Jump to content

zizou

Members
  • Content Count

    93
  • Joined

  • Last visited

Everything posted by zizou

  1. And manually opening ComboFix and regedit, i managed to get a log: ComboFix 06.08.24 - Running from: C:\Documents and Settings\krp (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2008-24-06 to 2008/25/2006 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2011/17/2004 07:05 PM 2297664 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/10/2004 06:32 AM 21968 --a------ C:\WINDOWS\system32\drivers\PStrip.sys 2010/05/2004 04:38 PM 33280 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2010/05/2004 04:38 PM 12928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2010/05/2004 04:37 PM 98048 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2010/05/2004 04:37 PM 209024 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2009/02/2004 03:24 PM 82816 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys 2009/01/2005 11:03 AM 5888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2009/01/2005 11:03 AM 127488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerStrip"="d:\\program files\\powerstrip\\pstrip.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IE-Bar.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\IE-Bar.lnk" "backup"="C:\\WINDOWS\\pss\\IE-Bar.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\IE-Bar\\iebar.exe " "item"="IE-Bar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="D:\\PROGRA~1\\MICROS~1\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^krp^Start Menu^Programs^Startup^Diskeeper 10 Professional Edition Registration.lnk] "path"="C:\\Documents and Settings\\krp\\Start Menu\\Programs\\Startup\\Diskeeper 10 Professional Edition Registration.lnk" "backup"="C:\\WINDOWS\\pss\\Diskeeper 10 Professional Edition Registration.lnkStartup" "location"="Startup" "command"="D:\\PROGRA~1\\DISKEE~1\\DISKEE~2\\ESIREG~1.EXE /remind /language=ENU /PRNM=\"Diskeeper 10 Professional Edition\"" "item"="Diskeeper 10 Professional Edition Registration" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^krp^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk] "path"="C:\\Documents and Settings\\krp\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk" "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE " "item"="OpenOffice.org 2.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^krp^Start Menu^Programs^Startup^³¬¼¶²¥°Ô.lnk] "path"="C:\\Documents and Settings\\krp\\Start Menu\\Programs\\Startup\\³¬¼¶²¥°Ô.lnk" "backup"="C:\\WINDOWS\\pss\\³¬¼¶²¥°Ô.lnkStartup" "location"="Startup" "command"="D:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMiniStarter.exe " "item"="³¬¼¶²¥°Ô" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ewido" "hkey"="HKLM" "command"="\"D:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\2e85ba53.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="2e85ba53" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\2e85ba53.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BootSkin Startup Jobs] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BootSkin" "hkey"="HKLM" "command"="\"D:\\PROGRA~1\\BOOTSKIN\\BootSkin.exe\" /StartupJobs" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DiskeeperSystray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DkIcon" "hkey"="HKLM" "command"="\"D:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMJPMIG" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Load] "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows" "item"="f4cid0f" "hkey"="HKCU" "command"="C:\\WINDOWS\\f4cid0f.exe" "inimapping"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogonStudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="logonstudio" "hkey"="HKLM" "command"="\"D:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnsyslog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnpolym" "hkey"="HKLM" "command"="C:\\WINDOWS\\msnpolym.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pbmini] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PodcastBarMiniStater" "hkey"="HKCU" "command"="D:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMiniStater.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCPitstop Optimize Registration Reminder] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reminder" "hkey"="HKLM" "command"="D:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="D:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rapget] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="rapget" "hkey"="HKLM" "command"="D:\\Program Files\\Download toolz\\Rapget\\rapget.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"D:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StyleXP" "hkey"="HKCU" "command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Torjan Program] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WINLOGON" "hkey"="HKLM" "command"="C:\\WINDOWS\\WINLOGON.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Toso] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="taskmgr" "hkey"="HKCU" "command"="\"C:\\WINDOWS\\System32\\ECURIT~1\\taskmgr.exe\" -vt yazb" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WMC_AutoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" Completion time: Fri 08/25/2006 23:44:32.64 ComboFix.txt
  2. And here's the HJT log: Logfile of HijackThis v1.99.1 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe D:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Program Files\Opera\Opera.exe D:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080 F2 - REG:system.ini: Shell=Explorer.exe 1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06 \bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10 \EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06 \bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152324366890 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBB5088-E13A-4229-BA55-73E392119993}: NameServer = 165.21.83.88,165.21.100.88 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti- spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  3. Anyway, here's the Ewido report: C:\Program Files\Internet Explorer\sys4.exe -> Downloader.Adload.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP35\A0008007.exe -> Downloader.Small.dgc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP35\A0008008.exe -> Downloader.Small.dgc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008077.exe -> Downloader.Small.dgc : Cleaned with backup (quarantined). C:\WINDOWS\system32\intranet.exe -> Downloader.Small.dgc : Cleaned with backup (quarantined). C:\!KillBox\internst.exe -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008037.exe -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008071.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008082.exe -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008089.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008103.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008129.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008137.DLL -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008152.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008161.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008168.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008204.DLL -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP37\A0008255.exe -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\WINDOWS\system32\myrx.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). C:\Program Files\Internet Explorer\dll4.exe -> Logger.Agent.om : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008041.exe -> Logger.Agent.om : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008081.exe -> Logger.Agent.om : Cleaned with backup (quarantined). D:\Program Files\Hacking\GM51.exe -> Not-A-Virus.EmailFlooder.Win32.GhostMail.51 : Ignored and added to exceptions D:\Program Files\Hacking\Msn freezer\IceCold ReLoaded.exe -> Not-A-Virus.HackTool.Win32.Homac : Ignored and added to exceptions :mozilla.26:C:\Documents and Settings\krp\Application Data\Mozilla\Firefox\Profiles\4yxrjoqi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.10:C:\Documents and Settings\krp\Application Data\Mozilla\Firefox\Profiles\4yxrjoqi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.11:C:\Documents and Settings\krp\Application Data\Mozilla\Firefox\Profiles\4yxrjoqi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.12:C:\Documents and Settings\krp\Application Data\Mozilla\Firefox\Profiles\4yxrjoqi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). C:\!KillBox\WINLOGON.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\!KillBox\Winlogon.exe( 1) -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\Program Files\Common Files\iexplore.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\Program Files\Internet Explorer\dll1.exe -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\Program Files\Internet Explorer\iexplore.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008014.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008040.exe -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008080.exe -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008157.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008191.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008193.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP37\A0008256.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\1.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\Debug\DebugProgram.exe -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\ExERoute.exe -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\WINLOGON.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\explorer.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\finder.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\MSCONFIG.COM -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\command.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\dxdiag.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\finder.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\regedit.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). C:\WINDOWS\system32\rundll32.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP35\A0007759.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP35\A0007814.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP35\A0007823.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008039.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008073.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008091.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008105.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008131.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008140.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008154.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008163.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008170.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP37\A0008245.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP37\A0008260.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). D:\pagefile.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). [832] C:\WINDOWS\WINLOGON.EXE -> Trojan.Lineage.agz : Error during cleaning. ::Report end
  4. I have good news and bad news. The good is that WINLOGON.EXE seems to have disappeared from the running processes list. The bad news is that now i have problems starting programs. When i try to open .exe programs, it will ask me to choose the program i want to open with, like in the picture below, instead of starting up the program right away. It even affects msconfig and regedit, etc.
  5. Wow, thx alot for the reply.. I will try it as soon as possible
  6. ok here's the link to my thread in that forum http://forums.pcpitstop.com/index.php?showtopic=124058
  7. here is my HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 8:42:35 PM, on 8/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe D:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\WINLOGON.EXE C:\WINDOWS\System32\wdfmgr.exe D:\program files\powerstrip\pstrip.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\tvants\Tvants.exe D:\Program Files\Opera\Opera.exe D:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080 F2 - REG:system.ini: Shell=Explorer.exe 1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\internst.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152324366890 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBB5088-E13A-4229-BA55-73E392119993}: NameServer = 165.21.83.88,165.21.100.88 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  8. I don't know exactly how but i am infected with this virus or trojan thing that is eating up lots of my memory. My computer now recognises my total memory available as half of what is really available. It is a WINLOGON.EXE process that keeps appearing in my task manager and msconfig. Impossible to end the process in task manager as it has somehow disguised itself as a critical system process like the real winlogon.exe. When i uncheck it in msconfig and reboot, it just keeps coming back both in my process list and msconfig. I have tried ad-aware, spybot, panda and trendmicro online scans, but none have done the trick. I even tried to use Killbox to end the process, but when i did that the computer immediately goes to a BSOD and reboots. Oh and yes, even though the process is supposedly from a WINLOGON.exe file residing in my C:\Windows directory (as i saw from msconfig), i was unable to locate any such file in the directory. Lots of help needed!
  9. I don't know exactly how but i am infected with this virus or trojan thing that is eating up lots of my memory. My computer now recognises my total memory available as half of what is really available. It is a WINLOGON.EXE process that keeps appearing in my task manager and msconfig. Impossible to end the process in task manager as it has somehow disguised itself as a critical system process like the real winlogon.exe. When i uncheck it in msconfig and reboot, it just keeps coming back both in my process list and msconfig. I have tried ad-aware, spybot, panda and trendmicro online scans, but none have done the trick. I even tried to use Killbox to end the process, but when i did that the computer immediately goes to a BSOD and reboots. Oh and yes, even though the process is supposedly from a WINLOGON.exe file residing in my C:\Windows directory (as i saw from msconfig), i was unable to locate any such file in the directory. Lots of help needed!
  10. yup i tried like 2 or 3 programs but to no avail..
  11. Ha.. my computer is a 1ghz piece of s***. But i have seen people with 700 mhz computer getting 20 to 40 pings and i don't think any network clogging programs are running in the background.
  12. ok, to erase all doubts.. i'm from singapore and the distance between the isp and any home is of no problem and it seems like everyone else's ping is so much better than mine... what about the quality of modems?
  13. my friends' isp and mine are both the same and we live rather close together
  14. I have an unusually high ping compared to my friends. In games like counter-strike, i get pings like 50 to 60 while they get like 10 to 20. What made the difference? Does the quality of your modem affect your ping? Any tweaks to recommend?
  15. hi all, i have this problem of being kicked off my connection by my isp, too regularly. After every like 2 hrs of connection, i'm always offline due to the "best" isp ever. Anyone has any good software to reccomend or tweaks to stop this from happening again?
×
×
  • Create New...