|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-12-2007, 02:26 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Multiple serious problems...
Hi, I have a few serious problems with my computer that appeared literally overnight. I have no idea what may have caused them, and the xp board told me to come to you guys for help. So I'm not exactly sure how this works except to just post my log so if I messed up somewhere I apologize.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:00 PM, on 10/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RAMBoosterPro] "F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKUS\S-1-5-21-329068152-1708537768-839522115-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User '?') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - file://D:\GAMES\msjavx86_3805.exe O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://aol.skilljam.com/ssp/SkillJamLoader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6397 bytes I would greatly appreciate any help, thank you. |
|
     |
| Sponsored Links |
|
10-16-2007, 03:28 PM
|
#2 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Re: Multiple serious problems...
BUMP
OK, I realize I completely missed the whole READ THIS BEFORE POSTING thing...my bad... I couldn't run the Panda Activescan for some reason, or else I would post one of those logs too... And heres the list of problems: Multiple problems, can't fix any of them And again, any help would be GREATLY appreciated! Last edited by SANDWICHMASTA; 10-16-2007 at 03:29 PM. |
|
|
|
|
10-20-2007, 12:16 PM
|
#4 (permalink) | |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Quote:
Lets get a look at a DDS and panda online scan report's Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Pess "scan your PC now" allow the active x to install (if prompted) Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. If you have problems use this online> http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. |
|
|
|
|
|
10-20-2007, 09:28 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Re: Multiple serious problems...
Hello LonnyRJones, and thank you for helping me out ^_^
Main txt: Deckard's System Scanner v20071014.68 Run by Chris on 2007-10-20 00:50:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; The operation completed successfully. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Chris.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:57 AM, on 10/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Microsoft IntelliPoint\point32.exe F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe F:\chris's Shiz\Programs and such\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RAMBoosterPro] "F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKUS\S-1-5-21-329068152-1708537768-839522115-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User '?') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - file://D:\GAMES\msjavx86_3805.exe O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://aol.skilljam.com/ssp/SkillJamLoader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6497 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 catchme - c:\docume~1\chris\locals~1\temp\catchme.sys (file missing) 2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT> 3 MAC607 (MAC607 Filter) - c:\windows\system32\drivers\mac607.sys 2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> 3 MR97310_VGA_DUAL_CAMERA (MR97310 VGA Dual Mode Camera) - c:\windows\system32\drivers\mr97310v.sys <Not Verified; Mars Semiconductor Corp.; USB Dual-Mode Camera> 3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> 3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> 3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 USR1806 (U.S. Robotics Faxmodem Driver 1806) - c:\windows\system32\drivers\usr1806.sys <Not Verified; U.S. Robotics, Inc.; U.S. Robotics 56K Win INT> 3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)> 2 windrvNT - c:\windows\system32\windrvnt.sys (file missing) 3 XBox (XBox Filter) - c:\windows\system32\drivers\xbox.sys 3 XPAD910 (XPADFilter Service 910) - c:\windows\system32\drivers\xpad910.sys <Not Verified; Compuware Corporation; DriverStudio> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program files\bonjour\mdnsresponder.exe 3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Scheduled Tasks ------------------------------------------------------------- 2007-10-10 19:38:15 370 --a------ C:\WINDOWS\Tasks\RegCure.job 2007-10-10 19:38:15 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2007-10-04 13:15:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2005-06-15 09:45:52 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-09-20 and 2007-10-20 ----------------------------- 2007-10-15 01:05:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-11 12:46:20 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data\Mozilla 2007-10-10 19:38:11 0 d-------- C:\Program Files\RegCure 2007-10-10 01:01:37 0 d-------- C:\RM 2007-10-10 00:52:17 0 d-------- C:\Program Files\Trend Micro 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Templates 2007-10-09 00:30:02 0 dr------- C:\Documents and Settings\Administrator.MIKE6-1-81\Start Menu 2007-10-09 00:30:02 0 dr-h----- C:\Documents and Settings\Administrator.MIKE6-1-81\SendTo 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Recent 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\PrintHood 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\NetHood 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\My Documents 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Local Settings 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Favorites 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Desktop 2007-10-09 00:30:02 0 d---s---- C:\Documents and Settings\Administrator.MIKE6-1-81\Cookies 2007-10-09 00:30:02 0 dr-h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data 2007-10-09 00:30:02 0 d---s---- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data\Microsoft 2007-10-09 00:30:01 786432 --ah----- C:\Documents and Settings\Administrator.MIKE6-1-81\NTUSER.DAT 2007-10-08 16:23:03 0 d-------- C:\Program Files\AOD 2007-10-08 14:47:14 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Media Player Classic 2007-10-08 14:46:54 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\DivX 2007-10-08 14:45:21 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player> 2007-10-08 02:08:27 125 --a------ C:\WINDOWS\system32\svchost 2007-10-04 18:04:52 0 d-------- C:\Program Files\Trillian 2007-10-04 02:07:54 0 d-------- C:\Documents and Settings\Chris\Incomplete 2007-10-04 02:07:44 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire 2007-10-04 02:07:24 0 d-------- C:\Program Files\LimeWire 2007-10-03 11:44:25 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-10-03 11:41:20 0 d-------- C:\Program Files\World of Warcraft 2007-09-30 22:52:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Sun 2007-09-30 20:41:31 0 d-------- C:\Program Files\Java 2007-09-30 20:40:46 0 d-------- C:\Program Files\Common Files\Java 2007-09-30 20:40:26 671 --a------ C:\WINDOWS\mozver.dat 2007-09-29 04:56:11 299392 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-09-27 17:56:09 0 d---s---- C:\Documents and Settings\Chris\UserData 2007-09-27 12:08:59 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla 2007-09-26 02:09:12 0 d-------- C:\Program Files\WiFiConnector 2007-09-26 02:07:46 162944 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> 2007-09-26 01:54:53 0 d-------- C:\Program Files\uTorrent 2007-09-26 01:54:50 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent 2007-09-26 01:52:18 0 d-------- C:\Program Files\DSL Speed 2007-09-25 20:25:31 0 d-------- C:\Program Files\Yahoo! 2007-09-25 20:25:20 929792 -ra------ C:\WINDOWS\system32\PRISME5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API> 2007-09-25 20:25:20 15781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> 2007-09-25 20:24:16 0 d-------- C:\Program Files\2Wire -- Find3M Report --------------------------------------------------------------- 2007-10-15 01:05:09 0 d-------- C:\Program Files\Common Files 2007-10-11 12:39:13 0 d-------- C:\Program Files\Common Files\AOL 2007-10-11 12:39:12 0 d-------- C:\Documents and Settings\Chris\Application Data\AOL 2007-10-08 16:51:07 0 d-------- C:\Documents and Settings\Chris\Application Data\Creative 2007-10-01 22:35:02 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories 2007-09-26 02:04:08 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-26 02:01:34 0 d-------- C:\Program Files\Symantec 2007-09-25 20:25:19 0 d--h----- C:\Program Files\InstallShield Installation Information -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/24/2005 07:32 AM] "nwiz"="nwiz.exe" [02/24/2005 07:32 AM C:\WINDOWS\system32\nwiz.exe] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [] "P17Helper"="P17.dll" [05/03/2005 04:38 AM C:\WINDOWS\system32\P17.dll] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 04:26 PM] "RAMBoosterPro"="F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" [08/02/2006 09:49 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [09/29/2007 12:40 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 06:05 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [12/03/2002 02:16 AM C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Spike^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\Spike\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate] C:\WINDOWS\system32\BMUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1118837898\EE\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\Winampa.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{390db900-2534-11dc-a1d3-00038a000015}] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-20 00:51:41 ------------ For some reason I cannot use the Panda or Kapersky scanners, there maybe something wrong with my ActiveX (IE as a whole is completly screwed up, nothing displays right). So sorry I couldnt post any logs from those, hopefuly DSS's log will help for now. |
|
|
|
|
10-20-2007, 11:25 PM
|
#6 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Did you have a program installed named Folder Lock ?
If so when was it uninstalled ? Please run Deckard's System Scanner again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /configTick Only [x] services Uncheck [] whitelist Click Scan! When finished, it shall produce a log for you. Post that log in your next reply. Copy the contents of the code (dont include the word code) box below into a new notepad document (not wordpad or another text editor). Click file> save as...> call it check.bat > file types *all files*> and save it to your desktop. Code:
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>C:\svchost.txt :: Also: I see you've ran combofix already Post the C:\combofix.txt Last edited by LonnyRJones; 10-21-2007 at 11:06 AM. Reason: added >> |
|
|
|
|
10-21-2007, 03:26 AM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Re: Multiple serious problems...
Yes, I did have FolderLock installed. but only for a bit cause I did'nt like the way it worked. I uninstalled it a long time ago, like 3-4 months maybe.
Deckard's System Scanner v20071014.68 Run by Chris on 2007-10-21 02:35:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Chris.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:35:40 AM, on 10/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Microsoft IntelliPoint\point32.exe F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trillian\trillian.exe C:\Documents and Settings\Chris\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RAMBoosterPro] "F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKUS\S-1-5-21-329068152-1708537768-839522115-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User '?') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - file://D:\GAMES\msjavx86_3805.exe O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://aol.skilljam.com/ssp/SkillJamLoader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7314 bytes -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 Alerter - c:\windows\system32\svchost.exe 3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe 3 AppMgmt (Application Management) - c:\windows\system32\svchost.exe 2 AudioSrv (Windows Audio) - c:\windows\system32\svchost.exe 2 AVG Anti-Spyware Guard - c:\program files\grisoft\avg anti-spyware 7.5\guard.exe <Verified; GRISOFT s.r.o.; AVG Anti-Spyware> 2 BITS (Background Intelligent Transfer Service) - c:\windows\system32\svchost.exe 2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program files\bonjour\mdnsresponder.exe 3 Browser (Computer Browser) - c:\windows\system32\svchost.exe 3 CiSvc (Indexing Service) - c:\windows\system32\cisvc.exe 4 ClipSrv (ClipBook) - c:\windows\system32\clipsrv.exe 3 COMSysApp (COM+ System Application) - c:\windows\system32\dllhost.exe 2 Creative Service for CDROM Access - c:\windows\system32\ctsvccda.exe <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2 CryptSvc (Cryptographic Services) - c:\windows\system32\svchost.exe 2 DcomLaunch (DCOM Server Process Launcher) - c:\windows\system32\svchost 2 Dhcp (DHCP Client) - c:\windows\system32\svchost.exe 3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe 2 dmserver (Logical Disk Manager) - c:\windows\system32\svchost.exe 3 Dnscache (DNS Client) - c:\windows\system32\svchost.exe 2 ERSvc (Error Reporting Service) - c:\windows\system32\svchost.exe 2 Eventlog (Event Log) - c:\windows\system32\services.exe 3 EventSystem (COM+ Event System) - c:\windows\system32\svchost.exe 3 FastUserSwitchingCompatibility (Fast User Switching Compatibility) - c:\windows\system32\svchost.exe 3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe 2 helpsvc (Help and Support) - c:\windows\system32\svchost.exe 2 HidServ (HID Input Service) - c:\windows\system32\svchost.exe 3 HTTPFilter (HTTP SSL) - c:\windows\system32\svchost.exe 3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2 lanmanserver (Server) - c:\windows\system32\svchost.exe 2 lanmanworkstation (Workstation) - c:\windows\system32\svchost.exe 2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)> 3 LmHosts (TCP/IP NetBIOS Helper) - c:\windows\system32\svchost.exe 4 Messenger - c:\windows\system32\svchost.exe 3 mnmsrvc (NetMeeting Remote Desktop Sharing) - c:\windows\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®> 3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator> 3 MSIServer (Windows Installer) - c:\windows\system32\msiexec.exe 4 NetDDE (Network DDE) - c:\windows\system32\netdde.exe 4 NetDDEdsdm (Network DDE DSDM) - c:\windows\system32\netdde.exe 3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe 3 Netman (Network Connections) - c:\windows\system32\svchost.exe 3 Nla (Network Location Awareness (NLA)) - c:\windows\system32\svchost.exe 2 NOD32krn (NOD32 Kernel Service) - c:\program files\eset\nod32krn.exe 3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe 3 NtmsSvc (Removable Storage) - c:\windows\system32\svchost.exe 2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc32.exe 2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe 2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe 2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe 3 RasAuto (Remote Access Auto Connection Manager) - c:\windows\system32\svchost.exe 3 RasMan (Remote Access Connection Manager) - c:\windows\system32\svchost.exe 3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 4 RemoteAccess (Routing and Remote Access) - c:\windows\system32\svchost.exe 3 RemoteRegistry (Remote Registry) - c:\windows\system32\svchost.exe 3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe 2 RpcSs (Remote Procedure Call (RPC)) - c:\windows\system32\svchost 3 RSVP (QoS RSVP) - c:\windows\system32\rsvp.exe 2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe 3 SCardSvr (Smart Card) - c:\windows\system32\scardsvr.exe 2 Schedule (Task Scheduler) - c:\windows\system32\svchost.exe 2 seclogon (Secondary Logon) - c:\windows\system32\svchost.exe 2 SENS (System Event Notification) - c:\windows\system32\svchost.exe 2 SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - c:\windows\system32\svchost.exe 2 ShellHWDetection (Shell Hardware Detection) - c:\windows\system32\svchost.exe 2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe 2 srservice (System Restore Service) - c:\windows\system32\svchost.exe 3 SSDPSRV (SSDP Discovery Service) - c:\windows\system32\svchost.exe 2 stisvc (Windows Image Acquisition (WIA)) - c:\windows\system32\svchost.exe 3 SwPrv (MS Software Shadow Copy Provider) - c:\windows\system32\dllhost.exe 3 SysmonLog (Performance Logs and Alerts) - c:\windows\system32\smlogsvc.exe 3 TapiSrv (Telephony) - c:\windows\system32\svchost.exe 3 TermService (Terminal Services) - c:\windows\system32\svchost 2 Themes - c:\windows\system32\svchost.exe 4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 TrkWks (Distributed Link Tracking Client) - c:\windows\system32\svchost.exe 2 UMWdf (Windows User Mode Driver Framework) - c:\windows\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 upnphost (Universal Plug and Play Device Host) - c:\windows\system32\svchost.exe 3 UPS (Uninterruptible Power Supply) - c:\windows\system32\ups.exe 3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe 3 W32Time (Windows Time) - c:\windows\system32\svchost.exe 2 WebClient - c:\windows\system32\svchost.exe 2 winmgmt (Windows Management Instrumentation) - c:\windows\system32\svchost.exe 3 WmdmPmSN (Portable Media Serial Number Service) - c:\windows\system32\svchost.exe 3 Wmi (Windows Management Instrumentation Driver Extensions) - c:\windows\system32\svchost.exe 3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2 wscsvc (Security Center) - c:\windows\system32\svchost.exe 2 wuauserv (Automatic Updates) - c:\windows\system32\svchost.exe 4 WZCSVC (Wireless Zero Configuration) - c:\windows\system32\svchost.exe 3 xmlprov (Network Provisioning Service) - c:\windows\system32\svchost.exe -- Files created between 2007-09-21 and 2007-10-21 ----------------------------- 2007-10-20 13:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-20 01:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-10-20 00:58:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver> 2007-10-20 00:58:26 0 d-------- C:\Program Files\Grisoft 2007-10-20 00:55:54 0 dr-h----- C:\Documents and Settings\Chris\Recent 2007-10-20 00:52:38 0 d-------- C:\Program Files\CCleaner 2007-10-20 00:49:43 0 d-------- C:\Deckard 2007-10-18 19:05:38 0 d-------- C:\WINDOWS\TEMP 2007-10-18 19:05:05 0 d-------- C:\WINDOWS\erdnt 2007-10-18 19:02:27 0 d-------- C:\qoobox 2007-10-18 19:02:17 51200 --a------ C:\WINDOWS\NirCmd.exe <Not Verified; NirSoft; NirCmd> 2007-10-18 19:02:16 135168 --a------ C:\WINDOWS\catchme.exe 2007-10-18 19:02:15 49152 --a------ C:\WINDOWS\system32\VFind.exe 2007-10-18 19:02:15 212480 --a------ C:\WINDOWS\system32\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2007-10-18 19:02:15 370688 --a------ C:\WINDOWS\system32\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2007-10-18 19:02:15 279552 --a------ C:\WINDOWS\system32\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2007-10-18 19:02:06 0 d-------- C:\ComboFix 2007-10-15 01:05:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-11 12:47:50 536403968 --ahs---- C:\hiberfil.sys 2007-10-11 12:46:20 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data\Mozilla 2007-10-10 19:38:11 0 d-------- C:\Program Files\RegCure 2007-10-10 01:01:37 0 d-------- C:\RM 2007-10-10 00:52:17 0 d-------- C:\Program Files\Trend Micro 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Templates 2007-10-09 00:30:02 0 dr------- C:\Documents and Settings\Administrator.MIKE6-1-81\Start Menu 2007-10-09 00:30:02 0 dr-h----- C:\Documents and Settings\Administrator.MIKE6-1-81\SendTo 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Recent 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\PrintHood 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\NetHood 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\My Documents 2007-10-09 00:30:02 0 d--h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Local Settings 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Favorites 2007-10-09 00:30:02 0 d-------- C:\Documents and Settings\Administrator.MIKE6-1-81\Desktop 2007-10-09 00:30:02 0 d---s---- C:\Documents and Settings\Administrator.MIKE6-1-81\Cookies 2007-10-09 00:30:02 0 dr-h----- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data 2007-10-09 00:30:02 0 d---s---- C:\Documents and Settings\Administrator.MIKE6-1-81\Application Data\Microsoft 2007-10-09 00:30:01 786432 --ah----- C:\Documents and Settings\Administrator.MIKE6-1-81\NTUSER.DAT 2007-10-08 16:23:03 0 d-------- C:\Program Files\AOD 2007-10-08 14:47:14 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Media Player Classic 2007-10-08 14:46:54 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\DivX 2007-10-08 14:45:21 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player> 2007-10-08 02:08:27 125 --a------ C:\WINDOWS\system32\svchost 2007-10-04 18:04:52 0 d-------- C:\Program Files\Trillian 2007-10-04 02:07:54 0 d-------- C:\Documents and Settings\Chris\Incomplete 2007-10-04 02:07:44 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire 2007-10-04 02:07:24 0 d-------- C:\Program Files\LimeWire 2007-10-03 11:44:25 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-10-03 11:41:20 0 d-------- C:\Program Files\World of Warcraft 2007-10-02 22:43:42 139264 --a------ C:\WINDOWS\system32\javaws.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U3> 2007-10-02 22:43:42 135168 --a------ C:\WINDOWS\system32\javaw.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U3> 2007-10-02 22:43:41 135168 --a------ C:\WINDOWS\system32\java.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U3> 2007-09-30 22:52:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Sun 2007-09-30 20:41:31 0 d-------- C:\Program Files\Java 2007-09-30 20:40:46 0 d-------- C:\Program Files\Common Files\Java 2007-09-30 20:40:26 671 --a------ C:\WINDOWS\mozver.dat 2007-09-29 04:56:11 299392 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-09-29 04:56:11 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-29 04:56:11 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys <Verified; Eset; NOD32 Antivirus System> 2007-09-27 17:56:09 0 d---s---- C:\Documents and Settings\Chris\UserData 2007-09-27 12:08:59 0 d-------- C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla 2007-09-26 09:59:16 0 d-------- C:\Program Files\Eset 2007-09-26 03:56:01 0 d--h---c- C:\WINDOWS\$NtUninstallKB927779$ 2007-09-26 03:55:55 0 d--h---c- C:\WINDOWS\$NtUninstallKB927802$ 2007-09-26 03:55:49 0 d--h---c- C:\WINDOWS\$NtUninstallKB922819$ 2007-09-26 03:55:42 0 d--h---c- C:\WINDOWS\$NtUninstallKB923414$ 2007-09-26 03:55:33 0 d--h---c- C:\WINDOWS\$NtUninstallKB928255$ 2007-09-26 03:55:23 0 d--h---c- C:\WINDOWS\$NtUninstallKB931784$ 2007-09-26 03:55:16 0 d--h---c- C:\WINDOWS\$NtUninstallKB920685$ 2007-09-26 03:55:09 0 d--h---c- C:\WINDOWS\$NtUninstallKB923980$ 2007-09-26 03:55:03 0 d--h---c- C:\WINDOWS\$NtUninstallKB936021$ 2007-09-26 03:54:57 0 d--h---c- C:\WINDOWS\$NtUninstallKB938828$ 2007-09-26 03:54:52 0 d--h---c- C:\WINDOWS\$NtUninstallKB924667$ 2007-09-26 03:54:45 0 d--h---c- C:\WINDOWS\$NtUninstallKB924270$ 2007-09-26 03:54:40 0 d--h---c- C:\WINDOWS\$NtUninstallKB931261$ 2007-09-26 03:54:34 0 d--h---c- C:\WINDOWS\$NtUninstallKB924496$ 2007-09-26 03:54:27 0 d--h---c- C:\WINDOWS\$NtUninstallKB927891$ 2007-09-26 03:54:21 0 d--h---c- C:\WINDOWS\$NtUninstallKB936357$ 2007-09-26 03:54:16 0 d--h---c- C:\WINDOWS\$NtUninstallKB921503$ 2007-09-26 03:54:11 0 d--h---c- C:\WINDOWS\$NtUninstallKB938829$ 2007-09-26 03:54:06 0 d--h---c- C:\WINDOWS\$NtUninstallKB925398_WMP64$ 2007-09-26 03:53:45 0 d--h---c- C:\WINDOWS\$NtUninstallKB925902$ 2007-09-26 03:53:38 0 d--h---c- C:\WINDOWS\$NtUninstallKB929123$ 2007-09-26 03:53:33 0 d--h---c- C:\WINDOWS\$NtUninstallKB920670$ 2007-09-26 03:52:36 0 d--h---c- C:\WINDOWS\$NtUninstallKB926436$ 2007-09-26 03:52:28 0 d--h---c- C:\WINDOWS\$NtUninstallKB920872$ 2007-09-26 03:52:20 0 d--h---c- C:\WINDOWS\$NtUninstallKB930178$ 2007-09-26 03:52:14 0 d--h---c- C:\WINDOWS\$NtUninstallKB919007$ 2007-09-26 03:52:09 0 d--h---c- C:\WINDOWS\$NtUninstallKB932168$ 2007-09-26 03:52:03 0 d--h---c- C:\WINDOWS\$NtUninstallKB923191$ 2007-09-26 03:51:56 0 d--h---c- C:\WINDOWS\$NtUninstallKB922582$ 2007-09-26 03:51:48 0 d--h---c- C:\WINDOWS\$NtUninstallKB918118$ 2007-09-26 03:51:42 0 d--h---c- C:\WINDOWS\$NtUninstallKB926255$ 2007-09-26 03:51:37 0 d--h---c- C:\WINDOWS\$NtUninstallKB938127$ 2007-09-26 03:51:31 0 d--h---c- C:\WINDOWS\$NtUninstallKB920213$ 2007-09-26 03:51:25 0 d--h---c- C:\WINDOWS\$NtUninstallKB933360$ 2007-09-26 03:51:20 0 d--h---c- C:\WINDOWS\$NtUninstallKB935840$ 2007-09-26 03:51:15 0 d--h---c- C:\WINDOWS\$NtUninstallKB930916$ 2007-09-26 03:51:09 0 d--h---c- C:\WINDOWS\$NtUninstallKB923689$ 2007-09-26 03:50:41 0 d--h---c- C:\WINDOWS\$NtUninstallKB937143$ 2007-09-26 03:50:33 0 d--h---c- C:\WINDOWS\$NtUninstallKB935839$ 2007-09-26 03:50:27 0 d--h---c- C:\WINDOWS\$NtUninstallKB920683$ 2007-09-26 03:50:20 0 d--h---c- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2007-09-26 03:49:51 0 d--h---c- C:\WINDOWS\$NtUninstallKB928843$ 2007-09-26 02:09:12 0 d-------- C:\Program Files\WiFiConnector 2007-09-26 02:07:46 162944 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> 2007-09-26 01:54:53 0 d-------- C:\Program Files\uTorrent 2007-09-26 01:54:50 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent 2007-09-26 01:52:18 0 d-------- C:\Program Files\DSL Speed 2007-09-25 20:25:31 0 d-------- C:\Program Files\Yahoo! 2007-09-25 20:25:20 929792 -ra------ C:\WINDOWS\system32\PRISME5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API> 2007-09-25 20:25:20 15781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> 2007-09-25 20:24:16 0 d-------- C:\Program Files\2Wire -- Find3M Report --------------------------------------------------------------- 2007-10-20 21:07:18 0 d-------- C:\Program Files\Mozilla Firefox 2007-10-20 20:53:40 2048 --a-s---- C:\WINDOWS\bootstat.dat 2007-10-20 20:53:37 805306368 --ahs---- C:\pagefile.sys 2007-10-15 01:05:09 0 d-------- C:\Program Files\Common Files 2007-10-11 12:39:13 0 d-------- C:\Program Files\Common Files\AOL 2007-10-11 12:39:12 0 d-------- C:\Documents and Settings\Chris\Application Data\AOL 2007-10-08 16:51:07 0 d-------- C:\Documents and Settings\Chris\Application Data\Creative 2007-10-01 22:35:02 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories 2007-09-27 17:50:01 0 d---s---- C:\Documents and Settings\Chris\Application Data\Microsoft 2007-09-26 08:41:53 90296 --a------ C:\WINDOWS\system32\FNTCACHE.DAT 2007-09-26 03:53:41 0 d-------- C:\Program Files\Outlook Express 2007-09-26 03:53:40 0 d-------- C:\Program Files\Common Files\System 2007-09-26 03:50:48 0 d-------- C:\Program Files\Internet Explorer 2007-09-26 02:04:08 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-26 02:01:34 0 d-------- C:\Program Files\Symantec 2007-09-25 20:25:19 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-09-05 19:50:44 17474680 --a------ C:\WINDOWS\system32\MRT.exe <Verified; Microsoft Corporation; Microsoft Windows Malicious Software Removal Tool> 2007-08-20 17:37:34 1469312 --a------ C:\WINDOWS\system32\LegitCheckControl.DLL <Verified; Microsoft Corporation; Windows Genuine Advantage> 2007-07-30 19:19:42 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:36 549720 --a------ C:\WINDOWS\system32\wuapi.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:32 325976 --a------ C:\WINDOWS\system32\wucltui.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:28 203096 --a------ C:\WINDOWS\system32\wuweb.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:20 92504 --a------ C:\WINDOWS\system32\cdm.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:16 53080 --a------ C:\WINDOWS\system32\wuauclt.exe <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:19:12 43352 --a------ C:\WINDOWS\system32\wups2.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-30 19:18:40 33624 --a------ C:\WINDOWS\system32\wups.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/24/2005 07:32 AM] "nwiz"="nwiz.exe" [02/24/2005 07:32 AM C:\WINDOWS\system32\nwiz.exe] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [] "P17Helper"="P17.dll" [05/03/2005 04:38 AM C:\WINDOWS\system32\P17.dll] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 04:26 PM] "RAMBoosterPro"="F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" [08/02/2006 09:49 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [09/29/2007 12:40 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 06:05 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [10/20/2007 01:04 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [12/03/2002 02:16 AM C:\WINDOWS\MIDIDEF.EXE] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Spike^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\Spike\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate] C:\WINDOWS\system32\BMUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1118837898\EE\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\Winampa.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{390db900-2534-11dc-a1d3-00038a000015}] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-21 02:36:31 ------------ Combofix: ComboFix 07-10-17.8 - Chris 2007-10-18 19:02:42.1 - NTFSx86 Running from: H:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\a.exe . ((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))) . 2007-10-18 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 01:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-10 19:38 <DIR> d-------- C:\Program Files\RegCure 2007-10-10 01:01 <DIR> d-------- C:\RM 2007-10-10 00:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 16:23 <DIR> d-------- C:\Program Files\AOD 2007-10-08 14:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-04 18:04 <DIR> d-------- C:\Program Files\Trillian 2007-10-04 02:07 <DIR> d-------- C:\Program Files\LimeWire 2007-10-04 02:07 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\LimeWire 2007-10-03 11:44 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-10-03 11:41 <DIR> d-------- C:\Program Files\World of Warcraft 2007-09-30 20:41 <DIR> d-------- C:\Program Files\Java 2007-09-30 20:40 <DIR> d-------- C:\Program Files\Common Files\Java 2007-09-30 20:40 671 --a------ C:\WINDOWS\mozver.dat 2007-09-29 04:56 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-09-29 04:56 299,392 --a------ C:\WINDOWS\system32\imon.dll 2007-09-29 04:56 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-26 02:09 <DIR> d-------- C:\Program Files\WiFiConnector 2007-09-26 02:07 162,944 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS 2007-09-26 01:54 <DIR> d-------- C:\Program Files\uTorrent 2007-09-26 01:54 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\uTorrent 2007-09-26 01:52 <DIR> d-------- C:\Program Files\DSL Speed 2007-09-25 20:25 <DIR> d-------- C:\Program Files\Yahoo! 2007-09-25 20:25 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll 2007-09-25 20:25 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys 2007-09-25 20:24 <DIR> d-------- C:\Program Files\2Wire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 19:39 --------- d-----w C:\Program Files\Common Files\AOL 2007-10-11 19:39 --------- d-----w C:\Documents and Settings\Chris\Application Data\AOL 2007-10-11 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-08 23:51 --------- d-----w C:\Documents and Settings\Chris\Application Data\Creative 2007-10-02 05:35 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories 2007-09-26 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-09-26 09:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-09-26 09:01 --------- d-----w C:\Program Files\Symantec 2007-09-26 03:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2005-06-13 23:23 921,654 ----a-w C:\Program Files\008.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\007.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\006.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\005.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\004.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\003.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\002.bmp 2005-06-13 23:23 921,654 ----a-w C:\Program Files\001.bmp 2005-06-13 23:18 921,654 ----a-w C:\Program Files\009.bmp 2005-06-13 23:18 1,541 ----a-w C:\Program Files\008.wav 2005-06-01 09:52 8 --sh--w C:\Documents and Settings\All Users\DRM\pdrm.dat 2002-09-24 15:24 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll 2002-07-09 15:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll 2002-05-20 15:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll 2002-05-20 15:02 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll 2001-09-05 16:14 40,960 ----a-w C:\WINDOWS\inf\i386\CopyInf.exe 2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys 2007-06-20 02:52:48 8 --sh--r C:\WINDOWS\system32\573F8C5CD3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32] "nwiz"="nwiz.exe" [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [] "P17Helper"="P17.dll" [2005-05-03 04:38 C:\WINDOWS\system32\P17.dll] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 16:26] "RAMBoosterPro"="F:\chris's Shiz\Programs and such\ramboosteraksdasd\RAMBoosterPro.exe" [2006-08-02 21:49] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-29 12:40] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 02:16 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Spike^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\Spike\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate] C:\WINDOWS\system32\BMUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1118837898\EE\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\Winampa.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{390db900-2534-11dc-a1d3-00038a000015}] AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-04 20:15:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-11 02:38:15 C:\WINDOWS\Tasks\RegCure Program Check.job" "2007-10-11 02:38:15 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2005-06-15 16:45:52 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-18 19:04:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-18 19:05:27 . --- E O F --- Like I staed before, I'm unable to copy and paste (unless its from notepad for some reason), so I'm trying my best to enter these commands manualy. I got the dss thing throught, but i'm having trouble entering the check.bat thing, this is exactly what i typed in: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s C:\svchost.txt :: Yet it quickly flashes a command prompt that, through multiple trys(as in:over and over) I was able to determine it saying invalid command. Did I mess up somewhere? |
|
|
|
|
10-21-2007, 10:59 AM
|
#8 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Ok lets try it this way (there was a typo in my previous instructions)
Open a cmd (command prompt) as in start run type cmd press enter type cd\ press enter, type then entire bolded below, be carefull, no typo's and its all one line. reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>svchost.txt Type in exit and press enter svchost.txt will be c:\ here |
|
|
|
|
10-21-2007, 12:45 PM
|
#10 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Doesn't appear anythings wrong with that key
You first posted 10-12-2007, anything odd happen just prior to the problems starting ? new programs ? Have you trying using system restore to go back a few days before the trouble started ? if not try it. |
|
|
|
|
10-21-2007, 12:57 PM
|
#11 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Re: Multiple serious problems...
No, I don't recall ANYTHING happening that was out of ordinary before this all happened. Like I said, they literaly appeared over night. I've tried system restore, it just tells me "System Restore cannot help your computer, please restart your computer and try again.", it never works though. Soooo...I figure thats it for me eh? I'm just gonna have to reformat or something if I want it to (hopefully)work anymore?
|
|
|
|
|
10-21-2007, 01:36 PM
|
#12 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
2007-10-08 02:08:27 125 --a------ C:\WINDOWS\system32\svchost
That is unusual, Open a command prompt and type in Move "C:\WINDOWS\system32\svchost" C:\ press enter, type exit, press enter again, restart the pc and let us know how that pc is acting ? Now try an online scan at Panda and post its report |
|
|
|
|
10-21-2007, 10:18 PM
|
#13 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 12
OS: xp sp2
|
Re: Multiple serious problems...
Holy **** dude, that completly fixed all the serious problems, except how backgrounds won't appear on websites, but to tell the truth, that was around before all the serious stuff appeared. Of course, if you have any idea whats up with that, I'd love to hear it (its probaly a display problem). Otherwise, thank you very much for giving me a hand with this Lonney, I seriously thought I was screwed >_<, so your help is greatly appreciated.
Here is the panda scan, if it still matters: Incident Status Location Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\zrb0xm5s.default\cookies.txt[.com.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\zrb0xm5s.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\zrb0xm5s.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\zrb0xm5s.default\cookies.txt[.tucows.com/] Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Chris\Desktop\Music Files\Shared\OCB creative zen micro.zip[YSB_toolBar.exe] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\mike\Cookies\mike@2o7[2].txt Spyware:Cookie/7search Not disinfected C:\Documents and Settings\mike\Cookies\mike@7search[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\mike\Cookies\mike@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mike\Cookies\mike@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mike\Cookies\mike@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\mike\Cookies\mike@atwola[2].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\mike\Cookies\mike@bfast[1].txt Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\mike\Cookies\mike@c.goclick[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\mike\Cookies\mike@ccbill[1].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\mike\Cookies\mike@clickbank[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\mike\Cookies\mike@counter10.sextracker[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\mike\Cookies\mike@counter13.sextracker[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\mike\Cookies\mike@counter7.sextracker[1].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\mike\Cookies\mike@cs.sexcounter[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\mike\Cookies\mike@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\mike\Cookies\mike@ehg-eline.hitbox[2].txt Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\mike\Cookies\mike@kinghost[1].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\mike\Cookies\mike@linksynergy[1].txt Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\mike\Cookies\mike@maxserving[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mike\Cookies\mike@mediaplex[1].txt Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\mike\Cookies\mike@paycounter[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\mike\Cookies\mike@perf.overture[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\mike\Cookies\mike@phg.hitbox[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\mike\Cookies\mike@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\mike\Cookies\mike@questionmarket[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\mike\Cookies\mike@servedby.advertising[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\mike\Cookies\mike@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\mike\Cookies\mike@serving-sys[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\mike\Cookies\mike@sextracker[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mike\Cookies\mike@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\mike\Cookies\mike@statse.webtrendslive[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mike\Cookies\mike@tribalfusion[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\mike\Cookies\mike@www.myaffiliateprogram[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.com.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.atwola.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.zedo.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.advertising.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Application Data\Mozilla\Firefox\Profiles\3wvmu9sa.default\cookies.txt[.realmedia.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@2o7[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@ads.pointroll[1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@adultfriendfinder[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@azjmp[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@casalemedia[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@ccbill[2].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@centrport[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@cgi-bin[1].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@cs.sexcounter[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@doubleclick[1].txt Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@kinghost[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@mediaplex[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@questionmarket[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@statcounter[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@tribalfusion[2].txt Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@tucows[2].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\mike.MIKE6-1-81\Cookies\mike@webpower[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Spike\Cookies\spike@2o7[2].txt Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Spike\Cookies\spike@abcsearch[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Spike\Cookies\spike@ad.yieldmanager[1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Spike\Cookies\spike@ads.addynamix[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Spike\Cookies\spike@ads.pointroll[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Spike\Cookies\spike@adultfriendfinder[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Spike\Cookies\spike@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Spike\Cookies\spike@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Spike\Cookies\spike@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Spike\Cookies\spike@atwola[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Spike\Cookies\spike@bfast[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Spike\Cookies\spike@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Spike\Cookies\spike@burstnet[2].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Spike\Cookies\spike@c.enhance[1].txt Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Spike\Cookies\spike@c.goclick[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Spike\Cookies\spike@ccbill[2].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Spike\Cookies\spike@centrport[2].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Spike\Cookies\spike@clickbank[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Spike\Cookies\spike@com[2].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Spike\Cookies\spike@counter.hitslink[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Spike\Cookies\spike@counter13.sextracker[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Spike\Cookies\spike@counter15.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Spike\Cookies\spike@counter4.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Spike\Cookies\spike@counter6.sextracker[2].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Spike\Cookies\spike@cs.sexcounter[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Spike\Cookies\spike@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Spike\Cookies\spike@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Spike\Cookies\spike@fastclick[2].txt Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Spike\Cookies\spike@hypercount[2].txt Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Spike\Cookies\spike@kinghost[2].txt Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Spike\Cookies\spike@landing.domainsponsor[1].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Spike\Cookies\spike@linksynergy[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Spike\Cookies\spike@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Spike\Cookies\spike@overture[2].txt Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Spike\Cookies\spike@paycounter[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Spike\Cookies\spike@perf.overture[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Spike\Cookies\spike@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Spike\Cookies\spike@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Spike\Cookies\spike@realmedia[2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Spike\Cookies\spike@revenue[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Spike\Cookies\spike@servedby.advertising[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Spike\Cookies\spike@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Spike\Cookies\spike@serving-sys[1].txt Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Spike\Cookies\spike@sexlist[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Spike\Cookies\spike@sextracker[2].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Spike\Cookies\spike@stat.onestat[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Spike\Cookies\spike@statcounter[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Spike\Cookies\spike@target[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Spike\Cookies\spike@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Spike\Cookies\spike@tribalfusion[1].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Spike\Cookies\spike@valueclick[1].txt Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Spike\Cookies\spike@xxxcounter[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Spike\Cookies\spike@z1.adserver[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Spike\Cookies\spike@zedo[2].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Adware:Adware/BookMark Not disinfected C:\WINDOWS\system32\BMUpdate.exe Adware:Adware/IST.ISTBar Not disinfected F:\chris's Shiz\Music Files\Shared\OCB creative zen micro.zip[YSB_toolBar.exe] Virus:Generic Malware Disinfected F:\chris's Shiz\Programs and such\Stlxp319FMFull\Style.XP.v3.19.Female.Male.Full\KeyGen\StyleXP_Keygen.exe Virus:Generic Malware Not disinfected F:\chris's Shiz\Programs and such\Stlxp319FMFull.part1.rar[Style.XP.v3.19.Female.Male.Full\KeyGen\StyleXP_Keygen.exe] Virus:Generic Malware Not disinfected F:\chris's Shiz\rarzip files\Adware.Away.v3.1.2.WinALL.Incl.Keygen-BRD.rar[Adware.Away.v3.1.2.WinALL.Incl.Keygen-BRD\brdaa312.zip][brdaa312.rar][keygen\keygen.exe] |
|
|
|
|
10-22-2007, 12:27 AM
|
#14 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Thats good to hear
Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm How To Download and Extract the HOSTS file: http://www.mvps.org/winhelp2002/hosts2.htm Repeat that proccess about once or twice a month In internet options security > zones set each zone to default level In internet options advanced use the restore defaults button Delete these files C:\WINDOWS\system32\BMUpdate.exe F:\chris's Shiz\Music Files\Shared\OCB creative zen micro.zip F:\chris's Shiz\Programs and such\Stlxp319FMFull\Style.XP.v3.19.Female.Male.Full\KeyGen\StyleXP_Keygen.exe F:\chris's Shiz\Programs and such\Stlxp319FMFull.part1.rar F:\chris's Shiz\rarzip files\Adware.Away.v3.1.2.WinALL.Incl.Keygen-BRD.rar and please do not use keygens and cracks, or get used to formating your pc. |
|
|
|
|
10-22-2007, 03:46 PM
|
#16 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
Do you use the quicklaunch toolbar ? if so it probaly isnt staying/sticking for you correct ?
In internet options > accessibility is anything checked there ? In control panel > Accessibility Options > Display > Is Hi contrast checked ? or have you recently changed any Accessibility Options ? |
|
|
|
|
10-23-2007, 01:29 AM
|
#18 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: Multiple serious problems...
No reason for these to be installed since your using Nod32 right ?
LiveReg (Symantec Corporation) LiveUpdate 1.6 (Symantec Corporation) Ensure all your media players,instant messeger programs or for that matter any program that uses the internet is Up to date To delete the leftover folder lock service go start run type in sc delete "windrvNT" press enter Also uninstall combofix. start run type in combofix /u press enter Please take the time to go through this acticle http://castlecops.com/postlite7736-.html Surf safe |
|
|
|
| Thread Tools | |
|
|
