Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

am I clean ? [RESOLVED]


  • This topic is locked This topic is locked

#1
hoopdawg

hoopdawg

    Member

  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:30 AM, on 8/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxce_device - - C:\Windows\system32\lxcecoms.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6076 bytes

unistall log .. sorry forgot it at first


Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
a-squared Free 3.5
ATI Parental Control & Encoder
AutoHotkey 1.0.47.06
Banctec Service Agreement
Battlefield 2™
CleanUp!
Conexant D850 PCI V.92 Modem
Dell System Customization Wizard
DellSupport
Delta Force - Black Hawk Down
DFBHDPinger v5.0
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Games, Music, & Photos Launcher
Google Earth
Google Updater
HijackThis 2.0.2
Intel® Matrix Storage Manager
Intel® Viiv™ Software
IrfanView (remove only)
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Lexmark 4300 Series
LimeWire 4.18.3
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MySpaceIM
NetWaiting
NVIDIA Drivers
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ShocknAwe
SigmaTel Audio
Sonic Activation Module
Trojan Killer
TVT7Diag
URL Assistant
User's Guides
Ventrilo Client
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

Edited by hoopdawg, 14 August 2008 - 03:15 AM.

  • 0

Advertisements


#2
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
will stay here now I have replies

Edited by hoopdawg, 17 August 2008 - 06:04 PM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, what problems if any are you experiencing ?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
when I tried to download the above link I get this pop up window

Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.

08/17/2008

Your Geeks to Go admin team


I am just starting to notice comp running a little slower than normal and was just wondering if log has any issue that need to be addressed
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes DSS is being targeted so while it is being adjusted

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#6
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-08-17.03 - LuckyDog 2008-08-18 5:42:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1209 [GMT -4:00]
Running from: C:\Users\LuckyDog\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\LuckyDog\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B3N39KTS\interclick.com
C:\Users\LuckyDog\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B3N39KTS\interclick.com\ud.sol
C:\Users\LuckyDog\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\LuckyDog\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\LuckyDog\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\LuckyDog\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-14 04:50 . 2008-08-14 04:50 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Download Manager
2008-08-14 04:43 . 2008-08-14 04:44 <DIR> d-------- C:\Program Files\Trojan Killer
2008-08-14 04:41 . 2008-08-14 04:41 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Simply Super Software
2008-08-14 04:41 . 2008-08-14 04:41 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-08-14 04:41 . 2008-08-14 04:41 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-08-14 04:41 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-08-14 04:41 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\unrar3.dll
2008-08-14 04:41 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-08-14 04:41 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-08-14 04:41 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-08-14 03:02 . 2008-07-15 19:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:40 . 2008-06-18 23:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:40 . 2008-06-18 23:25 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-13 20:40 . 2008-04-19 04:13 268,800 --a------ C:\Windows\System32\es.dll
2008-08-13 20:40 . 2008-06-18 23:25 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-13 20:40 . 2008-06-18 23:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-13 20:38 . 2008-04-10 01:01 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 20:38 . 2008-04-09 22:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-13 12:52 . 2008-08-13 12:56 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Roxio
2008-08-13 12:32 . 2008-08-13 12:32 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-13 07:07 . 2008-08-13 07:09 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-13 06:17 . 2008-08-13 06:55 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-10 15:17 . 2008-08-10 15:17 <DIR> dr------- C:\Users\Mcx1\Searches
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-08-10 15:09 . 2008-08-02 07:03 <DIR> d-------- C:\Users\Mcx1\Roaming
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-08-10 15:09 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-08-10 15:09 . 2008-08-10 15:09 <DIR> dr------- C:\Users\Mcx1\Documents
2008-08-10 15:09 . 2008-08-10 15:09 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-08-10 15:09 . 2008-08-10 15:17 <DIR> d-------- C:\Users\Mcx1
2008-08-09 09:48 . 2008-08-09 09:48 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Template
2008-08-09 09:48 . 2008-08-09 09:48 0 --a------ C:\Users\LuckyDog\AppData\Roaming\wklnhst.dat
2008-08-08 06:01 . 2008-08-08 06:01 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Snapfish
2008-08-08 01:08 . 2008-08-08 10:33 <DIR> d-------- C:\Windows\System32\quicktime
2008-08-08 01:05 . 2008-08-08 01:50 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\DivX
2008-08-08 01:05 . 2008-08-08 01:05 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-08-07 23:36 . 2008-08-17 01:50 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\LimeWire
2008-08-07 23:36 . 2008-08-10 15:42 <DIR> d-------- C:\Program Files\LimeWire
2008-08-07 19:33 . 2008-08-07 19:33 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\IrfanView
2008-08-07 19:33 . 2008-08-07 19:33 <DIR> d-------- C:\Program Files\IrfanView
2008-08-06 20:40 . 2008-08-06 20:40 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Malwarebytes
2008-08-06 20:39 . 2008-08-06 20:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-06 20:39 . 2008-08-06 20:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-06 20:39 . 2008-08-14 04:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 20:39 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-06 20:39 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-06 20:30 . 2008-08-06 20:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-06 18:37 . 2008-08-06 18:37 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-06 07:39 . 2008-08-06 07:39 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\TrojanHunter
2008-08-06 07:36 . 2008-08-06 07:39 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 06:39 . 2008-08-17 18:39 <DIR> d-------- C:\Users\All Users\Google Updater
2008-08-06 06:39 . 2008-08-17 18:39 <DIR> d-------- C:\ProgramData\Google Updater
2008-08-06 06:29 . 2008-08-06 06:29 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-06 06:28 . 2008-08-06 06:28 <DIR> d-------- C:\Users\All Users\Adobe
2008-08-06 06:28 . 2008-08-06 06:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-05 06:10 . 2008-08-09 15:44 <DIR> d-------- C:\Program Files\Lx_cats
2008-08-05 06:08 . 2008-08-05 06:08 <DIR> d-------- C:\Program Files\Lexmark 4300 Series
2008-08-04 17:26 . 2008-08-06 06:32 <DIR> d-------- C:\Users\All Users\NOS
2008-08-04 17:26 . 2008-08-06 06:32 <DIR> d-------- C:\ProgramData\NOS
2008-08-04 17:26 . 2008-08-06 06:32 <DIR> d-------- C:\Program Files\NOS
2008-08-03 22:19 . 2008-08-03 22:20 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Ventrilo
2008-08-03 22:14 . 2008-08-03 22:14 <DIR> d-------- C:\Program Files\Ventrilo
2008-08-03 22:14 . 2008-08-03 22:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 07:27 . 2008-08-03 07:27 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-08-03 07:27 . 2008-08-03 07:27 <DIR> d-------- C:\ProgramData\Yahoo!
2008-08-03 02:48 . 2008-08-08 12:52 189 --a------ C:\Windows\BF2HitRegTweaker.ini
2008-08-03 02:47 . 2008-08-03 02:47 <DIR> d-------- C:\Program Files\AutoHotkey
2008-08-02 08:27 . 2008-08-02 08:27 <DIR> d-------- C:\Windows\Sun
2008-08-02 08:27 . 2008-08-08 01:40 <DIR> d-------- C:\Program Files\DivX
2008-08-02 07:32 . 2008-08-08 11:27 137,840 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-02 07:31 . 2008-08-08 11:26 111,928 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-02 07:31 . 2008-08-02 07:31 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-02 07:19 . 2008-08-02 07:19 <DIR> d-------- C:\Program Files\CleanUp!
2008-08-02 07:03 . 2008-08-02 07:03 <DIR> d-------- C:\Users\LuckyDog\Roaming
2008-08-02 07:03 . 2008-08-02 07:03 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\MySpace
2008-08-02 07:03 . 2008-08-02 07:03 <DIR> d-------- C:\Users\IUSR_NMPR\Roaming
2008-08-02 07:03 . 2008-08-02 07:03 <DIR> d-------- C:\Users\Default\Roaming
2008-08-02 07:03 . 2008-08-02 07:03 <DIR> d-------- C:\Program Files\MySpace
2008-08-02 06:56 . 2008-08-02 06:56 9,407 --a------ C:\Windows\System32\pbgame.htm
2008-08-02 06:56 . 2008-08-02 06:56 55 --a------ C:\Windows\System32\pbuser.htm
2008-08-02 06:48 . 2008-08-02 06:48 <DIR> d-------- C:\Program Files\DFPinger
2008-08-01 22:08 . 2008-08-01 22:08 95,727 --a------ C:\Windows\ShocknAwe Uninstaller.exe
2008-08-01 21:33 . 2008-08-01 21:33 <DIR> d-------- C:\Windows\PCHEALTH
2008-08-01 21:30 . 2008-08-01 21:30 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-08-01 21:30 . 2008-08-01 21:30 <DIR> d-------- C:\ProgramData\WLInstaller
2008-08-01 21:30 . 2008-08-01 21:33 <DIR> d-------- C:\Program Files\Windows Live
2008-08-01 21:30 . 2008-08-01 21:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 21:17 . 2008-08-01 21:18 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-08-01 21:16 . 2008-08-01 21:16 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-01 21:16 . 2008-08-01 21:16 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-08-01 21:15 . 2008-08-01 21:15 <DIR> d-------- C:\Users\LuckyDog\AppData\Roaming\Leadertech
2008-08-01 21:11 . 2008-08-01 21:11 <DIR> d-------- C:\Program Files\NovaLogic
2008-08-01 20:42 . 2008-08-03 03:37 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-25 04:36 . 2008-07-25 04:36 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-07-25 04:36 . 2008-07-25 04:36 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-07-23 12:50 . 2008-07-23 12:50 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-07-23 12:48 . 2008-07-23 12:48 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-07-23 12:48 . 2008-07-23 12:48 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-07-23 12:47 . 2008-07-23 12:47 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-07-23 12:47 . 2008-07-23 12:47 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-07-23 12:46 . 2008-07-23 12:46 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
2008-07-22 17:17 . 2008-07-23 08:46 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-07-22 17:17 . 2008-07-23 08:46 <DIR> d-------- C:\ProgramData\NVIDIA
2008-07-22 16:46 . 2008-07-22 16:46 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-07-22 16:46 . 2008-07-22 16:46 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-07-22 16:46 . 2008-07-22 16:46 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-07-22 16:44 . 2008-07-22 16:44 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-07-22 16:44 . 2008-07-22 16:44 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-07-22 16:43 . 2008-07-22 16:43 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-07-22 16:43 . 2008-07-22 16:43 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-07-22 16:38 . 2008-07-22 16:38 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-07-22 16:38 . 2008-07-22 16:38 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-07-22 16:38 . 2008-07-22 16:38 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-07-22 16:37 . 2008-07-22 16:37 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-07-22 16:37 . 2008-07-22 16:37 414,208 --a------ C:\Windows\System32\msscp.dll
2008-07-22 16:37 . 2008-07-22 16:37 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-07-22 16:37 . 2008-07-22 16:37 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-07-22 16:37 . 2008-07-22 16:37 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-07-22 16:37 . 2008-07-22 16:37 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-07-22 16:36 . 2008-07-22 16:36 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-07-22 16:36 . 2008-07-22 16:36 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-07-22 16:36 . 2008-07-22 16:36 178,688 --a------ C:\Windows\System32\iphlpsvc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 07:00 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 16:33 --------- d-----w C:\Program Files\Java
2008-08-13 16:32 --------- d-----w C:\Program Files\Google
2008-08-03 07:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-07-22 21:16 174 --sha-w C:\Program Files\desktop.ini
2008-07-22 21:12 --------- d-----w C:\Program Files\Windows Defender
2008-07-22 21:12 --------- d-----w C:\Program Files\Windows Calendar
2008-07-22 21:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-22 20:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-22 20:45 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-22 20:45 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-22 20:45 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-22 20:45 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-22 20:45 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-07-22 20:45 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-22 20:45 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-07-22 20:45 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-22 20:45 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-22 20:30 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-07-22 20:28 944,184 ----a-w C:\Windows\System32\winload.exe
2008-07-22 20:23 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-07-22 20:21 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-22 20:21 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Templates
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Start Menu
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Favorites
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Documents
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Desktop
2008-07-22 19:14 --------- d-sh--w C:\ProgramData\Application Data
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 18:19 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 05:45 222208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
--a------ 2006-11-18 08:01 182744 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 08:35 125440 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-09-29 13:39 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
--a------ 2007-02-22 05:17 73728 C:\Windows\System32\spool\drivers\w32x86\3\lxcetime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-17 19:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2006-09-26 11:56 423424 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 08:07 8497696 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 08:07 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-09-17 08:07 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-07-22 16:40 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3FAA1FB2-E60A-46BA-AB28-836A7DD5BC6A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{2E6F48B0-50D5-49DC-97F7-8469CA0097C6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{9AB506B8-1191-4D55-AF85-47910435FDB3}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{C49343C0-AB8C-444F-9F86-AF3992DC0CBB}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{88239B9A-A932-4989-B523-3B273D7A398F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{45D84681-1A09-4454-AE5B-1AA7937CAA36}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{F32DB355-2CB0-4084-BF3B-0BDFC40406FD}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{DF67A1CF-DBBF-4F93-8FA6-A8DD3CA5417B}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{4D19A5DB-93AF-4CE8-A432-E831D5EFAA85}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EF1D5DD2-C445-4264-815B-4D9B52CCC023}C:\\program files\\novalogic\\delta force black hawk down\\shocknawe.exe"= UDP:C:\program files\novalogic\delta force black hawk down\shocknawe.exe:ShocknAwe
"UDP Query User{37C65138-98DA-4A13-943C-ED3DC4C5AABD}C:\\program files\\novalogic\\delta force black hawk down\\shocknawe.exe"= TCP:C:\program files\novalogic\delta force black hawk down\shocknawe.exe:ShocknAwe
"TCP Query User{2B43B491-1652-402D-85AB-07115C5076FA}C:\\program files\\dfpinger\\dfbhdpinger\\dfbhdpinger.exe"= UDP:C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe:DFBHDPinger
"UDP Query User{76AB40AC-39EA-4907-83A1-8514DC190EE5}C:\\program files\\dfpinger\\dfbhdpinger\\dfbhdpinger.exe"= TCP:C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe:DFBHDPinger
"{4A61D1D8-4531-40BE-A8EE-30B746C73930}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{B3110FFD-07C1-41E5-BE5F-F4834B85DA7E}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{3209D960-1871-4C32-ACEC-1DA26A21393E}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CBF70B29-07BD-411D-8AED-43410D2BDCE7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{506AF502-C43F-4A4E-ACC6-C6A705F76D2D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D653DFF5-0314-43EB-A939-07106D56E089}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4972CA94-3319-4344-B110-18CC6366CD8B}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3EC656E3-F682-4DE1-B136-5CAA02588FA8}"= UDP:C:\Windows\System32\lxcecoms.exe:Lexmark Communications System
"{1741AE83-98E3-430B-97B3-F48AD9F2DE2F}"= TCP:C:\Windows\System32\lxcecoms.exe:Lexmark Communications System
"TCP Query User{4CB1130E-9AB3-4E84-806A-E0731E7D6C5E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1E5B211A-9D78-49F2-8E8E-29215BB4ECF1}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{98F0198C-6539-4A17-B277-4D35320F7A3A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3F90F752-F70C-45F7-A437-1C01262D9E93}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{8C1EC23F-EA23-44BF-9346-4DFD9F109406}C:\\program files\\dfpinger\\dfbhdpinger\\dfbhdpinger.exe"= UDP:C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe:DFBHDPinger
"UDP Query User{5137329F-3DD0-43F7-951A-62E9A510E856}C:\\program files\\dfpinger\\dfbhdpinger\\dfbhdpinger.exe"= TCP:C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe:DFBHDPinger
"TCP Query User{38030A7A-35E5-4A19-A689-85DEF4431956}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A1AB404C-3345-4B54-A0E6-5815AA6D3193}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{944C2AB0-BA8B-46DD-AF13-4BEB823982D8}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{BB3F5847-E3B7-497F-A743-5D17B036F9E3}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{58A29DB1-A121-45AF-8947-32828C238E0D}C:\\program files\\novalogic\\delta force black hawk down\\shocknawe.exe"= UDP:C:\program files\novalogic\delta force black hawk down\shocknawe.exe:ShocknAwe
"UDP Query User{A4ACE2E9-1AA0-4EB7-89A3-1287B341D0F5}C:\\program files\\novalogic\\delta force black hawk down\\shocknawe.exe"= TCP:C:\program files\novalogic\delta force black hawk down\shocknawe.exe:ShocknAwe
"{AD8C930A-1982-433B-A362-5EC70C137DA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DC1B571C-1E50-496A-9E22-1D3C0026D59B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-05-10 20:07]
R4 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835e6952-582a-11dd-9b4e-0019d169d9fc}]
\shell\AutoRun\command - CA_EdgeLitemobile.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://my.yahoo.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 05:44:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-18 5:45:56
ComboFix-quarantined-files.txt 2008-08-18 09:45:54

Pre-Run: 208,025,583,616 bytes free
Post-Run: 208,041,422,848 bytes free

299 --- E O F --- 2008-08-14 07:03:21





and highjack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:30 AM, on 8/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

--
End of file - 3375 bytes
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Strange I am seeing no services - do you have an Anti-virus

I need to know this before I proceed
  • 0

#8
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
no I dont not have an anti virus ,, I usally run windows one care once a week , but if you know of a good free one ...... somtimes I do a scan with AVG too
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is the one I use with installation instructions - if you decide that you do not like it I will list another free Antivirus at the end. If you use Avast I would like to see the bootlog

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose
  • Scan all local disks
  • scan archive files
  • click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

Other option Avira
  • 0

#10
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
well I downloaded Avast and when i went to reboot and try to get back on the web avast shut down all my services in the system configuration and i had to unistall Avast and enable all the services again !! think I will try the other anti virus you lsted and see what hat does
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What services did it shut down - as your Hijackthis shows no services running ?
  • 0

#12
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
her eis report after avira was downloaded updated and scanned



Avira AntiVir Personal
Report file date: Tuesday, August 19, 2008 17:24

Scanning for 1563576 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAWGS

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 8/14/2008 21:23:11
ANTIVIR3.VDF : 7.0.6.38 175104 Bytes 8/19/2008 21:23:12
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 8/19/2008 21:23:22
AESCN.DLL : 8.1.0.23 119156 Bytes 8/19/2008 21:23:21
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 8/19/2008 21:23:21
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 8/19/2008 21:23:19
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 8/19/2008 21:23:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/19/2008 21:23:16
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/19/2008 21:23:15
AECORE.DLL : 8.1.1.8 172406 Bytes 8/19/2008 21:23:13
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/19/2008 21:23:12
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, August 19, 2008 17:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'ehsched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'lxcecoms.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\' <dawgs>
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <RECOVERY>


End of the scan: Tuesday, August 19, 2008 17:44
Used time: 20:29 Minute(s)

The scan has been done completely.

14015 Scanning directories
245130 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
245129 Files not concerned
1288 Archives were scanned
2 Warnings
0 Notes

the services that it shut down after avast was installed was all the programs that are listed under the tab called services in the system configuration pop up window
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you experiencing any problems now as that looked clean

Weird about Avast as that is the first time I have heard of this :)
  • 0

#14
hoopdawg

hoopdawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I see no problems , and thanks for the help as long as you see it clean !!!! I geuss you can mark this as solved and close it

once again thanks for you determination and help to fix my problems
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean.

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings
Accept the warning
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Then going back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users
Accept the warning
In the drop down box selec your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select delete on the pop up
Select OK
Select Delete
You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP