15:57:51 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-10 15:53:12 0 d-------- C:\Documents and Settings\Tony\Application Data\Talkback
2008-06-10 15:52:54 0 d-------- C:\Documents and Settings\Tony\Application Data\Mozilla
2008-06-10 15:50:02 0 d-------- C:\Documents and Settings\Tony\Application Data\MSNInstaller
2008-06-10 15:49:16 0 d-------- C:\Documents and Settings\Tony\Application Data\Macromedia
2008-06-10 15:48:36 0 d-------- C:\Documents and Settings\Tony\Application Data\Adobe
2008-06-10 15:47:08 0 d-------- C:\Documents and Settings\Tony\Application Data\acccore
2008-06-10 15:42:22 0 d-------- C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-06-06 22:18:40 0 d-------- C:\Documents and Settings\Evan\Contacts
2008-06-06 22:10:55 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 22:10:29 0 d-------- C:\Program Files\Windows Live
2008-06-06 22:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-03 15:05:21 0 d-------- C:\Documents and Settings\Evan\Application Data\Yahoo!
2008-06-03 15:05:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-03 15:01:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-03 15:01:47 0 d-------- C:\Documents and Settings\Evan\Application Data\acccore
2008-06-03 15:00:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-03 15:00:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-03 15:00:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-03 14:59:53 0 d-------- C:\Program Files\Yahoo!
2008-06-03 14:59:41 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 14:59:17 0 d-------- C:\Program Files\AIM6
2008-06-01 13:21:02 0 d-------- C:\Program Files\Slam Soccer 2006
2008-05-24 08:10:28 0 d-------- C:\Documents and Settings\Evan\Application Data\Move Networks
2008-05-22 15:58:10 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 14:53:31 0 d-------- C:\Documents and Settings\Evan\Application Data\Apple Computer
2008-05-19 14:53:09 0 d-------- C:\Program Files\iPod
2008-05-19 14:53:03 0 d-------- C:\Program Files\iTunes
2008-05-19 14:52:53 0 d-------- C:\Program Files\Bonjour
2008-05-19 14:52:18 0 d-------- C:\Program Files\QuickTime
2008-05-19 14:52:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 14:51:48 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-19 14:51:30 0 d-------- C:\Program Files\Common Files\Apple
2008-05-19 14:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple

-- Find3M Report ---------------------------------------------------------------
2008-06-19 16:32:36 0 d-------- C:\Program Files\PKR
2008-06-19 16:27:37 0 d-------- C:\Program Files\Spyware Doctor
2008-06-06 22:15:05 0 d-------- C:\Program Files\DivX
2008-06-06 22:10:55 0 d-------- C:\Program Files\Common Files
2008-06-05 09:29:21 1595 --a------ C:\WINDOWS\mozver.dat
2008-05-26 08:24:45 0 d-------- C:\Program Files\Google
2008-05-25 11:25:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 16:26:06 0 d-------- C:\Program Files\Pacsteam
2008-05-11 09:07:32 0 d-------- C:\Program Files\Lineage II
2008-05-06 22:18:48 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-03 11:37:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 06:55:01 0 d-------- C:\Program Files\Skype
2008-05-03 06:54:58 0 d-------- C:\Program Files\Common Files\Skype
2008-04-27 11:03:13 0 d-------- C:\Program Files\ReflexiveArcade
2008-03-24 19:45:57 1 --a------ C:\WINDOWS\~sisRslt
2008-03-24 19:37:46 0 -rahs---- C:\MSDOS.SYS
2008-03-24 19:37:46 0 -rahs---- C:\IO.SYS
2008-03-24 19:37:46 0 --a------ C:\CONFIG.SYS
2008-03-24 19:37:46 0 --a------ C:\AUTOEXEC.BAT
2008-03-24 19:35:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-24 11:26:44 62 --ahs---- C:\Documents and Settings\Tony\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78a487be-b046-4707-a0f1-23a1c173079f}]
06/14/2008 03:53 PM 130560 --a------ C:\WINDOWS\system32\iikbyggr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84A46358-4001-4E42-A966-A3CAC5F91716}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0A2AD94-EB66-4229-BD74-EA2BDAC09235}]
C:\WINDOWS\system32\kHawWmNd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 03:15 AM]
"SiSPower"="SiSPower.dll" [01/04/2005 01:54 AM C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [12/22/2004 02:09 AM C:\WINDOWS\SOUNDMAN.EXE]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [12/22/2004 06:32 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [10/25/2007 10:26 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [06/19/2008 04:32 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"BM27de3d06"="C:\WINDOWS\system32\fambcsag.dll " [06/14/2008 03:47 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 05:56 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [3/24/2008 7:45:58 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nNeefEtT]
nNeefEtT.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\kHawWmNd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Web Registration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Web Registration.lnk
backup=C:\WINDOWS\pss\Web Registration.lnkCommon Startup

-- Hosts -----------------------------------------------------------------------
91.185.193.200 l2authd.lineage2.com
91.185.193.200 l2patcher.lineage2.com
216.107.250.194 nProtect.lineage2.com

-- End of Deckard's System Scanner: finished at 2008-06-19 17:16:21 ------------

-- User Profiles ---------------------------------------------------------------
Evan (admin)
Tony (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ESET NOD32 Antivirus --> MsiExec.exe /I{944BFDEB-868F-4943-A37C-2852C7D9824A}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spu nins t.exe"
HP DeskJet 1120C Printer --> C:\HPW5\HPW5TI1.exe -DSOURCEPATH=;C:\HPW5\;string -P HP DeskJet 1120C Printer -I C:\HPW5\DJ1120C\HPW5TI1_u.ini -U -DLOG=;C:\HPW5\HPW5TI1_u.log
Internet Service --> "C:\Program Files\NetProject\waun.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst \spu ninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\sp unin st.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
SiSRaidPackage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Web Application --> "C:\Program Files\NetProject\scu.exe"
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\sp unin st.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

my main problem is not being to a chack my email on gmail or msn. My computer has also been very slow.

ih8bills

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You

Pancake

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

Pancake

Are you able to download it or wont it run after ?

evanwood

once i click the link he new page does not load. it is just a blank page.

Pancake

Try this..

http://subs.geekstogo.com/ComboFix.exe

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud