Jump to content

MiG1289

Members
  • Content Count

    213
  • Joined

  • Last visited

About MiG1289

  • Rank
    Member
  • Birthday 12/24/1989

Contact Methods

  • AIM
    iviike 2k8
  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Philly

Previous Fields

  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=PD74PWVSRSQSS1AQ
  • Teams:
    Nothing Selected
  1. they are set, just checked em. i just realized that it comes up as a security warning as well, but i do not have any windows security features enabled that i know of. edit: this started after i fixed something else on my computer but i did not think much of it. http://forums.pcpitstop.com/index.php?show...54757&st=10
  2. yes i have tried saving it. it saves i open it and its still a blank window. the thing is i dont want any option to download or open/save a webpage. i dont know whats wrong! I have also reset the folder options to defaults and its still doing it.
  3. i know it sounds dumb but i have tried unchecking it. But if i uncheck and click open the browser window will still pop up. This also happens with aim, as well as the game. The browser will open up with information that is supposed to be in the im box, or that is supposed to be in the game. It shouldnt minimize the game/im to show info. sorry if this sounds confusing. mike
  4. hello, I have not tested my pc in a while and i tried to today but it would not work. I tried switching to internet explorer but it keeps asking if i want to download the page or just open it up. It doesnt matter which button i click it doesnt do anything. also i decided to pick up a game that i have not played in a couple years and when ever it loads it does pretty much the same thing it goes minimizes the game and opens up the browser and a window with information about the game. this has been getting worse lately and rather annoying so i figured you guys could help, thank you.
  5. no issues are remaining that i know of. thanks for your help.
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:48:12 PM, on 3/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE D:\DU Meter\DUMeter.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\firefox\beta\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Michael\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 2945 bytes When i try and change my screen resolution or anything in the properties i get this message. I do not use internet explorer, im using firefox 3
  7. Malwarebytes' Anti-Malware 1.09 Database version: 534 Scan type: Quick Scan Objects scanned: 29913 Time elapsed: 2 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8388f272-9eda-4f4e-88fd-4711cba4ba2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bltm (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. The computer seems to be working a lot better. But i still cannot run the panda anti-virus. The window will popup but it is blank. I still cna not press the agree button on the other antivirus either. I uninstalled and install the new java and ran the .reg that you gave me.
  9. I can't get the Kaspersky Online Scanner to work. Here is the HijackThis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:55:11 PM, on 3/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\DU Meter\DUMeter.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe D:\firefox\beta\firefox.exe C:\Documents and Settings\Michael\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMeter.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 2708 bytes
  10. ComboFix 08-03-14.4 - Michael 2008-03-16 21:10:54.2 - NTFSx86 Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\qtstv.bak1 C:\WINDOWS\system32\qtstv.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\catchme.log C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\WINDOWS\system32\qtstv.bak1 C:\WINDOWS\system32\qtstv.ini2 . ((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))) . 2008-03-16 00:33 . 2005-03-02 13:09 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-03-16 00:32 . 2008-03-16 00:32 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-15 02:19 . 2008-03-15 02:19 <DIR> d-------- C:\Program Files\PrevxCSI 2008-03-15 02:19 . 2008-03-15 02:21 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-03-15 02:18 . 2008-03-15 02:18 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\PrevxCSI 2008-03-15 01:57 . 2008-03-15 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-03-15 01:57 . 2006-11-08 00:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-03-15 01:57 . 2008-03-15 01:57 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-03-14 18:52 . 2008-03-14 18:52 97 --a------ C:\WINDOWS\wininit.ini 2008-03-14 18:09 . 2008-03-14 18:12 49 --a------ C:\amp.bat 2008-02-26 15:47 . 2008-02-26 15:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-26 15:47 . 2008-02-26 15:47 2,541 --a------ C:\WINDOWS\unins000.dat 2008-02-26 15:22 . 2008-02-26 15:22 <DIR> d-------- C:\Documents and Settings\Michael\Deskto 2008-02-20 18:20 . 2008-02-20 18:20 <DIR> d-------- C:\Temp\AGE 2008-02-19 20:10 . 2008-02-19 20:13 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Intuit 2008-02-19 20:09 . 2008-02-19 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit 2008-02-19 20:08 . 2008-02-19 20:08 <DIR> d-------- C:\Program Files\Common Files\Intuit 2008-02-19 20:08 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll 2008-02-19 19:08 . 2003-07-19 10:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-02-19 19:08 . 2005-01-03 01:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-15 07:16 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus 2008-03-15 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 05:44 --------- d-----w C:\Documents and Settings\Michael\Application Data\LimeWire 2008-03-15 05:40 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7 2008-03-14 23:21 --------- d-----w C:\Documents and Settings\Michael\Application Data\Registry Booster 2008-02-20 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-20 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-01 14:06 53,880 ----a-w C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT 2006-05-06 06:21 138 ----a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( [email protected]_ 1.02.13.35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-16 05:55:02 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-17 00:48:34 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-16 05:55:02 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-17 00:48:34 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="D:\DU Meter\DUMeter.exe" [2005-02-01 21:28 1469952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="D:\AVGANT~1\avgw.exe" [2007-07-12 21:42 145920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path= backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path= backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk] path= backup=C:\WINDOWS\pss\Wireless Connection Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Adobe Gamma.lnk] path= backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Gangsters2Setup.lnk] path= backup=C:\WINDOWS\pss\Gangsters2Setup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^PrevxCSI.lnk] path=C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PrevxCSI.lnk backup=C:\WINDOWS\pss\PrevxCSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 22:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 17:35 67112 D:\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2007-07-12 21:42 411648 D:\AVGANT~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 09:57 133016 D:\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] --ah----- 2005-11-22 20:38 221184 D:\dkeeper\DkIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --ah----- 2005-02-01 21:28 1469952 D:\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 12:36 256576 D:\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-08-12 00:43 7630848 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-08-12 00:43 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-17 21:24 184320 D:\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 21:58 282624 C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-03-01 18:22 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-01-28 11:43 2097488 D:\Spybot\Spybot - Search & Destroy\updated version\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 15:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 23:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "Diskeeper"=3 (0x3) "Avg7UpdSvc"=3 (0x3) "Avg7Alrt"=3 (0x3) "Autodesk Licensing Service"=3 (0x3) "Adobe LM Service"=3 (0x3) "WudfSvc"=2 (0x2) "wuauserv"=2 (0x2) "SiSWLSvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "clr_optimization_v2.0.50727_32"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\AIM\\aim.exe"= "D:\\LimeWire\\LimeWire.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{016926EC-A7C2-EB46-0200-040003000402}] C:\WINDOWS\system32\RunDLL32.exe . Contents of the 'Scheduled Tasks' folder "2007-01-09 06:13:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 21:12:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-16 21:12:34 ComboFix-quarantined-files.txt 2008-03-17 02:12:26 ComboFix2.txt 2008-03-16 06:02:26
  11. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:05:47 AM, on 3/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe D:\DU Meter\DUMeter.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe D:\firefox\firefox.exe C:\Documents and Settings\Michael\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMeter.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 2718 bytes
  12. ComboFix 08-03-14.4 - Michael 2008-03-16 0:58:21.1 - NTFSx86 Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\{F4488~1 C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\WINDOWS\boot.ini C:\WINDOWS\keyboard1.dat C:\WINDOWS\mirarsetup_876075.exe C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\wnsapisv.exe C:\WINDOWS\system32\ystem3~1 C:\WINDOWS\system32ghynf.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NM -------\LEGACY_NPF -------\nm ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))) . 2008-03-16 00:33 . 2005-03-02 13:09 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-03-16 00:32 . 2008-03-16 00:32 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-16 00:29 . 2008-03-16 00:38 <DIR> d-------- C:\SDFix 2008-03-15 02:19 . 2008-03-15 02:19 <DIR> d-------- C:\Program Files\PrevxCSI 2008-03-15 02:19 . 2008-03-15 02:21 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-03-15 02:18 . 2008-03-15 02:18 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\PrevxCSI 2008-03-15 01:57 . 2008-03-15 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-03-15 01:57 . 2006-11-08 00:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-03-15 01:57 . 2008-03-15 01:57 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-03-14 18:52 . 2008-03-14 18:52 97 --a------ C:\WINDOWS\wininit.ini 2008-03-14 18:09 . 2008-03-14 18:12 49 --a------ C:\amp.bat 2008-02-26 15:47 . 2008-02-26 15:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-26 15:47 . 2008-02-26 15:47 2,541 --a------ C:\WINDOWS\unins000.dat 2008-02-26 15:22 . 2008-02-26 15:22 <DIR> d-------- C:\Documents and Settings\Michael\Deskto 2008-02-20 18:20 . 2008-02-20 18:20 <DIR> d-------- C:\Temp\AGE 2008-02-19 20:10 . 2008-02-19 20:13 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Intuit 2008-02-19 20:09 . 2008-02-19 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit 2008-02-19 20:08 . 2008-02-19 20:08 <DIR> d-------- C:\Program Files\Common Files\Intuit 2008-02-19 20:08 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll 2008-02-19 19:08 . 2003-07-19 10:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-02-19 19:08 . 2005-01-03 01:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-15 07:16 --------- d-----w C:\Documents and Settings\Michael\Application Data\Azureus 2008-03-15 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 05:44 --------- d-----w C:\Documents and Settings\Michael\Application Data\LimeWire 2008-03-15 05:40 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7 2008-03-14 23:21 --------- d-----w C:\Documents and Settings\Michael\Application Data\Registry Booster 2008-02-20 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-20 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-01 14:06 53,880 ----a-w C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT 2006-05-06 06:21 138 ----a-w C:\Program Files\INSTALL.LOG 2006-08-01 08:22 720,763 --sh--w C:\WINDOWS\system32\qtstv.bak1 2006-08-01 12:17 720,941 --sh--w C:\WINDOWS\system32\qtstv.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="D:\DU Meter\DUMeter.exe" [2005-02-01 21:28 1469952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="D:\AVGANT~1\avgw.exe" [2007-07-12 21:42 145920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path= backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path= backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk] path= backup=C:\WINDOWS\pss\Wireless Connection Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Adobe Gamma.lnk] path= backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Gangsters2Setup.lnk] path= backup=C:\WINDOWS\pss\Gangsters2Setup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^PrevxCSI.lnk] path=C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PrevxCSI.lnk backup=C:\WINDOWS\pss\PrevxCSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 22:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 17:35 67112 D:\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2007-07-12 21:42 411648 D:\AVGANT~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c82cbab5.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 09:57 133016 D:\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] --ah----- 2005-11-22 20:38 221184 D:\dkeeper\DkIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --ah----- 2005-02-01 21:28 1469952 D:\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeeo] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 12:36 256576 D:\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ntjv] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-08-12 00:43 7630848 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-08-12 00:43 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06apelt] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-17 21:24 184320 D:\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qimq] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 21:58 282624 C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-03-01 18:22 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-01-28 11:43 2097488 D:\Spybot\Spybot - Search & Destroy\updated version\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 15:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wGzyM6F48] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win320822-1965723] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 23:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "Diskeeper"=3 (0x3) "Avg7UpdSvc"=3 (0x3) "Avg7Alrt"=3 (0x3) "Autodesk Licensing Service"=3 (0x3) "Adobe LM Service"=3 (0x3) "WudfSvc"=2 (0x2) "wuauserv"=2 (0x2) "SiSWLSvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "clr_optimization_v2.0.50727_32"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\AIM\\aim.exe"= "D:\\LimeWire\\LimeWire.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{016926EC-A7C2-EB46-0200-040003000402}] C:\WINDOWS\system32\RunDLL32.exe . Contents of the 'Scheduled Tasks' folder "2007-01-09 06:13:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 01:00:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-16 1:02:25 - machine was rebooted [Michael] ComboFix-quarantined-files.txt 2008-03-16 06:02:22
  13. SDFix: Version 1.157 Run by Michael on Sun 03/16/2008 at 12:34 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name: DP1112 Path: \??\C:\WINDOWS\system32\Drivers\DP.sys DP1112 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\altvxvm.dll - Deleted C:\WINDOWS\bokpkov.dll - Deleted C:\WINDOWS\fmsxwqs.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 00:37:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:7c,1d,59,90,34,18,ff,16,70,da,58,46,cf,d6,a8,ba,37,ee,dd,34,cd,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,e3,11,9e,ee,f8,74,1f,ff,0f,cf,5d,3b,15,15,63,ea,45,.. "khjeh"=hex:f9,77,f8,cb,a3,c6,22,c4,60,3d,26,eb,7e,6f,01,b6,8e,39,dd,93,7d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:29,8a,a0,c5,d3,71,c1,43,d7,fc,d7,5c,e3,f7,0b,55,49,eb,5f,69,bb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,93,24,68,bc,f4,d2,0b,17,3f,e8,a1,b5,94,ee,ca,08,3d,.. "ljej40"=hex:9c,c4,5b,29,90,b5,b7,c1,1e,36,dd,7c,af,b6,3c,ce,6d,60,12,31,50,.. "ljej41"=hex:01,b3,11,2f,e8,6c,e5,c7,1f,0c,87,7a,ae,2c,5f,c8,6d,9a,79,37,e4,.. "ljej42"=hex:01,7a,84,24,e8,66,50,cc,1f,df,33,71,ae,48,cb,c3,6d,72,12,3f,e4,.. "ljej43"=hex:01,92,57,3c,e8,55,a4,d4,1f,5c,c7,69,ae,42,1e,db,6d,1c,38,24,e4,.. "ljej44"=hex:01,2c,8c,32,e8,a8,68,da,1f,64,3a,67,ae,3e,d1,d5,6d,db,e6,2a,e4,.. "ljej45"=hex:01,1c,02,0b,e8,77,d7,e3,1f,9a,bb,5e,ae,20,52,ec,6d,1f,67,13,e4,.. "ljej46"=hex:01,0c,c1,01,e8,da,16,e9,1f,21,74,54,ae,09,92,e6,6d,06,a7,19,e4,.. "ljej47"=hex:01,01,fa,07,e8,84,1f,ef,1f,a8,72,52,ae,bc,89,e0,6d,15,a9,1f,e4,.. "ljej48"=hex:01,72,2f,1d,e8,58,cd,f5,1f,12,5d,48,ae,ec,bb,fa,6d,f0,9f,05,e4,.. "ljej49"=hex:01,43,43,13,e8,38,a9,fb,1f,a5,f8,46,ae,2f,16,f4,6d,fe,22,0b,e4,.. "ljej410"=hex:01,a9,ca,16,e8,f2,20,fe,1f,16,41,43,ae,4c,9e,f1,6d,b3,ba,0e,e4,.. "ljej411"=hex:01,c3,b8,6d,e8,02,5f,85,1f,5e,32,38,ae,af,c8,8a,6d,a9,eb,75,e4,.. "ljej412"=hex:01,b6,4b,63,e8,48,a2,8b,1f,be,c7,36,ae,a5,1d,84,6d,fe,34,7b,e4,.. "ljej413"=hex:01,b4,47,66,e8,6d,96,8e,1f,76,fb,33,ae,1e,10,81,6d,6f,20,7e,e4,.. "ljej414"=hex:01,a3,52,7d,e8,1a,b9,95,1f,c0,cf,28,ae,88,25,9a,6d,e5,0c,65,e4,.. "ljej415"=hex:01,bf,82,71,e8,11,69,99,1f,fb,3f,24,ae,41,d4,96,6d,40,fc,69,e4,.. "ljej416"=hex:01,54,d5,74,e8,28,24,9c,1f,9c,44,21,ae,01,a1,93,6d,a4,b0,6c,e4,.. "ljej417"=hex:01,98,71,4b,e8,fa,98,a3,1f,77,e8,1e,ae,82,05,ac,6d,46,2c,53,e4,.. "ljej418"=hex:01,a1,f5,4f,e8,8b,04,a7,1f,2e,64,1a,ae,47,80,a8,6d,aa,d3,57,e4,.. "ljej419"=hex:01,c8,47,42,e8,7b,97,aa,1f,a6,f9,17,ae,e4,16,a5,6d,73,3d,5a,e4,.. "ljej420"=hex:01,54,2f,46,e8,89,ce,ae,1f,d1,a1,13,ae,25,be,a1,6d,5e,95,5e,e4,.. "ljej421"=hex:01,dc,e2,5a,e8,1a,0a,b2,1f,73,1e,0f,ae,6a,fa,bd,6d,12,d9,42,e4,.. "ljej422"=hex:01,6f,b1,5e,e8,98,58,b6,1f,86,2f,0b,ae,84,c4,b9,6d,d5,ee,46,e4,.. "ljej423"=hex:01,86,51,55,e8,04,b9,bd,1f,17,cf,00,ae,26,2b,b2,6d,9f,09,4d,e4,.. "ljej424"=hex:01,72,43,a9,e8,a1,aa,41,1f,47,fd,fc,ae,79,19,4e,6d,4c,38,b1,e4,.. "ljej425"=hex:01,19,4d,ad,e8,9c,ac,45,1f,43,c3,f8,ae,77,1f,4a,6d,6d,3a,b5,e4,.. "ljej426"=hex:01,ab,5e,a1,e8,1e,be,49,1f,d0,d1,f4,ae,94,2e,46,6d,3d,04,b9,e4,.. "ljej427"=hex:01,e6,be,a2,e8,fb,5e,4a,1f,4c,31,f7,ae,13,cd,45,6d,b1,e7,ba,e4,.. "ljej428"=hex:01,5c,ed,a6,e8,00,0d,4e,1f,e4,62,f3,ae,58,fe,41,6d,6b,d5,be,e4,.. "ljej429"=hex:01,ad,21,ba,e8,c2,c9,52,1f,b3,5e,ef,ae,25,ba,5d,6d,c1,98,a2,e4,.. "ljej430"=hex:01,e1,6a,be,e8,90,82,56,1f,13,e5,eb,ae,90,01,59,6d,46,53,a6,e4,.. "ljej431"=hex:01,8b,80,b3,e8,f7,68,5b,1f,03,3f,e6,ae,9e,db,54,6d,7a,f9,ab,e4,.. "ljej432"=hex:01,c4,5b,29,e8,b5,b7,c1,1f,36,dc,7c,ae,b6,3c,ce,6d,60,12,31,e4,.. "ljej433"=hex:01,c4,5b,29,e8,b5,b7,c1,1f,36,dc,7c,ae,b6,3c,ce,6d,60,12,31,e4,.. "ljej434"=hex:01,c4,58,29,e8,b5,97,e2,ac,36,dc,7c,ae,b6,3c,ce,6d,60,12,31,e4,.. "ljej435"=hex:01,c4,5b,29,e8,b5,b7,c1,1f,36,dc,7c,ae,b6,3c,ce,6d,60,12,31,e4,.. "ljej436"=hex:01,c4,5b,29,e8,b5,b7,c1,1f,36,dc,7c,ae,b6,3c,ce,6d,60,12,31,e4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41] "ujdew"=hex:20,02,00,00,fc,c4,9e,11,62,d0,7a,34,2d,dd,2f,af,8c,5d,68,e3,7f,.. "ljej40"=hex:8e,12,9a,f7,c1,e2,d6,a9,71,76,b6,39,06,59,a1,c1,76,68,bb,b2,d4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:7c,1d,59,90,34,18,ff,16,70,da,58,46,cf,d6,a8,ba,37,ee,dd,34,cd,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,e3,11,9e,ee,f8,74,1f,ff,0f,cf,5d,3b,15,15,63,ea,45,.. "khjeh"=hex:f9,77,f8,cb,a3,c6,22,c4,60,3d,26,eb,7e,6f,01,b6,8e,39,dd,93,7d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:29,8a,a0,c5,d3,71,c1,43,d7,fc,d7,5c,e3,f7,0b,55,49,eb,5f,69,bb,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger" "D:\\BitComet\\BitComet.exe"="D:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\\AIM\\aim.exe"="D:\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "E:\\ProjectTorque\\ProjectTorque.bin"="E:\\ProjectTorque\\ProjectTorque.bin:*:Enabled:Project Torque" "D:\\turbo tax 2007\\TurboTax Deluxe 2007\\32bit\\ttax.exe"="D:\\turbo tax 2007\\TurboTax Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax" "D:\\turbo tax 2007\\TurboTax Deluxe 2007\\32bit\\updatemgr.exe"="D:\\turbo tax 2007\\TurboTax Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\AIM\\aim.exe"="D:\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 17 Jun 2006 211 ..SH. --- "C:\BOOT.BAK" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Tue 20 Jun 2006 731,418 A.SH. --- "C:\WINDOWS\system32\qtstv.tmp" Tue 1 Aug 2006 720,763 ..SH. --- "C:\WINDOWS\system32\qtstv.bak1" Fri 26 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 26 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv1.bak" Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Tue 15 Nov 2005 12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Fri 5 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 26 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\Cache\Indiv02.tmp" Sat 8 Dec 2007 888 ...HR --- "C:\Documents and Settings\Michael\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 1 Dec 2007 444 ...HR --- "C:\Documents and Settings\Patrick\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished!
  14. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:09:13 PM, on 3/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE D:\DU Meter\DUMeter.exe D:\Spybot\Spybot - Search & Destroy\updated version\TeaTimer.exe C:\Program Files\PrevxCSI\prevxcsi.exe D:\firefox\firefox.exe C:\Documents and Settings\Michael\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe,hibxmrn.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GNX Rolex - {1E88C4FE-1FD6-427A-ADE5-86F647BEA2F0} - C:\WINDOWS\drnpfdxkfw.dll O2 - BHO: (no name) - {66A7526B-975E-495D-BD13-78679FEA6F7C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Media Player - {8388F272-9EDA-4F4E-88FD-4711CBA4BA2B} - C:\WINDOWS\wmpdxm.dll O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\updated version\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [{F4488B5E-0BBE-1033-1228-040219040001}] O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-823518204-1078081533-725345543-1004\..\Run: [spybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\updated version\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-21-823518204-1078081533-725345543-1004\..\Policies\Explorer\Run: [{F4488B5E-0BBE-1033-1228-040219040001}] (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\AVGANT~1\avgw.exe /RUNONCE (User 'Default user') O4 - S-1-5-21-823518204-1078081533-725345543-1004 Startup: PrevxCSI.lnk = ? (User '?') O4 - Startup: PrevxCSI.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: vtstq - C:\WINDOWS\ O21 - SSODL: bokpkov - {62AAC4EA-60FB-4DD3-B77B-2D9FF0531A93} - C:\WINDOWS\bokpkov.dll O21 - SSODL: altvxvm - {4A7FA553-3368-4CA0-8F15-2A2705BDE75E} - C:\WINDOWS\altvxvm.dll O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4646 bytes something isn't right here and i need your help, thanks.
  15. here are the logs for the regular boot. ewido scan. --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:14:55 PM, 7/27/2005 + Report-Checksum: 5BDF0D3B + Scan result: :mozilla.6:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\xviwqm85.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.11:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\xviwqm85.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup ::Report End *************HIJACKTHIS SCAN!************* Logfile of HijackThis v1.99.1 Scan saved at 9:15:08 PM, on 7/27/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\DU Meter\DUMeter.exe C:\PROGRA~1\mcafee.com\agent\McAgent.exe D:\Aquarius Soft\PC Shutdown\assdtray.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe D:\Aquarius Soft\PC Shutdown\svchost.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\System32\dllhost.exe D:\dklite\DkService.exe D:\security suite\ewidoctrl.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dmadmin.exe D:\AIM\aim.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\mike\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23447605-7BAE-3100-4687-08C6C84EEE82} - (no file) O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - Global Startup: Aquarius Soft PC Shutdown Tray Icon.lnk = D:\Aquarius Soft\PC Shutdown\assdtray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\java\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\java\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EE20D5A5-87E6-43DE-9C69-76AC0BC71DF4}: NameServer = 216.254.95.2,4.2.2.3 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Aquarius Soft PC Shutdown NT Service - Aquarius Soft - D:\Aquarius Soft\PC Shutdown\svchost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dklite\DkService.exe O23 - Service: ewido security suite control - ewido networks - D:\security suite\ewidoctrl.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
×
×
  • Create New...