plz analyze my HijackThis Log

[HiddenStupid]

unsafe tgps..... pop ups.... ask yes or cancel.... clicked cancel.... infected..... wallpaper replaced by fake anti virus advertisement..... 3 fake anti virus icon apear on desktop.... delete but resurrect itself....

have scanned with:
- TCspy
- spybot
- ad-aware
- antivir
- nod32
- AVG anti virus
- many more dont remember
- each scanner takes whole day! 5,6,7 hours!
- scanned all in safemode

next
- smitrem
- smitfraudfix
smitfraudfix got rid of the 3 fake icon on desktop and fake advertisement wallpaper... all happy.... but few hours comes back... sad.....

next
- atf cleaner
- rogueremover
-

and now
- AVG anti spyware
it caught umm.. if i remmeber correctly... backdoor something and adwaretoolbar something and ummm grrr forgot.... umm cant think anyway it caught 3 malwares.
edit: oh yeah the othe rone is legmir something something.

next
- ccleaner reg cleaner
- ccleaner cleaner

so far so good.... dont know if it really clean.

next use HiJackThis and here sthe log

this is in safemode:

nevemrind... will post again if decide

 

[HiddenStupid]

nevemrind... will post again if decide






ok here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:56 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe..exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher7.cab
O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
O21 - SSODL: alxvdvm - {8D835DAF-9A7F-4B36-89FB-D9D01906381B} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {BAEE5CD0-2E04-43F8-9021-B15F7BAB09A3} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8586 bytes

 

[HiddenStupid]

.....and here is SDfix log


SDFix: Version 1.119

Run by Owner on Wed 12/26/2007 at 09:53 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Owner\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\bvtqfvx.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\domnftwmnf.dll - Deleted
C:\WINDOWS\emlkdvo.dll - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
C:\WINDOWS\rs.txt - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 22:08:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="FB4307C6B06AAEB20C870D38DEA5C0760DF956084B29BE3048F3AADB90075445E01A868848A0CA0D342BA4FBD942BB3D9061D6AB944C12EB3B6BAC271DF0D8193FE86DA22CFADED31BFDE02795A921602CF866C02B1C1300F700DDCCE4CB29373F5960C8DD93BB3065B5CAC0234F382B1F9D92BDCD051F797D58EFD3EF1BD58A3C77D6B3D328C911EA67BFD0844BDB2C608BBE1DAA16A4A57EF9EBC9BC888444C4371D1FF89A01A6B90DEFE63056FAB31A689EDDE683FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D14078EDD5E5BE2F6E66718095FDBB90CE9C1C5A93ED50294881A0856E53F715D9A0BF335367FB6258023CEAC5C6A4F8EF82BBCD5849F5E1C3950C273E28058325B61968A0232F5B0201440F6EB2D8096F1E689209EE3E93A4883BD344EF2B40F50BE3EFA7AE0AE7E6E23DC30D2F6F449048790F1ED20CF05123D75C2C659591B21491D131C39F9E501ACABE58A7E2BD0D245CEFA86B213176730F98C20DEEC02EAC877A1174D4243E1B4476A3EDC725B74F9D32DB35E89100C2DEF47DF0EE9733F2B273CCD9349F70F5FDCD05091EF9974A5C13E71CBDB12B72F8E693F589FA3230019BA57E2A068FB76B0F452FD9D4151E95127738589C3165024AC2F91AFC90F7D4F3801FAAF7D0EE896F00FE9C60C7F0E4B291CFA63CF48508E1350F19121EFFB5E1549FB35249DC8FAA802FD0C38647D114388000F65E114C35C7917906928F7EF76636ABD4C7A4BDA3F5DCA6486DCC6163E03CB0736EAA34B12B67F4BE68B134144B732306B664A481E0441163D359C60220F7A97785FA9C0FEC4903361E391242A611FC17897C3EAF38EB7BEA5B3578CBDE10AE4E72FF65632181311A36CDCFC982FE27F7237D9FB31CA69CF8D8C6FC7A3E35EE2C3BDFECE7E5433FD7E5882C4432592C7D8E3D1C90AB7F28D47EC05582AB4BFDB4D645B037A5601E9C34CB18923FBA7D030AE9637788A5910A772DB926A24586D4C6EC45F02AC71974DDF416C739D0020809F353A392B824588305963C3B7B80A0B9C1DE23518DC1D75A1A723B5AADC92582F615C4EB7B66DC72E894AD62AD376D6A068247590FDE41C9284762DF563D7464BED3E7C7F269DC6661BD88B6800CD84A54E496B40F7AE2526974361071DF3E057D70F4C86623E6A48DFB70B93FA7C69461A1080864D0E7747447B2099783D3E283A170B07638B1EB6CF23C301E1C4E0913DC76574676600D11624779DC4E17E08D9304B6C81984F890668E73BB9BBC88D49D48C511276AC97B8D63DB538DFBFB59947DFD7FB47ED0B41EA6D7FE84D843178B0AD187CCBF25D7CC0093AED8BA6E106E1649CF55271FAE3A30FBFBA3579E7A565C3F4BE47C85B5723B6"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\n0\x152[\x17d\26NLuMQ9\x8dHr\v0]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,02,00,00,00,7a,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0A5D735-D056-B06A-4A00-0C1BBE81A98C}]
"iaifhacomgppaakemb"=hex:6a,61,6c,66,62,6d,6e,6e,6f,63,68,62,61,69,6c,66,6d,69,6d,6e,00,..
"haghfofolieimcbd"=hex:6b,61,64,67,6b,65,64,70,6c,69,67,63,66,64,69,65,6a,61,64,65,6f,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D18AE723-B919-4785-490F-E2034FA24ADD}]
"eagninegpl"=hex:66,61,69,6e,66,6f,69,6c,6b,6b,64,6d,00,fc
"dabofnpf"=hex:64,62,63,61,70,64,6c,68,6d,69,6c,6b,61,65,6f,6c,68,63,6b,70,63,..
"iaopjflmkjieflcknn"=hex:6a,61,6c,61,70,66,67,61,6c,64,6b,68,64,69,68,6f,70,64,6c,63,00,..
"haaapofampddgohl"=hex:6a,61,6c,61,70,66,67,61,6c,64,6b,68,64,69,68,6f,70,64,6c,63,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133279849\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabledaltalk Messenger 8.1"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabledownload Accelerator Plus (DAP)"
"C:\\Program Files\\Phoenix Games Studio\\Fung Wan Online\\FWOnline.exe"="C:\\Program Files\\Phoenix Games Studio\\Fung Wan Online\\FWOnline.exe:*:Enabled:FWOnline"
"C:\\Program Files\\VitalSign_IGO\\updater.exe"="C:\\Program Files\\VitalSign_IGO\\updater.exe:*:Enabled:delay"
"C:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"="C:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe:*:Enabled:dndclient"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Serious Sam 2 Demo\\Bin\\Sam2.exe"="C:\\Program Files\\Serious Sam 2 Demo\\Bin\\Sam2.exe:*isabled:Sam2"
"C:\\Program Files\\Codemasters\\RF Online\\RF.exe"="C:\\Program Files\\Codemasters\\RF Online\\RF.exe:*:Enabled:RFLauncher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Cabal_ENG\\update\\ESTdnheadless.exe"="C:\\Program Files\\Cabal_ENG\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\ZipTorrent\\ZipTorrent.exe"="C:\\Program Files\\ZipTorrent\\ZipTorrent.exe:*:Enabled:ZipTorrent Application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Chrome MP Demo 2004\\ChromeNet.exe"="C:\\Program Files\\Chrome MP Demo 2004\\ChromeNet.exe:*:Enabled:Chrome"
"C:\\Alien Arena 2007\\crx.exe"="C:\\Alien Arena 2007\\crx.exe:*:Enabled:crx"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe:*:Enabled:Warhammerr: Mark of ChaosT Single Player Demo"
"C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe"="C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe:*:Enabled:Lockdown"
"C:\\Program Files\\infinity_eng\\xclient.exe"="C:\\Program Files\\infinity_eng\\xclient.exe:*:Enabled:xclient"
"C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe"="C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe:*:Enabled:F.E.A.R. MP Demo Dedicated Server"
"C:\\Program Files\\Sierra\\FEAR MP Demo\\Config.exe"="C:\\Program Files\\Sierra\\FEAR MP Demo\\Config.exe:*:Enabled:F.E.A.R. MP Demo Configuration Utility"
"C:\\Program Files\\Monte Cristo\\Silverfall Demo\\Silverfall.exe"="C:\\Program Files\\Monte Cristo\\Silverfall Demo\\Silverfall.exe:*:Enabled:Silverfall"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient"
"C:\\Program Files\\Ubisoft\\Demo\\Techland\\Call of Juarez MP Demo\\CoJMPdemo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Techland\\Call of Juarez MP Demo\\CoJMPdemo.exe:*:Enabled:ChromeEngine3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\Owner\\My Documents\\My Completed Downloads\\wowclient-downloader.exe"="C:\\Documents and Settings\\Owner\\My Documents\\My Completed Downloads\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe"="C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe:*:Enabled:Templar"
"C:\\Program Files\\Fury\\Binaries\\LauncherApp.exe"="C:\\Program Files\\Fury\\Binaries\\LauncherApp.exe:*:Enabled:LauncherApp"
"C:\\Program Files\\Metin2_UK\\metin2.bin"="C:\\Program Files\\Metin2_UK\\metin2.bin:*:Enabled:metin2"
"C:\\Program Files\\Silent Grove Studios\\Dawnspire\\Dawnspire.exe"="C:\\Program Files\\Silent Grove Studios\\Dawnspire\\Dawnspire.exe:*:Enabledawnspire"
"C:\\Program Files\\NGD Studios\\Regnum Online\\LiveServer\\ROClientGame.exe"="C:\\Program Files\\NGD Studios\\Regnum Online\\LiveServer\\ROClientGame.exe:*:Enabled:RegnumOnline"
"C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\MageKnight.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\MageKnight.exe:*:Enabled:MageKnight"
"C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\update.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\update.exe:*:Enabled:Auto Update "
"C:\\Program Files\\WEBZEN\\Soul of the Ultimate Nation\\VMModule._ex"="C:\\Program Files\\WEBZEN\\Soul of the Ultimate Nation\\VMModule._ex:*isabled:AA" A«¬§A’A"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\X2S06NW5\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\X2S06NW5\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\ZXDFA2AP\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\ZXDFA2AP\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nslA5.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nslA5.tmp\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:EnabledlayOnline Viewer"
"C:\\Program Files\\Guild Wars\\Gw.exe"="C:\\Program Files\\Guild Wars\\Gw.exe:*:Enabled:Guild Wars"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Program Files\\Immortals Online\\Immortals.exe"="C:\\Program Files\\Immortals Online\\Immortals.exe:*:Enabled:Immortals"
"C:\\UT2004Demo\\System\\UT2004.exe"="C:\\UT2004Demo\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin"="C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin:*:Enabled:LevelR"
"C:\\Program Files\\Talisman\\game.exe"="C:\\Program Files\\Talisman\\game.exe:*:Enabled:Talisman online"
"C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:EnabledriftCity"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nse1B.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nse1B.tmp\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe"="C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe:*:Enabled:Mythos"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

--- 4,263 ..SH. --- "C:\WINDOWS\windllreg1c.sys"
Fri 23 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT14.tmp"
Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3.tmp"
Wed 26 Dec 2007 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4.tmp"
Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT9.tmp"
Wed 26 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BITC.tmp"
Wed 26 Dec 2007 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BITD.tmp"
Wed 21 Nov 2007 1,776 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

 

[erocker]

Dude, wtf is this shit? You need to stop watching so much pr0n. If you actually did all the things to remedy this that you said you did, you shouldn't have any problems. You might as well just nuke all your HDD's and start over. And stop watching so much damn pr0n!!:shadedshu

Dude, please remove your damn spyware links. Why are you trying to hurt our computers too?!

 

[Kursah]

Gotta agree with erocker there Hidden, this is pretty rediculous. Proper precaution can save you from hassles like this, and going to places that thrive on spreading the junk you have only make matters worse.

Plus those 3 posts are rediculous...no way I'm going to read through all of them word for word!

I hope you can get your rig back in shape w/o nuking and starting over though.

 

[ktr]

Back up you data, and re-install windows. You brought this upon yourself by installing programs like kazaa, Morpheus, limewire, etc...which are known apps to contain massive amounts of malware. What i would do is backup you data, re-install windows, install VirtualPC (free) and install another windows on that...and use that for you dling.

 

[wiak]

go into msconfig > Startup and REMOVE everything in there
and then in services and click on "hide all Microsoft services" and remove all tose non-m$
and then apply and OK, then reboot
then it should be fixed
as you wont have any crap load on startup
and you should try NOD32 and remove some more crap
http://www.eset.com/

 

[HiddenStupid]

What i would do is backup you data, re-install windows, install VirtualPC (free) and install another windows on that...and use that for you dling.

hey that might be a great idea.... I heard of virtual pc before. it is great idea if I decided to give up and reformat.

go into msconfig > Startup and REMOVE everything in there
and then in services and click on "hide all Microsoft services" and remove all tose non-m$
and then apply and OK, then reboot
then it should be fixed
as you wont have any crap load on startup
and you should try NOD32 and remove some more crap
http://www.eset.com/

I never knew you could remove all non ms stuff at startup. that is a great idea.... might be doing it later.













here is the latest hijackthis log after ran SDfix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:51 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe..exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher7.cab
O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8158 bytes

 

[wiak]

you are just jelius for NOT having a 3870 witch is 50% cheaper than 2900 XT and has UVD hehe

hey that might be a great idea.... I heard of virtual pc before. it is great idea if I decided to give up and reformat.





I never knew you could remove all non ms stuff at startup. that is a great idea.... might be doing it later.













here is the latest hijackthis log after ran SDfix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:51 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe..exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher7.cab
O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8158 bytes

 

[erocker]

I think you should change your name to ObviousStupid. Blessed are the meek. I think though, you really need to simplify your system.

 

[Steevo]

Either you have edited your running process list, or you have a rootkit, plus alot of other issues.


Your are missing some key windows components in your running list, and stop starting it in safe mode, unless that is all you can start it in.




Get me a screen shot of lspfix. http://www.cexx.org/lspfix.htm DO NOT DELETE ANYTHING!!!!!

 

[Steevo]

YOu can do this the easy way, and still have some crap, or the hard way and have to re-install a bit of software.

So here is the hard way, to make sure that no files have become infected/corrupt. Some programs might not work correctly untill you reinstall them.



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} (CR64Loader Object) - http://www.retro64.com/downloads/r64loader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/down...auncherNew.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/a...OLauncher7.cab
O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\PureSoft\Hide Folder 3.0\HF30Service.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe





Check all these. and click fix, Before you do so however download on a UNINFECTED PC and burn to a CD-ROM or some other non changeable media the following.


http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
http://free.grisoft.com/doc/avg-anti-spyware-free/lng/us/tpl/v5



Use both free editions, as they will work fine for our purposes.

I will also need the screen shot of what LSPfix comes up with.

http://www.filehippo.com/download_ccleaner/

Get the most recent edition.

http://www.download.com/3000-2085-10062969.html


This is useful if you keep getting infected by a boot time resident DLL, you can add a wrong entry to your hosts file to prevent the connection from becoming active. A screenshot of this.




Once you have all of that downloaded, and installed, then unplug from the net, and fix the checked, then start running the anit-spyware, then the rootkit checker. After that run crap cleaner, let it delete all your temp files, get that screenshot of LSPfix, do not reconnect to the internet.

Also you might consider getting Comodo Firewall, it is really good, but can be annoying. However it has saved me a few times from things that anti-virus, anti-spyware, and a rootkit detector has ignored.