Im quickly loosing fate in compters.
I have a P4 3.0 with Win Xp SP2..
I dont use any special apps or anything, play some games and stuff.
It started like 3 weeks ago, my comp got slow, it seemed to down/load alot of stuff, soon I started too loose programs, firewalls crashed and started behaving VERY odd, I tryed them all i think by now, I really like sygate, but it had no chance against this, dunno if I helped by making some stupid changes but..I couldnt solve this so i just formated the disk, well, the "thingy" didnt let me first, I kinda lost all admin right suddenly, so did that at a friends house, There i noticed like 20gb of my 200gb was gone, locked, writed protected. took the disk back home to reinstall winxp, there i noticed a Partition of like 300gb or something plus the 20 missing for me, i couldnt delete any of them, my personal guess is it´s some kind of virtual disk or something? but what do I know!!
Anyway, I wanted my daily "surftime" so I just installed the OS, didnt take long until it started acting up again. from that day i tried switching disks, i had a 200 and a 80gb in when this started, well, the 80 drive was same.
So, this thing has surived Kaspersky, AVG, Nod32 and a few firewalls, well survived is a understatement, it has destroyed the Applications.
Well, 3 hrs ago it killed latest zonealarm and Avast, i have now F-secure, even tough i know its no use. Its been starting to act wierd alrdy.
so I tried this Hijackthis thing, you guys seem like smart guys
I cant really read something from the log but, what do i know about computer, more than they are a pain?!!
I made a log, i suppose i can cut it in this message without any trouble?? :4-dontkno
Logfile of HijackThis v1.99.1
Scan saved at 01:37:55, on 2007-03-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Anti-Virus\fsqh.exe
C:\Program\F-Secure\FSAUA\program\fsaua.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis666\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
thats what "regular" scan gives, and this is the startuplist
StartupList report, 2007-03-05, 01:40:48
StartupList version: 1.52.2
Started from : C:\Program\HijackThis666\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Anti-Virus\fsqh.exe
C:\Program\F-Secure\FSAUA\program\fsaua.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\HijackThis666\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
F-Secure Manager = "C:\Program\F-Secure\Common\FSM32.EXE" /splash
F-Secure TNB = "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{F07FF5C8-BABB-43E7-8DE3-263841798D1B}] *
StubPath = C:\Documents and Settings\All Users\Application Data\Camwood\appEditor\AEremSendto.vbs
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Scheduled scanning task.job
--------------------------------------------------
Enumerating Download Program Files:
[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
FSGKHS: "C:\Program\F-Secure\Anti-Virus\fsgk32st.exe" (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
F-Secure Management Agent: "C:\Program\F-Secure\Common\FSMA32.EXE" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 9*063 bytes
Report generated in 0,110 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
I really really hope someone knows.
well, some other strange things before i go to bed.
I wonder if it has my dvdreader in its evil grip, it keep changes between a few names, and it really suck at reading cd´s
ohhh, and I got totally blocked from every attempt downloading freeware Trojan removers today, both Explorer and Firefox just refused, it just shut down the site for me. Every other site but the "trojan sites" worked fine.
Talking about Explorer and Firefox, it seems to love those programs, and it really pushes the **** out when it get holds of like uTorrent, and I have a wierd feeling it loggs my coversations on miranda!!
It has freaked out my modem a few times. :upset:
Well, guess thats about it, for now..I guess u guys should read this aswell, cant be to fun
Im off to bed, crossing my thumbs someone has a clue whats this about!!
nn guys
I have a P4 3.0 with Win Xp SP2..
I dont use any special apps or anything, play some games and stuff.
It started like 3 weeks ago, my comp got slow, it seemed to down/load alot of stuff, soon I started too loose programs, firewalls crashed and started behaving VERY odd, I tryed them all i think by now, I really like sygate, but it had no chance against this, dunno if I helped by making some stupid changes but..I couldnt solve this so i just formated the disk, well, the "thingy" didnt let me first, I kinda lost all admin right suddenly, so did that at a friends house, There i noticed like 20gb of my 200gb was gone, locked, writed protected. took the disk back home to reinstall winxp, there i noticed a Partition of like 300gb or something plus the 20 missing for me, i couldnt delete any of them, my personal guess is it´s some kind of virtual disk or something? but what do I know!!
Anyway, I wanted my daily "surftime" so I just installed the OS, didnt take long until it started acting up again. from that day i tried switching disks, i had a 200 and a 80gb in when this started, well, the 80 drive was same.
So, this thing has surived Kaspersky, AVG, Nod32 and a few firewalls, well survived is a understatement, it has destroyed the Applications.
Well, 3 hrs ago it killed latest zonealarm and Avast, i have now F-secure, even tough i know its no use. Its been starting to act wierd alrdy.
so I tried this Hijackthis thing, you guys seem like smart guys
I cant really read something from the log but, what do i know about computer, more than they are a pain?!!
I made a log, i suppose i can cut it in this message without any trouble?? :4-dontkno
Logfile of HijackThis v1.99.1
Scan saved at 01:37:55, on 2007-03-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Anti-Virus\fsqh.exe
C:\Program\F-Secure\FSAUA\program\fsaua.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis666\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
thats what "regular" scan gives, and this is the startuplist
StartupList report, 2007-03-05, 01:40:48
StartupList version: 1.52.2
Started from : C:\Program\HijackThis666\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Anti-Virus\fsqh.exe
C:\Program\F-Secure\FSAUA\program\fsaua.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\HijackThis666\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
F-Secure Manager = "C:\Program\F-Secure\Common\FSM32.EXE" /splash
F-Secure TNB = "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{F07FF5C8-BABB-43E7-8DE3-263841798D1B}] *
StubPath = C:\Documents and Settings\All Users\Application Data\Camwood\appEditor\AEremSendto.vbs
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Scheduled scanning task.job
--------------------------------------------------
Enumerating Download Program Files:
[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
FSGKHS: "C:\Program\F-Secure\Anti-Virus\fsgk32st.exe" (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
F-Secure Management Agent: "C:\Program\F-Secure\Common\FSMA32.EXE" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 9*063 bytes
Report generated in 0,110 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
I really really hope someone knows.
well, some other strange things before i go to bed.
I wonder if it has my dvdreader in its evil grip, it keep changes between a few names, and it really suck at reading cd´s
ohhh, and I got totally blocked from every attempt downloading freeware Trojan removers today, both Explorer and Firefox just refused, it just shut down the site for me. Every other site but the "trojan sites" worked fine.
Talking about Explorer and Firefox, it seems to love those programs, and it really pushes the **** out when it get holds of like uTorrent, and I have a wierd feeling it loggs my coversations on miranda!!
It has freaked out my modem a few times. :upset:
Well, guess thats about it, for now..I guess u guys should read this aswell, cant be to fun
Im off to bed, crossing my thumbs someone has a clue whats this about!!
nn guys
