Tech Support Forum - View Single Post - Computer running very slow. Possible worm?

exviper99 · 05-05-2007, 12:45 AM

you amazing again!

ComboFix 07-05.04.3.V - Running from: "C:\Documents and Settings\Mikey\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\kdtpr.exe

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))

2007-05-04 14:37 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 21:31 498,960 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-05-03 21:31 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2007-05-03 02:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-03 01:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-02 17:51 <DIR> d-------- C:\Program Files\Symantec
2007-05-02 17:27 <DIR> d-------- C:\Program Files\CCleaner
2007-05-02 17:09 <DIR> d-------- C:\Program Files\RegistryFix
2007-05-02 16:58 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2007-05-02 16:57 49,152 --ah----- C:\WINDOWS\system32\confdrv.dll
2007-05-02 16:57 24,576 --a------ C:\WINDOWS\system32\rsrc32.dll
2007-05-02 16:57 184,328 --ah----- C:\WINDOWS\system32\drvstat.dll
2007-05-02 16:57 <DIR> d-------- C:\Program Files\Easy Desk Utilities
2007-05-02 16:56 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-05-02 16:56 40,960 --a------ C:\WINDOWS\system32\VB5StKit.dll
2007-05-02 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-05-02 16:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-01 13:43 10,000 --a------ C:\WINDOWS\system32\ldfksdioduihj.dll
2007-05-01 06:18 53,248 --ah----- C:\WINDOWS\system32\drvprf32.dll
2007-05-01 06:17 9,728 --a------ C:\WINDOWS\system32\crypt32net.dll
2007-05-01 06:17 57,344 --a------ C:\WINDOWS\system32\system32.exe
2007-05-01 06:17 10,240 --a------ C:\WINDOWS\system32\kernel.dll
2007-04-05 02:44 <DIR> d-------- C:\DOCUME~1\Mikey\APPLIC~1\Gaijin Ent

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-03 20:25:57 124,416 ----a-w C:\WINDOWS\system32\paiqvpji.dll
2007-05-03 17:33:39 75,264 ----a-w C:\WINDOWS\system32\ws2_32.dll
2007-04-30 23:52:28 46,176 ----a-w C:\WINDOWS\system32\ipv6mons.dll
2007-04-30 19:25:35 99,840 ----a-w C:\WINDOWS\system32\mujyifrj.dll
2007-04-30 19:25:33 43,520 ----a-w C:\WINDOWS\system32\xgprqjcm.dll
2007-04-15 16:11:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-15 15:24:52 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\BitTorrent
2007-04-06 15:39:40 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Neo-Modus.com
2007-04-06 05:29:13 -------- d-----w C:\Program Files\Age of Castles
2007-04-05 05:44:34 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Gaijin Ent
2007-04-05 02:10:43 -------- d-----w C:\Program Files\Trymedia
2007-04-05 02:10:31 -------- d-----w C:\Program Files\Anarchy
2007-04-05 01:33:12 -------- d-----w C:\Program Files\ReflexiveArcade
2007-03-30 05:24:05 1,168 ----a-w C:\WINDOWS\mozver.dat
2007-03-28 16:19:15 -------- d-----w C:\Program Files\Virus Chaser
2007-03-28 07:02:12 -------- d-----w C:\Program Files\RegCleaner
2007-03-22 19:50:15 3,532 ----a-w C:\drmHeader.bin
2007-03-20 03:11:34 -------- d-----w C:\Program Files\Maxis
2007-03-19 11:50:53 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\PlayFirst
2007-03-19 08:07:33 17,144 ----a-w C:\DOCUME~1\Mikey\APPLIC~1.\GDIPFONTCACHEV1.DAT
2007-03-15 02:04:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-15 00:15:42 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-15 00:10:30 -------- d-----w C:\Program Files\DAEMON Tools
2007-03-15 00:07:06 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-10 23:53:00 -------- d-----w C:\Program Files\Yahoo!
2007-03-08 17:39:53 -------- d-----w C:\Program Files\Rapid-Pi
2007-03-05 22:03:33 -------- d-----w C:\Program Files\BFG
2007-02-06 02:47:17 298 ----a-w C:\WINDOWS\EReg072.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
imrjyxze

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-05 02:40:50
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-05 2:42:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-05 02:42
C:\ComboFix2.txt ... 2007-05-04 14:37

Logfile of HijackThis v1.99.1
Scan saved at 2:44:35 AM, on 5/5/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mikey\Desktop\Exec\hijackthis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quartz.atkinson.yorku.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06d8536b...p/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v15.582/qboax8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

05-05-2007, 12:45 AM	#6 (permalink)
exviper99 Registered User Join Date: Mar 2007 Posts: 17 OS: xp	Re: Computer running very slow. Possible worm? you amazing again! ComboFix 07-05.04.3.V - Running from: "C:\Documents and Settings\Mikey\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\kdtpr.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 )))))))))))))))))))))))))))))))))) 2007-05-04 14:37 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-03 21:31 498,960 --a------ C:\WINDOWS\system32\dxmasf.dll 2007-05-03 21:31 251,904 --a------ C:\WINDOWS\system32\strmdll.dll 2007-05-03 02:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-05-03 01:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-02 17:51 <DIR> d-------- C:\Program Files\Symantec 2007-05-02 17:27 <DIR> d-------- C:\Program Files\CCleaner 2007-05-02 17:09 <DIR> d-------- C:\Program Files\RegistryFix 2007-05-02 16:58 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll 2007-05-02 16:57 49,152 --ah----- C:\WINDOWS\system32\confdrv.dll 2007-05-02 16:57 24,576 --a------ C:\WINDOWS\system32\rsrc32.dll 2007-05-02 16:57 184,328 --ah----- C:\WINDOWS\system32\drvstat.dll 2007-05-02 16:57 <DIR> d-------- C:\Program Files\Easy Desk Utilities 2007-05-02 16:56 71,680 --a------ C:\WINDOWS\ST5UNST.EXE 2007-05-02 16:56 40,960 --a------ C:\WINDOWS\system32\VB5StKit.dll 2007-05-02 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-05-02 16:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-05-01 13:43 10,000 --a------ C:\WINDOWS\system32\ldfksdioduihj.dll 2007-05-01 06:18 53,248 --ah----- C:\WINDOWS\system32\drvprf32.dll 2007-05-01 06:17 9,728 --a------ C:\WINDOWS\system32\crypt32net.dll 2007-05-01 06:17 57,344 --a------ C:\WINDOWS\system32\system32.exe 2007-05-01 06:17 10,240 --a------ C:\WINDOWS\system32\kernel.dll 2007-04-05 02:44 <DIR> d-------- C:\DOCUME~1\Mikey\APPLIC~1\Gaijin Ent (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-03 20:25:57 124,416 ----a-w C:\WINDOWS\system32\paiqvpji.dll 2007-05-03 17:33:39 75,264 ----a-w C:\WINDOWS\system32\ws2_32.dll 2007-04-30 23:52:28 46,176 ----a-w C:\WINDOWS\system32\ipv6mons.dll 2007-04-30 19:25:35 99,840 ----a-w C:\WINDOWS\system32\mujyifrj.dll 2007-04-30 19:25:33 43,520 ----a-w C:\WINDOWS\system32\xgprqjcm.dll 2007-04-15 16:11:15 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-15 15:24:52 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\BitTorrent 2007-04-06 15:39:40 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Neo-Modus.com 2007-04-06 05:29:13 -------- d-----w C:\Program Files\Age of Castles 2007-04-05 05:44:34 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Gaijin Ent 2007-04-05 02:10:43 -------- d-----w C:\Program Files\Trymedia 2007-04-05 02:10:31 -------- d-----w C:\Program Files\Anarchy 2007-04-05 01:33:12 -------- d-----w C:\Program Files\ReflexiveArcade 2007-03-30 05:24:05 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-03-28 16:19:15 -------- d-----w C:\Program Files\Virus Chaser 2007-03-28 07:02:12 -------- d-----w C:\Program Files\RegCleaner 2007-03-22 19:50:15 3,532 ----a-w C:\drmHeader.bin 2007-03-20 03:11:34 -------- d-----w C:\Program Files\Maxis 2007-03-19 11:50:53 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\PlayFirst 2007-03-19 08:07:33 17,144 ----a-w C:\DOCUME~1\Mikey\APPLIC~1.\GDIPFONTCACHEV1.DAT 2007-03-15 02:04:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-03-15 00:15:42 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-03-15 00:10:30 -------- d-----w C:\Program Files\DAEMON Tools 2007-03-15 00:07:06 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-03-10 23:53:00 -------- d-----w C:\Program Files\Yahoo! 2007-03-08 17:39:53 -------- d-----w C:\Program Files\Rapid-Pi 2007-03-05 22:03:33 -------- d-----w C:\Program Files\BFG 2007-02-06 02:47:17 298 ----a-w C:\WINDOWS\EReg072.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk" "backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot" "item"="NetAssistant" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bittorrent" "hkey"="HKCU" "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MotiveSB" "hkey"="HKLM" "command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs imrjyxze ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-05 02:40:50 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 2007-05-05 2:42:28 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-05 02:42 C:\ComboFix2.txt ... 2007-05-04 14:37 Logfile of HijackThis v1.99.1 Scan saved at 2:44:35 AM, on 5/5/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mikey\Desktop\Exec\hijackthis\HijackThis.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quartz.atkinson.yorku.ca/qp2.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06d8536b...p/RdxIE601.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v15.582/qboax8.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/ac...pv2.0.0.9.cab? O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe