0

Well, as the title says, wscntfy.exe is infected and in my little taskbar in the bottom right, a red shield with an x on it sits there saying i have security problems, etc. I have done all of the scans in the "read before posting" thread and am willing to post them. Also, i said it's infecting several programs and by that i meant that when i open AIM (Instant Messenger) it freezes/or closes out immediately upon logging in. I also use MSN (Windows Live Messenger) frequently, and as my computer starts up, I get about 3 to 4 errors that have to deal with a file called msxml.dll in my system32 folder, MSN constantly says my network connection isn't working but i kept my internet up while doing it, so...

2
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by crunchie
0

I'll have to redo the GMER thing, i guess. System restored the computer and I lost it. Here's the others :

MBAM -

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/25/2010 2:17:32 AM
mbam-log-2010-04-25 (02-17-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 178490
Time elapsed: 1 hour(s), 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HiJackThis -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:52 PM, on 4/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15450&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8315 bytes

DDSLog -
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dawg at 16:18:47.89 on Sun 04/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.621 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100425-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dawg\Desktop\2m1t3mcm.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Dawg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15450&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smcwus~1.lnk - c:\program files\smc\smcwusb-g 802.11g wireless usb 2.0 adapter\SMCWGUTI.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dawg\applic~1\mozilla\firefox\profiles\83z1u2zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-21 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-21 138680]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2010-3-31 194608]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-21 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-21 352920]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2009-1-19 408064]
R3 vkeyfdo;Virtual Keybord Function Driver;c:\windows\system32\drivers\vkeyfdo.sys [2008-11-6 11336]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-24 20824]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-11-24 236368]
S3 DBKDRVR54;DBKDRVR54;\??\c:\documents and settings\dawg\desktop\ps stuff\cheat engine 5.4\cheat engine\dbk32.sys --> c:\documents and settings\dawg\desktop\ps stuff\cheat engine 5.4\cheat engine\dbk32.sys [?]
S3 FKLanse;FKLanse;\??\c:\documents and settings\dawg\desktop\gms_v53_vip\gms_v53_vip\ms.dat --> c:\documents and settings\dawg\desktop\gms_v53_vip\gms_v53_vip\ms.dat [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ROCKSTAR;ROCKSTAR;\??\c:\documents and settings\dawg\desktop\nooblegend\nooblegend\ksysdrv.sys --> c:\documents and settings\dawg\desktop\nooblegend\nooblegend\ksysdrv.sys [?]
S3 SoRa_DRIVER53;SoRa_DRIVER53;\??\c:\documents and settings\dawg\desktop\ffbotv04\ms v70 hax 3.5\engines + cts\sora 4.6\sora_.sys --> c:\documents and settings\dawg\desktop\ffbotv04\ms v70 hax 3.5\engines + cts\sora 4.6\SoRa_.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]

=============== Created Last 30 ================

2010-04-25 17:38:18 0 d-s---w- C:\ComboFix
2010-04-25 15:56:07 1843109000 ----a-w- C:\MSSetupv84N.exe
2010-04-25 05:09:09 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-25 04:58:11 900015 ----a-w- c:\windows\system32\TmpA652234
2010-04-25 04:33:16 0 d-sha-r- C:\cmdcons
2010-04-25 04:31:09 98816 ----a-w- c:\windows\sed.exe
2010-04-25 04:31:09 77312 ----a-w- c:\windows\MBR.exe
2010-04-25 04:31:09 261632 ----a-w- c:\windows\PEV.exe
2010-04-25 04:31:09 161792 ----a-w- c:\windows\SWREG.exe
2010-04-21 01:00:01 0 d-----w- c:\docume~1\dawg\applic~1\Acoustica
2010-04-21 01:00:00 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2010-04-21 00:59:08 0 d-----w- c:\program files\Acoustica Shared Effects
2010-04-21 00:57:48 0 d-----w- c:\program files\Acoustica Mixcraft 5
2010-04-21 00:27:46 0 d-----w- c:\docume~1\dawg\applic~1\VST3 Presets
2010-04-21 00:27:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Steinberg
2010-04-21 00:26:36 2395648 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2010-04-21 00:26:22 0 d-----w- c:\docume~1\dawg\applic~1\Steinberg
2010-04-21 00:26:21 0 d-----w- c:\windows\syswow64
2010-04-21 00:26:20 0 d-----w- c:\program files\common files\Steinberg
2010-04-21 00:16:28 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-21 00:16:28 0 d-----w- c:\program files\VstPlugins
2010-04-21 00:16:02 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-04-21 00:15:31 0 d-----w- c:\program files\Outsim
2010-04-21 00:11:52 0 d-----w- c:\program files\Image-Line
2010-04-20 23:37:28 0 d-----w- c:\program files\Steinberg
2010-04-20 23:37:27 0 d-----w- c:\program files\Antares Audio Technologies
2010-04-20 23:35:25 0 d-----w- c:\docume~1\dawg\applic~1\BitTorrent
2010-04-20 23:35:21 0 d-----w- c:\program files\BitTorrent
2010-04-07 20:03:43 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS
2010-03-28 02:54:09 3489788 ----a-w- c:\windows\system32\GameMon.des

==================== Find3M ====================

2010-04-13 11:51:43 75 ----a-w- c:\documents and settings\dawg\jagex_runescape_preferences2.dat
2010-04-13 11:21:00 41 ----a-w- c:\documents and settings\dawg\jagex_runescape_preferences.dat
2010-04-08 01:27:16 36168 ----a-w- c:\windows\DIIUnin.dat
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 20:01:51 0 ----a-w- c:\documents and settings\dawg\jagex__preferences3.dat
2010-02-28 05:17:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-17 00:39:56 1648005640 ----a-w- C:\MSSetupv82.exe
2009-02-01 20:39:36 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-02-01 20:39:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-03-31 01:52:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008033020080331\index.dat
2009-02-01 20:39:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 16:19:31.35 ===============
AttachLog -
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2008 9:51:41 PM
System Uptime: 4/25/2010 12:47:19 AM (16 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | Microprocessor | 1694/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 42.571 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP423: 1/27/2010 7:07:47 AM - Removed MapleStory.
RP424: 1/28/2010 7:28:52 AM - System Checkpoint
RP425: 1/30/2010 10:11:38 PM - Removed Java(TM) 6 Update 6
RP426: 2/1/2010 8:40:03 AM - System Checkpoint
RP427: 2/3/2010 1:03:56 AM - System Checkpoint
RP428: 2/4/2010 12:52:16 PM - System Checkpoint
RP429: 2/5/2010 3:15:43 PM - System Checkpoint
RP430: 2/8/2010 9:04:02 AM - System Checkpoint
RP431: 2/8/2010 1:22:05 PM - Removed League of Legends
RP432: 2/9/2010 1:46:57 PM - System Checkpoint
RP433: 2/10/2010 2:46:57 PM - System Checkpoint
RP434: 2/16/2010 9:35:50 PM - System Checkpoint
RP435: 2/16/2010 11:07:56 PM - Installed MapleStory.
RP436: 2/18/2010 2:59:55 AM - System Checkpoint
RP437: 2/19/2010 3:23:32 AM - System Checkpoint
RP438: 2/28/2010 12:16:27 AM - Installed Java(TM) 6 Update 18
RP439: 3/1/2010 12:50:56 AM - System Checkpoint
RP440: 3/2/2010 12:55:38 AM - System Checkpoint
RP441: 3/3/2010 1:55:37 AM - System Checkpoint
RP442: 3/8/2010 9:01:36 AM - System Checkpoint
RP443: 3/9/2010 10:45:49 AM - Installed iTunes
RP444: 3/10/2010 1:13:51 PM - System Checkpoint
RP445: 3/11/2010 1:39:16 PM - System Checkpoint
RP446: 3/15/2010 11:44:32 PM - System Checkpoint
RP447: 3/17/2010 12:13:12 AM - System Checkpoint
RP448: 3/18/2010 11:58:50 AM - Installed Microsoft Office Basic Edition 2003
RP449: 3/25/2010 7:54:34 AM - System Checkpoint
RP450: 3/26/2010 5:03:12 PM - System Checkpoint
RP451: 3/28/2010 4:08:52 PM - System Checkpoint
RP452: 3/29/2010 4:34:43 PM - System Checkpoint
RP453: 4/6/2010 8:19:48 AM - System Checkpoint
RP454: 4/7/2010 8:54:00 AM - System Checkpoint
RP455: 4/8/2010 9:33:02 AM - System Checkpoint
RP456: 4/12/2010 1:48:17 PM - System Checkpoint
RP457: 4/13/2010 2:09:28 PM - System Checkpoint
RP458: 4/14/2010 3:09:23 PM - System Checkpoint
RP459: 4/15/2010 3:45:33 PM - System Checkpoint
RP460: 4/19/2010 2:55:54 PM - Removed MapleStory.
RP461: 4/19/2010 2:57:38 PM - Removed Microsoft Silverlight
RP462: 4/19/2010 2:58:44 PM - Removed Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
RP463: 4/20/2010 5:04:25 PM - System Checkpoint
RP464: 4/21/2010 5:15:36 PM - System Checkpoint
RP465: 4/23/2010 9:08:21 AM - System Checkpoint
RP466: 4/25/2010 12:31:50 AM - ComboFix created restore point

==== Installed Programs ======================

ActivePerl 5.10.0 Build 1002
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Shockwave Player
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AuraScope Screen Saver (remove only)
avast! Antivirus
BitTorrent
Bonjour
CCleaner
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Counter-Strike: Source
dBpoweramp Music Converter
Desktop Maestro 2.0
Diablo II
EL maphack1.12b
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
GoldWave v5.23
HashCalc 2.02
Hero Editor V0.96
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotspot Shield 1.41
iTunes
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 18
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 10
Java(TM) SE Development Kit 6 Update 7
League of Legends
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Basic Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySQL Server 5.0
NVIDIA Drivers
Opera 10.10
Pando Media Booster
PhotoFiltre
QuickTime
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Segoe UI
Smart Defrag
SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
Software Update for Web Folders
Steam
SwiftKit
System Requirements Lab
TeamViewer 4
TortoiseSVN 1.5.5.14361 (32 bit)
Ventrilo Client
Ventrilo Server
Window Hide Tool 2.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Presentation Foundation
WinRAR archiver
WinZip 12.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

4/25/2010 12:51:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server VSS Writer service to connect.
4/25/2010 12:51:46 AM, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2010 12:46:10 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ILVMONEYDRIVER53\0000 disappeared from the system without first being prepared for removal.
4/25/2010 12:07:07 AM, error: Dhcp [1002] - The IP address lease 10.48.57.37 for the Network Card with network address 00FFE8D7BE2F has been denied by the DHCP server 10.26.63.254 (The DHCP Server sent a DHCPNACK message).
4/24/2010 10:46:12 PM, error: Dhcp [1002] - The IP address lease 10.50.8.90 for the Network Card with network address 00FFE8D7BE2F has been denied by the DHCP server 10.48.63.254 (The DHCP Server sent a DHCPNACK message).
4/24/2010 10:44:47 PM, error: Dhcp [1002] - The IP address lease 10.25.32.40 for the Network Card with network address 00FFE8D7BE2F has been denied by the DHCP server 10.50.15.254 (The DHCP Server sent a DHCPNACK message).
4/24/2010 10:40:47 PM, error: Dhcp [1002] - The IP address lease 10.40.8.146 for the Network Card with network address 00FFE8D7BE2F has been denied by the DHCP server 10.25.39.254 (The DHCP Server sent a DHCPNACK message).
4/23/2010 9:05:18 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/22/2010 9:22:49 AM, error: Service Control Manager [7023] - The Network Connections service terminated with the following error: Invalid access to memory location.
4/22/2010 9:21:59 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: Invalid access to memory location.
4/22/2010 9:21:59 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
4/22/2010 9:21:59 AM, error: Service Control Manager [7000] - The MySQL service failed to start due to the following error: The system cannot find the path specified.
4/20/2010 9:27:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

Edited by throwingsin: n/a

0

After system restoring it, the wscntfy.exe balloon didn't pop up anymore, but I get many errors when trying to log into MSN and AIM.

MSN - /system32/msxml.dll is not a valid Windows file image. (3 errors total).
AIM - I log in fine, and it immediately closes it. (No error, i'll highlight it on the taskbar and it immediately closes out).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.