Jump to content

einzerox

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral

About einzerox

  • Birthday 08/11/1989

Profile Information

  • Location
    Green Bay, Wisconsin
  1. Hi My computer yesterday started acting weird. I was going to change my Desktop wallpaper and I couldn't. All the options are available but When i click the wallpaper that I one and then Apply nothing happens. Also today all of a sudden folder won't open when I double-clicked it. I also updated Malwarebytes and ran it and it did not detect any malicious file. I hope to get a good idea to fix my problem. Thanks..
  2. I dont see any saign of infection. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-08 06:49:01 Windows 5.1.2600 Service Pack 2 ---- Devices - GMER 1.0.14 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.14 ----
  3. Malwarebytes' Anti-Malware 1.32 Database version: 1629 Windows 5.1.2600 Service Pack 2 1/7/2009 6:20:30 PM mbam-log-2009-01-07 (18-20-30).txt Scan type: Quick Scan Objects scanned: 58250 Time elapsed: 8 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:41:57 PM, on 1/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TweakMASTER\TMTray.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WebcamMax\wcmmon.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TweakMASTER] "C:\Program Files\TweakMASTER\TMTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 9997 bytes
  4. There is no such a line in my system.ini this is what is there.' ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=dosapp.FON EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON Ok i fix what you told me. Well right now is working just fine. Thank you..If I keep having issues I will post a new thread. Thanks for you.
  5. Malwarebytes' Anti-Malware 1.32 Database version: 1620 Windows 5.1.2600 Service Pack 2 1/5/2009 6:08:53 PM mbam-log-2009-01-05 (18-08-53).txt Scan type: Quick Scan Objects scanned: 57269 Time elapsed: 6 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:13:03 PM, on 1/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TweakMASTER\TMTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WebcamMax\wcmmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TweakMASTER] "C:\Program Files\TweakMASTER\TMTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 10104 bytes
  6. I recently posted my issues in this forums and the person helping me told me to post the logs here. Malwarebytes' Anti-Malware 1.31 Database version: 1606 Windows 5.1.2600 Service Pack 2 1/3/2009 10:01:56 PM mbam-log-2009-01-03 (22-01-56).txt Scan type: Quick Scan Objects scanned: 87718 Time elapsed: 41 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:46 PM, on 1/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Program Files\TweakMASTER\TMTray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TweakMASTER] "C:\Program Files\TweakMASTER\TMTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Documents and Settings\Einer\Local Settings\Temp\nro.tmp\" O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O20 - AppInit_DLLs: wbsys.dll,C:\program files\relevantknowledge\rlai.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 10249 bytes
  7. OK i got it. Hey but i can't upload the file because its too big 180k SysInspector_EINZEROX_090103_1551.zip SysInspector_EINZEROX_090103_1551.zip
  8. Where in the program I have to click to save the log ?
  9. When I open any folder explorer.exe crashes. So toolbar diappears for a 1 a appears again. How Can I fix this since I already disable DEP that was bothering too.
  10. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-09-10 15:04:42 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spdn.sys ZwEnumerateKey [0xF74F7CA2] SSDT spdn.sys ZwEnumerateValueKey [0xF74F8030] ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A7C61F8 Device \FileSystem\Fastfat \Fat 8A533500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.14 ----
  11. Well I still have the same problem like in 10 minutes explorer.exe crashes twice. Thanks Jean I hope you get better soon. I'll cooperate dont worry.
  12. ComboFix 08-09-05.03 - Einzerox 2008-09-07 12:24:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1434 [GMT -5:00] Running from: C:\Documents and Settings\Einzerox\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\rqnawger.ini . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 11:45 . 2008-09-07 11:45 <DIR> d--hs---- C:\found.000 2008-09-04 15:21 . 2008-09-04 15:21 <DIR> d-------- C:\Program Files\Smilebox 2008-09-04 15:20 . 2008-09-04 15:29 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Smilebox 2008-08-31 21:52 . 2008-04-13 19:12 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-08-31 21:52 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-08-31 21:52 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-08-31 21:52 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-08-31 21:52 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-08-31 21:52 . 2008-04-13 19:12 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-08-31 21:52 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-08-31 21:52 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-08-31 21:52 . 2008-04-13 19:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2008-08-31 21:52 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-08-31 21:50 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-08-31 21:49 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-08-31 21:48 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-08-31 21:47 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll 2008-08-31 21:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-08-31 21:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-08-31 21:44 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-08-31 21:43 . 2008-04-13 19:10 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-08-31 21:42 . 2008-04-13 13:31 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-08-31 21:41 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys 2008-08-31 21:40 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-08-31 21:39 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-08-31 21:38 . 2008-04-13 19:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2008-08-31 21:37 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-08-31 21:36 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2008-08-31 21:35 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-08-31 21:34 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2008-08-31 21:33 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-08-31 12:48 . 2008-08-31 12:53 <DIR> d-------- C:\I386 2008-08-30 12:30 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-08-30 12:29 . 2008-04-13 14:27 2,188,928 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-08-29 13:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-29 13:19 . 2008-08-29 13:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-08-28 17:33 . 2008-08-28 17:34 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Picaboo 2008-08-28 17:14 . 2008-08-28 17:33 <DIR> d-------- C:\Program Files\Picaboo 2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d-------- C:\Program Files\Uniblue 2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Uniblue 2008-08-28 12:29 . 2008-08-28 12:29 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-08-28 12:12 . 2008-08-28 12:21 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\ErrorSmart 2008-08-27 10:45 . 2008-08-27 10:45 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Nero 2008-08-27 10:41 . 2008-08-27 10:43 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-26 12:37 . 2008-08-26 12:37 <DIR> d-------- C:\Program Files\7-Zip 2008-08-25 14:39 . 2008-08-25 14:39 <DIR> d-------- C:\Program Files\PixiePack Codec Pack 2008-08-25 14:13 . 2008-08-25 14:13 <DIR> d-------- C:\Program Files\RapidSolution 2008-08-25 14:13 . 2008-08-25 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-08-24 18:31 . 2008-08-24 18:31 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\Launchy 2008-08-20 15:27 . 2007-03-12 23:34 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-20 15:27 . 2007-03-12 23:34 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-20 15:27 . 2007-03-12 23:34 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-15 11:58 . 2008-08-31 12:43 <DIR> d-------- C:\Music for Cell phone 2008-08-15 11:43 . 2008-08-15 11:46 320,860 --a------ C:\amt1 2008-08-15 11:42 . 2008-08-15 11:42 <DIR> d-------- C:\Program Files\AnMing 2008-08-15 11:42 . 2004-08-04 20:46 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe 2008-08-15 11:42 . 2005-10-21 20:20 278,528 --a------ C:\WINDOWS\system32\ammpp.dll 2008-08-15 11:42 . 2005-10-18 11:14 144,896 --a------ C:\WINDOWS\system32\lame_dshow.ax 2008-08-15 11:42 . 2005-10-26 13:12 70,144 --a------ C:\WINDOWS\system32\AudioFileConvert.ocx 2008-08-15 11:42 . 2005-07-13 15:13 65,536 --a------ C:\WINDOWS\system32\a1.dll 2008-08-15 11:42 . 2005-09-18 13:17 61,440 --a------ C:\WINDOWS\system32\anming.ocx 2008-08-15 11:42 . 2005-10-26 13:12 3,772 --a------ C:\WINDOWS\system32\AudioFileConvert.tlb 2008-08-15 11:42 . 2008-08-31 12:37 552 --a------ C:\WINDOWS\MP3trtg.ini 2008-08-14 22:40 . 2008-08-14 22:40 <DIR> d-------- C:\Program Files\mTC 2008-08-14 20:47 . 2008-08-14 20:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-08-14 20:46 . 2008-08-14 20:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-14 20:39 . 2008-08-14 20:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-14 20:39 . 2008-08-14 20:39 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-08-14 20:39 . 2008-08-14 20:39 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-08-14 19:00 . 2008-08-14 19:00 <DIR> d-------- C:\Program Files\Avanquest update 2008-08-14 19:00 . 2008-08-14 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-08-14 18:59 . 2008-08-14 20:35 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-08-14 18:59 . 2008-08-14 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-14 18:20 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-14 18:20 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-13 12:49 . 2008-08-13 12:49 <DIR> d-------- C:\Documents and Settings\Einzerox\System 2008-08-13 12:49 . 2008-08-13 12:55 <DIR> d-------- C:\Documents and Settings\Einzerox\Application Data\SmartDraw 2008-08-13 12:44 . 2008-08-27 11:00 <DIR> d-------- C:\Program Files\SmartDraw 2008 2008-08-08 14:29 . 2008-08-08 14:29 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-08 14:28 . 2008-08-08 14:28 <DIR> d-------- C:\Program Files\iTunes 2008-08-08 14:28 . 2008-08-08 14:28 <DIR> d-------- C:\Program Files\iPod 2008-08-08 14:25 . 2008-08-30 13:55 90,104 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-08-08 14:18 . 2008-08-08 14:18 <DIR> d-------- C:\Program Files\Safari . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-04 00:47 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-02 05:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-02 05:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-29 18:54 --------- d-----w C:\Program Files\Panda Security 2008-08-29 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-29 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-28 17:25 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-08-28 16:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-27 23:39 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Apple Computer 2008-08-27 15:55 --------- d-----w C:\Program Files\RivaTuner v2.09 2008-08-27 15:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-27 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-27 15:41 --------- d-----w C:\Program Files\Nero 2008-08-27 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-08-27 14:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-27 14:34 --------- d-----w C:\Program Files\SpywareBlaster 2008-08-25 19:14 --------- d-----w C:\Program Files\Winamp 2008-08-19 17:41 --------- d-----w C:\Program Files\Yahoo! 2008-08-19 08:00 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-15 00:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-08 02:06 --------- d-----w C:\Program Files\CrossLoop 2008-08-04 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-02 12:42 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\mjusbsp 2008-07-30 22:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 22:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 22:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-29 20:15 --------- d-----w C:\Program Files\Musicnotes 2008-07-29 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes 2008-07-27 05:03 --------- d-----w C:\Program Files\EA Sports 2008-07-26 18:49 --------- d-----w C:\Program Files\ImTOO 2008-07-26 03:24 --------- d-----w C:\Program Files\Learning Essentials 2008-07-26 03:02 --------- d-----w C:\Program Files\PicLensIE 2008-07-26 02:52 --------- d-----w C:\Program Files\MSECache 2008-07-26 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-24 16:27 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\DivX 2008-07-24 16:17 --------- d-----w C:\Program Files\proDAD 2008-07-24 16:17 --------- d-----w C:\Program Files\LooksBuilderSE 2008-07-24 16:17 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\proDAD 2008-07-24 16:16 --------- d-----w C:\Program Files\Boris FX, Inc 2008-07-24 16:15 --------- d-----w C:\Program Files\Pinnacle 2008-07-24 16:13 --------- d-----w C:\Program Files\Common Files\Pinnacle 2008-07-24 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate 2008-07-24 16:01 --------- d-----w C:\Program Files\Common Files\Yahoo! 2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Studio 12 2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus 2008-07-24 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-07-23 20:38 --------- d-----w C:\Program Files\Alcohol Soft 2008-07-23 20:24 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-22 20:04 --------- d-----w C:\Program Files\CamStudio 2008-07-22 17:59 --------- d-----w C:\Program Files\MagniGlass 2008-07-21 20:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-20 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo 2008-07-19 05:02 --------- d-----w C:\Program Files\TechSmith 2008-07-18 19:19 --------- d-----w C:\Program Files\ViStart 2008-07-18 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith 2008-07-18 16:48 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\TuneUp Software 2008-07-18 16:44 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-07-16 19:41 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\MiniDm 2008-07-16 16:50 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\iolo 2008-07-14 15:01 --------- d-----w C:\Program Files\WebcamMax 2008-07-13 23:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo 2008-07-13 21:08 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Yahoo! 2008-07-13 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-07-12 00:44 --------- d-----w C:\Program Files\Free iPod Video Converter 2008-07-12 00:42 --------- d-----w C:\Program Files\Red Kawa 2008-07-12 00:42 --------- d-----w C:\Program Files\AviSynth 2.5 2008-07-12 00:37 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Media Player Classic 2008-07-11 18:39 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\ViStart 2008-07-10 21:03 --------- d-----w C:\Program Files\RogueRemover FREE 2008-07-10 14:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 23:15 --------- d-----w C:\Program Files\Winflip 2008-07-08 20:47 64,643 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-07-08 20:47 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-07-08 20:35 --------- d-----w C:\Program Files\Java 2008-07-08 20:33 --------- d-----w C:\Program Files\Common Files\Java 2008-07-08 17:21 --------- d-----w C:\Program Files\AlienGUIse 2008-07-08 17:12 --------- d-----w C:\Program Files\TrueTransparency 2008-07-07 23:03 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\Move Networks 2008-07-07 23:01 --------- d-----w C:\Program Files\BillP Studios 2008-07-07 23:01 --------- d-----w C:\Documents and Settings\Einzerox\Application Data\WinPatrol 2008-07-07 22:49 --------- d-----w C:\Program Files\FireTrust 2008-07-05 19:18 197 --sha-w C:\Program Files\Common Files\maxtreme.dat 2008-06-24 21:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-23 06:44 20 ----a-w C:\sccfg.sys 2008-06-16 05:37 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-02-13 00:10 2,682,880 ------w C:\Documents and Settings\All Users\VCREDI~3.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856] "cdloader"="C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 50520] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "Uniblue RegistryBooster 2009"="C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-22 2018584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-18 8523776] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-16 185896] C:\Documents and Settings\Einzerox\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-16 3450608] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "vidc.mjpg"= pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk] backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinFlip.exe] backup=C:\WINDOWS\pss\WinFlip.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Einzerox^Start Menu^Programs^Startup^Desktoptopia.lnk] backup=C:\WINDOWS\pss\Desktoptopia.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Einzerox^Start Menu^Programs^Startup^Picaboo.lnk] backup=C:\WINDOWS\pss\Picaboo.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wakoopa [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-18 13:37 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-09-28 20:09 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-11-18 00:12 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2008-01-15 13:31 106496 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] --a------ 2008-02-07 01:49 718704 C:\Program Files\Norton Internet Security\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --a------ 2008-02-20 13:22 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-06-24 12:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-06-16 12:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009] --a------ 2008-08-22 10:30 2018584 C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TapiSrv"=3 (0x3) "lanmanserver"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AresChatServer"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "C:\\Documents and Settings\\Einzerox\\Application Data\\mjusbsp\\magicJack.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-08 941784] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352] R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-03-13 36640] R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-03-13 114688] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-14 13352] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59a9a9a1-43d1-11dd-bc31-001ec92f54f3}] \Shell\AutoRun\command - H:\autorun.exe \Shell\phone\command - H:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59a9a9a2-43d1-11dd-bc31-001ec92f54f3}] \Shell\AutoRun\command - I:\magicJack\autorun.exe \Shell\phone\command - I:\magicJack\autorun.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) MSConfigStartUp-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe MSConfigStartUp-PWRISOVM - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Einzerox\Application Data\Mozilla\Firefox\Profiles\m38gfatj.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll FF -: plugin - C:\Program Files\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_VR_OgloPlugin.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . . ------- File Associations (Beta) ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 12:34:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Completion time: 2008-09-07 12:41:00 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-07 17:40:46 Pre-Run: 179,025,551,360 bytes free Post-Run: 179,169,808,384 bytes free 379 --- E O F --- 2008-08-29 08:12:22 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:09 PM, on 9/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- End of file - 11219 bytes
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:18:13 PM, on 9/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Einer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 102.54.94.97 rhino.acme.com # source server O1 - Hosts: 38.25.63.10 x.acme.com # x client host O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Einzerox\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user') O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- End of file - 13284 bytes Well explorer.exe crashes sometimes for no reason. I never had that problem before.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.