Jump to content

Change Mode

dragnmastr85

Anti-Spyware Brigade
  • Posts

    1,427
  • Joined

  • Last visited

Posts posted by dragnmastr85

  1. Logfile of HijackThis v1.99.1

    Scan saved at 11:47:15 PM, on 9/20/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    D:\Winamp\winampa.exe

    C:\WINDOWS\system32\ctfmon.exe

    D:\Winamp\winamp.exe

    D:\Mozilla Thunderbird\thunderbird.exe

    D:\Trillian\trillian.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    D:\Softwin\BitDefender10\bdagent.exe

    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    D:\Microsoft Office\OFFICE11\WINWORD.EXE

    D:\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Adam\Desktop\HijackThis\HijackThis.exe

     

    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [ultraMon] "D:\UltraMon\UltraMon.exe" /auto

    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

    O4 - HKLM\..\Run: [bDMCon] "D:\Softwin\BitDefender10\bdmcon.exe" /reg

    O4 - HKLM\..\Run: [bDAgent] "D:\Softwin\BitDefender10\bdagent.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Startup: Mozilla Thunderbird.lnk = D:\Mozilla Thunderbird\thunderbird.exe

    O4 - Startup: Trillian.lnk = D:\Trillian\trillian.exe

    O4 - Global Startup: UltraMon.lnk = ?

    O4 - Global Startup: Winamp.lnk = D:\Winamp\winamp.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe

    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Softwin\BitDefender10\vsserv.exe" /service (file missing)

    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

  2. My internet stopped responding completely after a while due to this garbage. I know this because it worked in safe mode but not regular. I decided to system restore back a week or so. I have noticed none of the symptoms so far. Any suggestions as to what to do now?

  3. I use firefox and winantivirus.com keeps intruding on it. Also bitdefender keeps reporting infacted files in system32and temp internet files. I scan both of them and remove everything infected but it keeps coming back. The virus it finds is trojan.pakes or something like that.

     

    ************RAPPORT:

     

    SmitFraudFix v2.95

     

    Scan done at 14:45:27.64, Wed 09/20/2006

    Run from C:\Documents and Settings\Adam\Desktop\SmitfraudFix\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    Fix ran in normal mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

     

    C:\WINDOWS\system32\ot.ico FOUND !

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adam\Application Data

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

     

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Adam\FAVORI~1

     

    C:\DOCUME~1\Adam\FAVORI~1\Antivirus Test Online.url FOUND !

     

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» D:

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

    "Source"="About:Home"

    "SubscribedURL"="About:Home"

    "FriendlyName"="My Current Home Page"

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

    !!!Attention, following keys are not inevitably infected!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"="sockspy.dll"

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

     

     

     

     

     

    **********SILENT RUNNERS:

     

    "Silent Runners.vbs", revision 48, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

     

     

    Startup items buried in registry:

    ---------------------------------

     

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    "{18AAC2C1-0BB6-1033-0224-041023030001}" = ""C:\Program Files\Common Files\{18AAC2C1-0BB6-1033-0224-041023030001}\Update.exe" mc-110-12-0000272" [file not found]

     

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]

    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

    "UltraMon" = ""D:\UltraMon\UltraMon.exe" /auto" ["Realtime Soft"]

    "WinampAgent" = "D:\Winamp\winampa.exe" [null data]

    "BDMCon" = ""D:\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]

    "BDAgent" = ""D:\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]

    "DiskeeperSystray" = ""D:\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {278B661A-14A8-D8B0-6AF4-03088B866149}\(Default) = (no title provided)

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\unaoakg.dll" [null data]

    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "D:\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

    {6817A68A-A084-4A6C-9A43-32911B4E1F88}\(Default) = (no title provided)

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\vtstt.dll" [null data]

    {a43385f0-7113-496d-96d7-b9b550e3fcca}\(Default) = (no title provided)

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\ixt0.dll" [file not found]

    {B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\(Default) = (no title provided)

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\xyopofqh.dll" [null data]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

    -> {HKLM...CLSID} = "Display Panning CPL Extension"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

    -> {HKLM...CLSID} = "AlcoholShellEx"

    \InProcServer32\(Default) = "D:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "D:\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Outlook File Icon Extension"

    \InProcServer32\(Default) = "D:\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "D:\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {HKLM...CLSID} = "Portable Media Devices Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

    -> {HKLM...CLSID} = "ShellLink for Application References"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

     

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

    INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data]

     

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    INFECTION WARNING! vtstt\DLLName = "C:\WINDOWS\system32\vtstt.dll" [null data]

    INFECTION WARNING! winbjt32\DLLName = "winbjt32.dll" [null data]

     

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

     

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

    WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"

    -> {HKLM...CLSID} = "RtClkCtxMenu Class"

    \InProcServer32\(Default) = "D:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

     

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

     

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

    WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"

    -> {HKLM...CLSID} = "RtClkCtxMenu Class"

    \InProcServer32\(Default) = "D:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

     

     

    Default executables:

    --------------------

     

    HKCU\Software\Classes\piffile\

     

     

    Active Desktop and Wallpaper:

    -----------------------------

     

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

     

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\Documents and Settings\All Users\Documents\Shared Wallpapers\dsd.bmp"

     

     

    Enabled Screen Saver:

    ---------------------

     

    HKCU\Control Panel\Desktop\

    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

     

     

    Startup items in "Adam" & "All Users" startup folders:

    ------------------------------------------------------

     

    C:\Documents and Settings\Adam\Start Menu\Programs\Startup

    "Mozilla Thunderbird" -> shortcut to: "D:\Mozilla Thunderbird\thunderbird.exe" ["Mozilla Corporation"]

    "Trillian" -> shortcut to: "D:\Trillian\trillian.exe" ["Cerulean Studios"]

     

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    "UltraMon" -> shortcut to: "C:\WINDOWS\Installer\{9CDA9CA7-C5F0-4308-B160-6A477D900D6D}\IcoUltraMon.ico" [null data]

    "Winamp" -> shortcut to: "D:\Winamp\winamp.exe" ["Nullsoft"]

     

     

    Winsock2 Service Provider DLLs:

    -------------------------------

     

    Namespace Service Providers

     

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

     

    Transport Service Providers

     

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

     

     

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

     

    Explorer Bars

     

    Dormant Explorer Bars in "View, Explorer Bar" menu

     

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32\(Default) = "D:\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

     

    Extensions (Tools menu items, main toolbar menu buttons)

     

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Research"

     

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    "ButtonText" = "Messenger"

    "MenuText" = "Windows Messenger"

    "Exec" = "D:\Messenger\msmsgs.exe" [MS]

     

     

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

     

    BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]

    BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]

    BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]

    BitDefender Virus Shield, VSSERV, ""D:\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]

    Diskeeper, Diskeeper, ""D:\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]

    InCD Helper, InCDsrv, "D:\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]

    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

    StarWind iSCSI Service, StarWindService, "D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

     

     

    Print Monitors:

    ---------------

     

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."]

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

     

     

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + The search for DESKTOP.INI DLL launch points on all local fixed drives

    took 90 seconds.

    + The search for all Registry CLSIDs containing dormant Explorer Bars

    took 21 seconds.

    ---------- (total run time: 152 seconds)

  4. Ive been having a lot of issues with my comp and bitdefender has found so many trojans and crap I dont know how I managed to get it this screwed up but can anyone take a look at my hjt log and tell me if they see anything? Thanks in advance!

     

    Logfile of HijackThis v1.99.1

    Scan saved at 8:18:05 AM, on 9/20/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    D:\Diskeeper Corporation\Diskeeper\DkService.exe

    D:\Nero\Nero 7\InCD\InCDsrv.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    D:\Softwin\BitDefender10\vsserv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    D:\Winamp\winampa.exe

    D:\Softwin\BitDefender10\bdmcon.exe

    D:\Softwin\BitDefender10\bdagent.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    D:\Winamp\winamp.exe

    D:\Mozilla Thunderbird\thunderbird.exe

    D:\Trillian\trillian.exe

    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    C:\WINDOWS\system32\mmc.exe

    C:\WINDOWS\TEMP\winFA.tmp.exe

    D:\Softwin\BitDefender10\bdlite.exe

    D:\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe

    D:\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe

    D:\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe

    C:\Documents and Settings\Adam\Desktop\HijackThis\HijackThis.exe

     

    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [ultraMon] "D:\UltraMon\UltraMon.exe" /auto

    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

    O4 - HKLM\..\Run: [bDMCon] "D:\Softwin\BitDefender10\bdmcon.exe" /reg

    O4 - HKLM\..\Run: [bDAgent] "D:\Softwin\BitDefender10\bdagent.exe"

    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Diskeeper Corporation\Diskeeper\DkIcon.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - Startup: Mozilla Thunderbird.lnk = D:\Mozilla Thunderbird\thunderbird.exe

    O4 - Startup: Trillian.lnk = D:\Trillian\trillian.exe

    O4 - Global Startup: UltraMon.lnk = ?

    O4 - Global Startup: Winamp.lnk = D:\Winamp\winamp.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe

    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab

    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper Corporation\Diskeeper\DkService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe

    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

    O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Softwin\BitDefender10\vsserv.exe" /service (file missing)

    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

  5. it seems to me like your just trying to rip people off. your like those car repair shops that eff up one thing while fixing another just to get you back. I teach my clients what the programs do always. And if they are truly novice they will come back to you everytime just because you were honest with them.

     

    I always tell my clients I hope its the last time I have to see them because I want thier comp to work. dont cheat people. all they need to do is find a site like this or go to a comp help site and they will realize what youve been doing. computer maintenence should not cost an arm and a leg. repair and virus removal should cost a bit more.

     

    if you have a client that doesnt want to run their own stuff give them a discount to come every month. I go to a medical center every week and charge 20 each week to do routine maintenence. If it werent a business I charge 10 or so because I know that this is steady income.

     

    BE AFFORDABLE AND HONEST!

  6. When I build comps for people I usually give programs to them for free. I put them all in a folder called weekly checkup on the desktop. I give them freeware stuff. I wouldnt recommend openly giving away programs that only allow you to use one license. Use freeware stuff and burn the installation setups on a cd to carry with you. I use avg, registry doesnt need defrag, xp optimizes memory on its own, if your talking about high speed internet weaks I use cablenut, registry once again doesnt really bog the system down, diskeeper lite for defrag, ad aware and spybot. I honestly think its a bit over priced. I would install those programs for someone and tell them to run them one at a time once a week. The most I would charge for such a service would be 50.

  7. I have a canon pixma ip 1600. I just had it replaced by canon. The replacement locks up when printing multiple documents after the first job is done. It prints the first page of the 2nd job about 25% of the page. then it freezes and errors. then I have to reboot my router (printer is attached to built in printer server on router) and restart the printer. Thanks in advance.

×
×
  • Create New...