Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help with slow computer [CLOSED]

Started by bootlegger , Jun 05 2007 06:53 AM

  • This topic is locked This topic is locked

#1
bootlegger
Posted 05 June 2007 - 06:53 AM

bootlegger

    Member

  • Member
  • PipPip
  • 42 posts
Around about a week ago, my pc became bogged down. svchost.exe was using excessive amounts of my cpu, soon after, it seemed EVERYTHING was using too much of my cpu - 90%-even when I started up task manager.

I burned a dvd a few days ago, and the dvd freezes, it's pixelated, and this is occuring for the first time in 3 years - same software (copytodvd), same hardware... (the ifo files play perfect on the pc, it's whenever they are actually put onto a disc they go fubar). The DVD's that are being burned, will not even work on my desktop or laptop. I have to manually close the window, because the drive just keeps working, but nothing ever happens.

I followed the newbie instructions, avgas, superantispyware, panda, also threw in a ad-aware scan and countless other devices. I downloaded updates, etc.

So now I'm posting my HJT log.







HJT log is below:

Logfile of HijackThis v1.99.1
Scan saved at 5:12:22 PM, on 05/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [y5aaC] C:\WINNT\yuqql.exe
O4 - HKLM\..\Run: [yhcdcxkj] C:\WINNT\yhcdcxkj.exe
O4 - HKLM\..\Run: [Ac4RlS] C:\WINNT\lmkcfwtq.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\temp\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\temp\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\temp\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\temp\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.taxslayer.com
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.67.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Owner\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107223271397
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173542381562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PictureTaker - VSO Software - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


]SUPERAntiSpyware Scan Log[/b]
Generated 05/30/2007 at 12:49 PM

Application Version : 3.6.1000

Core Rules Database Version : 3246
Trace Rules Database Version: 1257

Scan type : Complete Scan
Total Scan Time : 03:28:19

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 6735
Registry threats detected : 17
File items scanned : 65985
File threats detected : 3

Adware.CRAM
HKLM\Software\Classes\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\InprocServer32
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\InprocServer32#ThreadingModel
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\ProgID
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\Programmable
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\TypeLib
HKCR\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}\VersionIndependentProgID
C:\PROGRA~1\CRAMTO~1\TBU04383\CRAM1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}

Adware.Apropos Media
HKU\S-1-5-21-3813086739-3825228898-608057341-1003\Software\Aprps

Malware.VirusBurst
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\0\win32
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\FLAGS
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\HELPDIR

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\OUWM\OUWMD\CLASS-BARREL

Adware.Look2Me
C:\WINNT\SYSTEM\UPDINST.EXE




AND ACTIVESCAN LOG

Incident Status Location

Adware:adware/exact.bargainbuddy Not disinfected c:\winnt\msxct1.ini
Adware:adware/dealhelper Not disinfected c:\winnt\system32\Newmsrdk
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_current_user\software\netscape\netscape navigator\automation shutdown\MyWayToolBar.NetscapeShutdown.1
Adware:adware/wupd Not disinfected Windows Registry
Virus:Generic Trojan Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for snd-WinTasks.Pro.5.04.zip\patch.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe
Virus:Generic Trojan Not disinfected H:\New Folder (2)(2)\WinTasks 5.04 with crack.rar[snd-WinTasks.Pro.5.04.zip][patch.exe]
Virus:Generic Trojan Not disinfected H:\New Folder (2)(2)\WinTasks 5.04 with crack.rar[LIUtilities\WinTasks\patch.exe]
Virus:Generic Trojan Disinfected H:\New Folder (2)(2)\snd-WinTasks.Pro.5.04.zip[patch.exe]




Uninstall log


ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
CopyToDVD
Cover Master
Creative Jukebox Driver
Creative NOMAD II Driver
DC-PowerNotes
DC-PowerNotes 7.0 - Build 717
DivX Codec
DivX Player
DivxToDVD 0.5.2b
Do More 5.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
HelpSpot
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Kazaa Media Desktop 2.1.1
LimeWire 4.12.6
Magic DVD Copier V4.3.1
Magic ISO Maker v5.3 (build 0216)
Memorex exPressit Label Design Studio
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo 2002
Microsoft PowerPoint Viewer 97
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
MP3 Checker 1.05
MRU-Blaster v1.5 (Database 3/28/2004)
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
NBCE Review
Nero 7 Premium
Net Cribbage 5
Network Play System (Patching)
NOMAD Jukebox 3 Driver
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
On2 VP7 Personal Edition
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Panda ActiveScan
PC-Doctor Consumer UI
PC-Doctor Diagnostics
PC-Doctor for Windows
PC-Doctor Services
PhoneTools
Primal Pictures Interactive Foot and Ankle 2
Primal Pictures Interactive Hand 2000
Primal Pictures Interactive Head and Neck
Primal Pictures Interactive Hip
Primal Pictures Interactive Knee 1.1
Primal Pictures Interactive Pelvis and Perineum
Primal Pictures Interactive Shoulder
Primal Pictures Interactive Thorax and Abdomen
PS/2 Millennium Keyboard
QuickTime
Real Alternative 1.44
Samsung USB Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Shockwave
ShufflePlay 2.74
Skype 2.5
SopCast 1.0.1
SUPERAntiSpyware Free Edition
The Rosetta Stone
TVUPlayer 2.3.0.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player (Remove Only)
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
XoftSpy
ZyDAS IEEE 802.11 b+g Wireless LAN - USB


AND A FREEFIXER LOG

FreeFixer v0.18 log
http://www.freefixer.com/
Operating system: Windows NT 5.1
Log dated 2007-05-30 17:46


Winlogon Notify (9 whitelisted)
!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
igfxcui - C:\WINNT\system32\igfxsrvc.dll
WgaLogon - C:\WINNT\system32\WgaLogon.dll

Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}, Adobe PDF Reader Link Helper, C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, SSVHelper Class, C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}, Google Toolbar Helper, c:\winnt\googletoolbar4.dll
{AE7CD045-E861-484f-8273-0445EE161910}, Adobe PDF Conversion Toolbar Helper, C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

Internet Explorer toolbars (2 whitelisted)
HKLM\..\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\winnt\googletoolbar4.dll
HKLM\..\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
HKCU\..\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - - No file specified
HKCU\..\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar - No file specified

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.news.google.com
HKLM\..\Main, Start Page = http://www.news.google.com
HKCU\..\Main, Search Page = xt ve   ª ØFÛ 
HKLM\..\Main, Search Page = xt ve   ª ØFÛ 
HKLM\..\Main, Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\..\Main, Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\..\Search, SearchAssistant = http://www.google.com/ie

Registry Startups (1 whitelisted)
HKLM\..\Run, IgfxTray = C:\WINNT\System32\igfxtray.exe
HKLM\..\Run, HotKeysCmds = C:\WINNT\System32\hkcmd.exe
HKLM\..\Run, Hot Key Kbd 9910 Daemon = SK9910DM.EXE
HKLM\..\Run, Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
HKLM\..\Run, PROMon.exe = PROMon.exe
HKLM\..\Run, AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKLM\..\Run, WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
HKLM\..\Run, y5aaC = C:\WINNT\yuqql.exe
HKLM\..\Run, yhcdcxkj = C:\WINNT\yhcdcxkj.exe
HKLM\..\Run, Ac4RlS = C:\WINNT\lmkcfwtq.exe
HKLM\..\Run, ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM\..\Run, AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
HKLM\..\Run, HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\..\Run, SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
HKLM\..\Run, Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
HKLM\..\Run, =
HKLM\..\Run, NvMediaCenter = RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
HKLM\..\Run, !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKCU\..\Run, swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU\..\Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

Autostart shortcuts
Adobe Acrobat Speed Launcher.lnk, , C:\WINNT\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk, , C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Adobe Gamma Loader.lnk, , C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk, , C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Hawking Wireless Utility.lnk, , C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
HP Digital Imaging Monitor.lnk, , C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk, Microsoft Office StartUp, C:\Program Files\Microsoft Office\Office10\OSA.EXE
ZDWLan Utility.lnk, , C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

HOSTS file
127.255.255.255 serial.alcohol-soft.com
127.255.255.255 www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com

Processes (18 whitelisted)
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\FreeFixer\freefixer.exe

Application modules (47 whitelisted)
C:\WINNT\system32\ieframe.dll
C:\WINNT\system32\iertutil.dll
C:\WINNT\system32\Normaliz.dll





A Bazooka scan revealed pacerd.bundle






I can't thank you guys enough for taking the time to do this.
  • 0

Advertisements

#2
don77
Posted 13 June 2007 - 06:46 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello sorry for the delay
Please make all your future replies to this topic by starting multiple topics it just creates more work for us,

Please post a fresh HJT log for me here I need to what has changed since you lated posted

Thanks
  • 0

#3
bootlegger
Posted 14 June 2007 - 10:18 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thank you so much for doing this. (can we get rid of googletoolbarnotifier, while we are at it some how?)

Logfile of HijackThis v1.99.1
Scan saved at 12:14:33 AM, on 06/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [y5aaC] C:\WINNT\yuqql.exe
O4 - HKLM\..\Run: [yhcdcxkj] C:\WINNT\yhcdcxkj.exe
O4 - HKLM\..\Run: [Ac4RlS] C:\WINNT\lmkcfwtq.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\temp\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\temp\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\temp\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\temp\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.taxslayer.com
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.67.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Owner\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107223271397
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173542381562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PictureTaker - Unknown owner - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


  • 0

#4
don77
Posted 15 June 2007 - 07:16 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [y5aaC] C:\WINNT\yuqql.exe
O4 - HKLM\..\Run: [yhcdcxkj] C:\WINNT\yhcdcxkj.exe
O4 - HKLM\..\Run: [Ac4RlS] C:\WINNT\lmkcfwtq.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Owner\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx





Next Reboot into SAFE MODE
Search for and delete the Files highlighted in BOLD

C:\WINNT\yuqql.exe
C:\WINNT\yhcdcxkj.exe
C:\WINNT\lmkcfwtq.exe

Restart your computer, Post back a fresh log please

Also what do you have disabled through msconfig
  • 0

#5
bootlegger
Posted 17 June 2007 - 09:29 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I removed the files with HJT, went into safe mode... and I searched and searched and I cannot find those files.

Im using wintasks to manage processes, and on my block list are: acrotray.exe, nmbgmonitor.exe, hpwuschd2.exe, googletoolbarnotifier.exe, bgsvcgen.exe, winbo32.exe, hpqste08.exe.

Disabled in msconfig are googletoolbarnotifer.exe, and hp digital imaging.

Logfile of HijackThis v1.99.1
Scan saved at 11:24:20 PM, on 06/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
F2 - REG:system.ini: Shell=
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\temp\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\temp\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\temp\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\temp\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.taxslayer.com
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107223271397
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173542381562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PictureTaker - Unknown owner - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe



there is also a strange item in my msconfig startup. It is completely blank, both under the 'startup item' and 'command' heading.
  • 0

#6
don77
Posted 18 June 2007 - 05:21 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please enable everything you have disabled in msconfig there is some malware hiding we need to get rid of

Prior to doing that
Download ComboFix from Here or Here to your Desktop.
  • Restore all start up entries diabled in msconfig, after reboot continue with combofix




  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
bootlegger
Posted 18 June 2007 - 09:16 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I also reran Bazooka scan and it still revealed pacerd.bundle










ComboFix 07-06-13.7 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-18 22:54:34 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\quick links
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\cursor.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\setup.xml
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\stopper.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\timer.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\timericon.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\tm.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\assets\warning.png
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\error.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\game.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\options.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\pause.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\start.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\style.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\strings.xml
C:\WINNT\DOWNLO~1.\TriJinx.1.0.0.67\TriJinx.exe


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-18 22:49 49,152 --a------ C:\WINNT\nircmd.exe
2007-06-10 21:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TMPGEncDVDAuthor3
2007-06-10 21:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pegasys Inc
2007-06-10 21:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Pegasys Inc
2007-06-10 21:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Pegasys Inc
2007-06-10 21:42 53,248 --a------ C:\WINNT\system32\GenSvcInst.exe
2007-06-10 21:42 33,408 --a------ C:\WINNT\system32\drivers\CDRBSDRV.SYS
2007-06-10 21:42 118,784 --a------ C:\WINNT\system32\bgsvcgen.exe
2007-06-10 21:41 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-06-10 15:13 <DIR> d-------- C:\Program Files\LD-Anime
2007-06-05 22:42 217,127 --a------ C:\WINNT\system32\drv43260.dll
2007-06-05 22:42 208,935 --a------ C:\WINNT\system32\drv33260.dll
2007-06-05 22:42 176,165 --a------ C:\WINNT\system32\drv23260.dll
2007-06-04 23:19 <DIR> d-------- C:\Program Files\LIUtilities
2007-06-04 17:09 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
2007-06-03 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-30 21:51 75,512 --a------ C:\WINNT\zllsputility.exe
2007-05-30 21:51 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-05-30 21:51 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-05-30 21:50 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-05-30 21:50 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-05-30 21:49 <DIR> d-------- C:\WINNT\Internet Logs
2007-05-30 19:00 47,360 --a------ C:\WINNT\system32\drivers\pcouffin.sys
2007-05-30 18:52 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-05-30 17:44 <DIR> d-------- C:\Program Files\FreeFixer
2007-05-30 13:10 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-05-30 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-30 09:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-30 09:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-30 09:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 23:22 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.S00\NTUSER.DAT
2007-05-29 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.S00\APPLIC~1\Symantec
2007-05-29 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.S00\APPLIC~1\InterTrust
2007-05-29 22:28 14,848 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2007-05-29 21:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlySoft
2007-05-26 19:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AVG7(2)
2007-05-26 19:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2007-05-24 15:27 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-05-24 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7(2)
2007-05-24 13:48 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-05-24 13:45 <DIR> d-------- C:\Program Files\Abexo
2007-05-22 23:16 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
2007-05-20 13:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-20 13:50 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-20 12:17 8,388,608 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-05-20 12:17 241,664 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-05-20 12:13 21,504 --a------ C:\WINNT\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 02:43:53 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-06-19 02:35:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-06-18 16:19:54 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\CopyToDvd
2007-06-11 19:52:50 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Image Zone Express
2007-06-06 02:41:58 -------- d-----w C:\Program Files\vso
2007-05-31 01:41:08 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-31 01:41:08 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-30 17:03:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-05-30 02:45:06 -------- d-----w C:\Program Files\ShufflePlay2
2007-05-22 07:01:31 0 ----a-w C:\WINNT\system32\ATHPRXY(2).DLL
2007-05-21 02:30:33 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\RipIt4Me
2007-05-06 18:11:25 76,312 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-03-27 07:55:57 524,288 ----a-w C:\WINNT\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINNT\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINNT\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINNT\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINNT\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINNT\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINNT\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINNT\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINNT\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINNT\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINNT\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINNT\system32\DivX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\winnt\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 15:50 C:\WINNT\system32\SK9910DM.EXE]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"PROMon.exe"="PROMon.exe" [2002-04-18 19:32 C:\WINNT\system32\PROMon.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-01 08:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"nwiz"="nwiz.exe" [2006-12-02 09:44 C:\WINNT\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 14:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{230b9b85-ce83-11db-92b4-000e3b081248}]
AutoRun\command- G:\start.exe

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC
*Newly Created Service* - SYMTDI

Contents of the 'Scheduled Tasks' folder
2007-06-17 00:09:00 C:\WINNT\tasks\AppleSoftwareUpdate.job
2007-06-18 07:00:00 C:\WINNT\tasks\SpywareBot Scheduled Scan.job
2004-06-07 19:53:28 C:\WINNT\tasks\Symantec NetDetect.job
2007-06-18 16:06:00 C:\WINNT\tasks\WebReg Deskjet F300 series.job
2007-06-18 11:24:44 C:\WINNT\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 23:03:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 23:06:18
C:\ComboFix-quarantined-files.txt ... 2007-06-18 23:05

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 11:10:45 PM, on 06/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.taxslayer.com
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107223271397
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173542381562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PictureTaker - Unknown owner - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


  • 0

#8
don77
Posted 20 June 2007 - 05:57 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looking better

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#9
bootlegger
Posted 22 June 2007 - 08:51 AM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Adware:adware/exact.bargainbuddy Not disinfected c:\winnt\msxct1.ini
Adware:adware/dealhelper Not disinfected
:\winnt\system32Newmsrdk
Adware:adware/dyfuca Not disinfected
WindowsRegistry
Adware:adware/powerscan Not disinfected
WindowsRegistry
Adware:adware/ist.sidefind Not disinfected
WindowsRegistry
Adware:adware/sqwire Not disinfected
WindowsRegistry
Potentially unwanted tool:application/myway Not disinfected hkey_current_user\software\netscape\netscape navigator\automation shutdown\MyWayToolBar.NetscapeShutdown.1
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected
C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]
Virus:Generic Trojan Disinfected
C:\Program Files\LIUtilities\WinTasks\patch.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected
C:\WINNT\system32\Process.exe


Edited by bootlegger, 22 June 2007 - 08:56 AM.

  • 0

#10
don77
Posted 23 June 2007 - 11:55 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


It found a bunch of orphaned reg entries that will do you no harm other wise how is the machine running now ?
  • 0

Advertisements

#11
bootlegger
Posted 23 June 2007 - 01:46 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The machine is running remarkably well. The system idle process stays in the 90's now. However, when I open internet explorer, I constantly get the 'cannot display webpage' screen. If I click reload several times, my homepage will load, but after that it's hit-or-miss. The odd thing is, utorrent, and programs that connect to the internet outside of IE continue to work fine... any thoughts?
  • 0

#12
don77
Posted 23 June 2007 - 09:08 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

The system idle process stays in the 90's now


Thats a bit too high still
Could you resan with Combofix please and post back the log
  • 0

#13
bootlegger
Posted 24 June 2007 - 01:57 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
at the time of this writing the 'system idle is 95-97 percent, with explorer.exe fluctuating between 2-4% and occasionally vsmon.exe pops up for 2-4 percent. My computer does seem to boot slower now, but that isn't really a big deal.



ComboFix 07-06-13.7 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-24 15:45:15 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-18 22:49 49,152 --a------ C:\WINNT\nircmd.exe
2007-06-10 21:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TMPGEncDVDAuthor3
2007-06-10 21:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pegasys Inc
2007-06-10 21:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Pegasys Inc
2007-06-10 21:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Pegasys Inc
2007-06-10 21:42 53,248 --a------ C:\WINNT\system32\GenSvcInst.exe
2007-06-10 21:42 33,408 --a------ C:\WINNT\system32\drivers\CDRBSDRV.SYS
2007-06-10 21:42 118,784 --a------ C:\WINNT\system32\bgsvcgen.exe
2007-06-10 21:41 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-06-10 15:13 <DIR> d-------- C:\Program Files\LD-Anime
2007-06-05 22:42 217,127 --a------ C:\WINNT\system32\drv43260.dll
2007-06-05 22:42 208,935 --a------ C:\WINNT\system32\drv33260.dll
2007-06-05 22:42 176,165 --a------ C:\WINNT\system32\drv23260.dll
2007-06-04 23:19 <DIR> d-------- C:\Program Files\LIUtilities
2007-06-04 17:09 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
2007-06-03 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-30 21:51 75,512 --a------ C:\WINNT\zllsputility.exe
2007-05-30 21:51 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-05-30 21:51 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-05-30 21:50 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-05-30 21:50 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-05-30 21:49 <DIR> d-------- C:\WINNT\Internet Logs
2007-05-30 19:00 47,360 --a------ C:\WINNT\system32\drivers\pcouffin.sys
2007-05-30 18:52 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-05-30 17:44 <DIR> d-------- C:\Program Files\FreeFixer
2007-05-30 13:10 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-05-30 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-30 09:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-30 09:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-30 09:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 23:22 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.S00\NTUSER.DAT
2007-05-29 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.S00\APPLIC~1\Symantec
2007-05-29 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.S00\APPLIC~1\InterTrust
2007-05-29 22:28 14,848 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2007-05-29 21:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlySoft
2007-05-26 19:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AVG7(2)
2007-05-26 19:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2007-05-24 15:27 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-05-24 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7(2)
2007-05-24 13:48 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-05-24 13:45 <DIR> d-------- C:\Program Files\Abexo


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 03:43:51 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-06-21 20:49:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-06-18 16:19:54 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\CopyToDvd
2007-06-11 19:52:50 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Image Zone Express
2007-06-06 02:41:58 -------- d-----w C:\Program Files\vso
2007-05-31 01:41:08 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-31 01:41:08 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-30 17:03:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-05-30 02:48:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
2007-05-30 02:45:06 -------- d-----w C:\Program Files\ShufflePlay2
2007-05-22 07:01:31 0 ----a-w C:\WINNT\system32\ATHPRXY(2).DLL
2007-05-21 02:30:33 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\RipIt4Me
2007-05-06 18:11:25 76,312 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-03-27 07:55:57 524,288 ----a-w C:\WINNT\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINNT\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINNT\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINNT\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINNT\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINNT\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINNT\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINNT\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINNT\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINNT\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINNT\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINNT\system32\DivX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\winnt\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 15:50 C:\WINNT\system32\SK9910DM.EXE]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"PROMon.exe"="PROMon.exe" [2002-04-18 19:32 C:\WINNT\system32\PROMon.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-01 08:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"nwiz"="nwiz.exe" [2006-12-02 09:44 C:\WINNT\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINNT\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{230b9b85-ce83-11db-92b4-000e3b081248}]
AutoRun\command- G:\start.exe

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC
*Newly Created Service* - SYMTDI

Contents of the 'Scheduled Tasks' folder
2007-06-24 00:09:02 C:\WINNT\tasks\AppleSoftwareUpdate.job
2007-06-24 07:00:00 C:\WINNT\tasks\SpywareBot Scheduled Scan.job
2004-06-07 19:53:28 C:\WINNT\tasks\Symantec NetDetect.job
2007-06-24 16:06:00 C:\WINNT\tasks\WebReg Deskjet F300 series.job
2007-06-22 14:42:38 C:\WINNT\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 15:48:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 15:49:30
C:\ComboFix-quarantined-files.txt ... 2007-06-24 15:49
C:\ComboFix2.txt ... 2007-06-18 23:06

--- E O F ---


  • 0

#14
don77
Posted 24 June 2007 - 02:09 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Opps my bad I thought you meant CPU usage

You dont really have a lot running on start up,,

Still having iusses with IE ?
  • 0

#15
bootlegger
Posted 24 June 2007 - 08:51 PM

bootlegger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
yes, still having the same issue.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP