BleepingComputer.com: PLS HELP! Google links redirected.

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

PLS HELP! Google links redirected. Hijackthis log inside.

#1 User is offline   Hidanagi 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-January 10

Posted 28 January 2010 - 03:29 PM

It happens on Firefox browser.

--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:14 AM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF36919C-31F3-493E-8B22-9464FFC9426C} - c:\windows\system32\evlrlyd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880959437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880930421
O20 - Winlogon Notify: axftuxzd - C:\WINDOWS\SYSTEM32\evlrlyd.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 5716 bytes

This post has been edited by Hidanagi: 29 January 2010 - 01:37 PM

#2 User is offline   Hidanagi 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-January 10

Posted 03 February 2010 - 12:44 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by Pain at 1:34:14.51 on Thu 02/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.579 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pain\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Service Pack 3 Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {af36919c-31f3-493e-8b22-9464ffc9426c} - c:\windows\system32\evlrlyd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] "c:\program files\amd\dual-core optimizer\amd_dc_opt.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\pain\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: Add to AMV Converter... -
IE: Add to Media Manager... -
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252880959437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252880930421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: axftuxzd - evlrlyd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pain\applic~1\mozilla\firefox\profiles\afu0y1io.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 eegfptlh;eegfptlh;c:\windows\system32\drivers\eegfptlh.sys [2008-4-14 23424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-9-13 13696]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 83208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152456]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-9-1 110984]
S1 oswmmtnw;oswmmtnw;\??\c:\windows\system32\drivers\oswmmtnw.sys --> c:\windows\system32\drivers\oswmmtnw.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-20 1691480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\pain\locals~1\temp\GHM15D.tmp [2010-1-30 25616]

=============== Created Last 30 ================

2010-01-29 15:37:24 0 d-----w- c:\program files\Axife Mouse Recorder DEMO
2010-01-29 09:00:45 0 d-----w- c:\docume~1\pain\applic~1\Malwarebytes
2010-01-29 09:00:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 09:00:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-29 09:00:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-29 09:00:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 02:06:06 0 d-----w- C:\SDFix
2010-01-29 01:56:23 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-01-29 01:26:20 0 d-----w- c:\program files\Trend Micro
2010-01-28 23:31:54 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-28 23:31:54 1409 ----a-w- c:\windows\QTFont.for
2010-01-28 21:20:43 76864 ----a-w- c:\windows\War3Unin.dat
2010-01-28 21:20:42 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-28 21:20:42 139264 ----a-w- c:\windows\War3Unin.exe
2010-01-28 17:22:55 86016 ------r- c:\windows\system32\Paint.exe
2010-01-27 23:48:57 72 ----a-w- c:\windows\MediaManager.INI
2010-01-26 12:09:28 0 d-----w- c:\program files\Garena
2010-01-24 23:56:39 0 d-----w- c:\docume~1\pain\applic~1\FairStars Audio Converter
2010-01-24 23:56:32 0 d-----w- c:\program files\FairStars Audio Converter
2010-01-21 18:56:27 0 d-----w- C:\tmp
2010-01-21 12:50:57 0 d-----w- c:\docume~1\pain\applic~1\Blender Foundation
2010-01-21 12:50:53 0 d-----w- c:\program files\Blender Foundation
2010-01-20 04:28:23 0 d-----w- c:\windows\system32\AGEIA
2010-01-19 23:46:12 0 d-----w- c:\program files\Realtek
2010-01-19 17:17:37 0 d-----w- c:\program files\SCAR 3.22
2010-01-19 11:56:05 0 d-----w- c:\docume~1\pain\applic~1\EurekaLog
2010-01-18 22:53:15 0 d-----w- c:\docume~1\pain\applic~1\LimeWire
2010-01-18 22:51:27 0 d-----w- c:\program files\LimeWire
2010-01-18 22:39:57 4608 ----a-w- c:\windows\system32\drivers\nvport.sys
2010-01-18 22:16:29 8743 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-18 22:16:28 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-18 22:16:28 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-18 22:16:28 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-18 22:16:28 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-18 22:16:27 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-18 22:16:25 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-18 22:16:25 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-18 22:16:25 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-18 22:16:25 1056768 ----a-w- c:\windows\system32\nvapi.dll
2010-01-18 22:16:24 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-18 20:20:03 0 d-----w- c:\program files\Blender
2010-01-18 12:35:42 0 d-----w- c:\docume~1\pain\applic~1\Charles
2010-01-18 12:33:10 0 d-----w- c:\program files\Charles
2010-01-17 22:29:28 0 d-----w- c:\program files\3DRipperDX
2010-01-13 15:32:20 0 d-----w- c:\program files\FaceShop 5
2010-01-11 06:30:56 385 ----a-w- c:\documents and settings\pain\Application Datauser_gensett.xml
2010-01-08 10:50:23 0 d-----w- c:\docume~1\pain\applic~1\MilkShape 3D 1.x.x
2010-01-08 10:49:42 0 d-----w- c:\program files\MilkShape 3D 1.8.4
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_spoof.sig
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_sign.slf
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_fuzzy.sig
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\pc_sign.slf
2010-01-07 23:39:40 0 ----a-w- c:\windows\system32\ab_sbl.sig
2010-01-07 19:08:57 376 ----a-w- c:\documents and settings\pain\Application Dataprivacy.xml
2010-01-07 19:08:55 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-01-07 09:13:57 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-01-07 09:13:57 16 ----a-w- c:\windows\system32\asdict.dat
2010-01-07 09:13:57 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-01-07 04:49:22 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-07 04:34:41 0 d-----w- c:\docume~1\pain\applic~1\BitDefender
2010-01-07 04:34:18 0 d-----w- C:\Binaries
2010-01-07 04:34:04 0 d-----w- c:\program files\BitDefender
2010-01-07 04:34:04 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-07 04:26:38 0 d-----w- c:\program files\common files\BitDefender

==================== Find3M ====================

2010-01-07 04:49:03 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-01-07 04:49:02 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-01-07 04:43:56 110984 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-12-25 16:50:20 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-25 16:50:20 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 16:50:14 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-25 16:50:14 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-25 16:50:14 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-25 16:50:08 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 16:50:08 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 16:50:02 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-25 16:49:56 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-25 16:49:56 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-25 16:49:50 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-25 16:26:30 6039584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-24 15:40:20 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-21 02:34:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-20 18:32:14 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 18:32:14 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 18:32:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 18:32:14 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 18:32:14 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 18:32:10 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-05 17:06:13 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-11-03 13:22:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-10-30 11:40:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009101220091019\index.dat
2009-11-03 13:22:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110320091104\index.dat
2009-11-03 13:22:46 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 1:35:16.82 ===============

Attached File(s)


#3 User is offline   teacup61 

  • Bleepin' Texan in Ohio!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,058
  • Joined: 05-April 06
  • Gender:Female
  • Location:New Bremen, Ohio

Posted 06 February 2010 - 12:21 AM

Hello Hidanagi,



Sorry about the delay.sad.gif If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!
Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 User is offline   Hidanagi 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-January 10

Posted 06 February 2010 - 12:18 PM

Here it is.

------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:07 AM, on 2/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Pain\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pain\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF36919C-31F3-493E-8B22-9464FFC9426C} - c:\windows\system32\evlrlyd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880959437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880930421
O20 - Winlogon Notify: axftuxzd - C:\WINDOWS\SYSTEM32\evlrlyd.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 6247 bytes

#5 User is offline   teacup61 

  • Bleepin' Texan in Ohio!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,058
  • Joined: 05-April 06
  • Gender:Female
  • Location:New Bremen, Ohio

Posted 06 February 2010 - 12:35 PM

Hello smile.gif

Thank you for that.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! smile.gif

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to fluffybunny.exe and try it again. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!
Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 User is offline   Hidanagi 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-January 10

Posted 06 February 2010 - 01:22 PM

ComboFix 10-02-05.04 - Pain 02/07/2010 2:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.694 [GMT 2:00]
Running from: c:\documents and settings\Pain\My Documents\Downloads\fluppyduffy.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\Pain\Application Data\EurekaLog
c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\extensions\{c691f2ef-c350-43d6-afc4-b4cd4aa3503a}
c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\extensions\{c691f2ef-c350-43d6-afc4-b4cd4aa3503a}\chrome.manifest
c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\extensions\{c691f2ef-c350-43d6-afc4-b4cd4aa3503a}\chrome\xulcache.jar
c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\extensions\{c691f2ef-c350-43d6-afc4-b4cd4aa3503a}\defaults\preferences\xulcache.js
c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\extensions\{c691f2ef-c350-43d6-afc4-b4cd4aa3503a}\install.rdf
c:\program files\Cheat Engine\dbk32.sys
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\eegfptlh.sys
c:\windows\system32\drivers\zddfnsty.sys
c:\windows\system32\evlrlyd.dll
c:\windows\system32\oadmkpl.dll
c:\windows\system32\ztonsyfj.dll
c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EEGFPTLH
-------\Legacy_SYNSEND
-------\Service_eegfptlh


((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-05 19:13 . 2010-02-05 19:22 -------- d-----w- c:\documents and settings\Pain\Local Settings\Application Data\Temp
2010-02-05 19:12 . 2010-02-05 19:22 -------- d-----w- c:\documents and settings\Pain\Local Settings\Application Data\Google
2010-02-05 19:12 . 2010-02-05 19:20 -------- d-----w- c:\documents and settings\Pain\Local Settings\Application Data\Deployment
2010-01-29 15:37 . 2010-01-30 07:58 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO
2010-01-29 09:00 . 2010-01-29 09:00 -------- d-----w- c:\documents and settings\Pain\Application Data\Malwarebytes
2010-01-29 09:00 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 09:00 . 2010-01-29 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 09:00 . 2010-01-29 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 09:00 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-29 02:06 . 2010-01-29 10:28 -------- d-----w- C:\SDFix
2010-01-29 01:26 . 2010-01-29 01:26 -------- d-----w- c:\program files\Trend Micro
2010-01-28 21:20 . 2010-01-28 21:23 76864 ----a-w- c:\windows\War3Unin.dat
2010-01-28 21:20 . 2010-01-28 21:22 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-28 21:20 . 2010-01-28 21:22 139264 ----a-w- c:\windows\War3Unin.exe
2010-01-28 17:22 . 2010-01-28 17:24 86016 ------r- c:\windows\system32\Paint.exe
2010-01-26 12:09 . 2010-02-06 18:36 -------- d-----w- c:\program files\Garena
2010-01-24 23:56 . 2010-01-25 00:16 -------- d-----w- c:\documents and settings\Pain\Application Data\FairStars Audio Converter
2010-01-24 23:56 . 2010-01-24 23:56 -------- d-----w- c:\program files\FairStars Audio Converter
2010-01-21 18:56 . 2010-01-25 22:20 -------- d-----w- C:\tmp
2010-01-21 12:50 . 2010-01-21 12:50 -------- d-----w- c:\documents and settings\Pain\Application Data\Blender Foundation
2010-01-21 12:50 . 2010-01-21 12:50 -------- d-----w- c:\program files\Blender Foundation
2010-01-20 04:28 . 2010-01-20 04:28 -------- d-----w- c:\windows\system32\AGEIA
2010-01-20 04:28 . 2010-01-20 04:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-19 17:17 . 2010-01-19 11:53 -------- d-----w- c:\program files\SCAR 3.22
2010-01-18 22:53 . 2010-02-07 00:11 -------- d-----w- c:\documents and settings\Pain\Application Data\LimeWire
2010-01-18 22:51 . 2010-01-20 10:45 -------- d-----w- c:\program files\LimeWire
2010-01-18 22:39 . 2005-08-22 13:29 4608 ----a-w- c:\windows\system32\drivers\nvport.sys
2010-01-18 22:16 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-18 22:16 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-18 22:16 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-18 22:16 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-18 22:16 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-18 22:16 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-18 22:16 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-18 22:16 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-18 22:16 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2010-01-18 22:16 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-18 20:20 . 2010-01-18 20:20 -------- d-----w- c:\program files\Blender
2010-01-18 12:35 . 2010-01-18 12:42 -------- d-----w- c:\documents and settings\Pain\Application Data\Charles
2010-01-18 12:33 . 2010-01-18 12:33 -------- d-----w- c:\program files\Charles
2010-01-17 22:29 . 2010-01-18 10:41 -------- d-----w- c:\program files\3DRipperDX
2010-01-13 15:32 . 2010-01-13 15:32 -------- d-----w- c:\program files\FaceShop 5
2010-01-08 10:50 . 2010-02-04 18:30 -------- d-----w- c:\documents and settings\Pain\Application Data\MilkShape 3D 1.x.x
2010-01-08 10:49 . 2010-01-09 19:18 -------- d-----w- c:\program files\MilkShape 3D 1.8.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 00:08 . 2009-09-15 05:14 -------- d-----w- c:\program files\Cheat Engine
2010-02-06 19:43 . 2009-09-14 02:08 -------- d-----w- c:\program files\Warcraft III
2010-02-05 19:09 . 2009-11-09 12:45 -------- d-----w- c:\program files\Flock
2010-01-30 16:13 . 2009-09-19 12:49 -------- d-----w- c:\program files\Heroes of Newerth
2010-01-27 17:44 . 2009-09-21 14:56 -------- d-----w- c:\program files\Adobe Photoshop CS3 Extended Portable
2010-01-20 19:00 . 2009-09-13 23:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 04:28 . 2009-09-13 22:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 23:47 . 2010-01-07 04:49 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-19 23:46 . 2010-01-19 23:46 -------- d-----w- c:\program files\Realtek
2010-01-19 23:46 . 2009-09-13 21:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 22:40 . 2009-09-14 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-18 22:39 . 2009-09-14 00:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-18 10:51 . 2009-09-18 07:52 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-18 10:50 . 2009-10-29 14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-18 10:49 . 2009-09-22 14:31 -------- d-----w- c:\program files\SCAR 3.21
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-07 23:39 . 2010-01-07 23:39 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-07 09:13 . 2010-01-07 09:13 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-01-07 09:13 . 2010-01-07 09:13 16 ----a-w- c:\windows\system32\asdict.dat
2010-01-07 04:49 . 2009-09-17 08:11 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-01-07 04:49 . 2009-09-17 08:12 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-01-07 04:43 . 2009-09-01 07:24 110984 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-01-07 04:37 . 2010-01-07 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-07 04:34 . 2010-01-07 04:34 -------- d-----w- c:\documents and settings\Pain\Application Data\BitDefender
2010-01-07 04:34 . 2010-01-07 04:34 -------- d-----w- c:\program files\BitDefender
2010-01-07 04:34 . 2010-01-07 04:26 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-07 04:30 . 2009-09-18 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-29 05:27 . 2009-12-29 05:27 -------- d-----w- c:\program files\Yahoo!
2009-12-27 22:26 . 2009-12-27 22:26 -------- d-----w- c:\program files\Level Up Games
2009-12-25 16:50 . 2010-01-19 23:46 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-25 16:50 . 2010-01-19 23:46 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 16:50 . 2010-01-19 23:46 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-25 16:50 . 2010-01-19 23:46 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-25 16:50 . 2010-01-19 23:46 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-25 16:50 . 2010-01-19 23:46 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 16:50 . 2010-01-19 23:46 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 16:50 . 2010-01-19 23:46 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-25 16:49 . 2010-01-19 23:46 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-25 16:49 . 2010-01-19 23:46 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-25 16:49 . 2010-01-19 23:46 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-25 16:26 . 2010-01-19 23:46 6039584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-12-23 01:39 . 2009-12-11 13:15 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-21 19:14 . 2009-03-08 06:34 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 04:15 . 2009-12-14 04:14 -------- d-----w- c:\program files\XP Repair Pro 4.0
2009-12-14 04:14 . 2009-12-14 04:14 32038 ----a-r- c:\documents and settings\Pain\Application Data\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2009-12-14 04:13 . 2009-09-26 14:43 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-11-24 15:40 . 2010-01-19 23:46 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-21 15:51 . 2008-04-14 15:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-08-16 16:57 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-08-16 16:57 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-20 18:32 . 2009-11-20 18:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 18:32 . 2009-11-20 18:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 18:32 . 2009-11-20 18:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 18:32 . 2009-11-20 18:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 18:32 . 2009-11-20 18:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 18:32 . 2009-11-20 18:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-18 05:17 . 2010-01-19 23:46 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-18 05:16 . 2010-01-19 23:46 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-07 04:44 . 2010-01-07 04:37 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Pain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2010-01-07 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-28 1120704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Pain\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-12-25 16:49 64032 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-12-14 11:13 7095344 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspaint]
2010-01-28 17:24 86016 ------r- c:\windows\system32\Paint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-20 18:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-25 16:50 18789408 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"nvsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electric Rain\\Swift 3D\\Version 5.00\\Program\\Swift3D.exe"=
"c:\\Program Files\\Level Up Games\\FreeStyle\\FreeStyle.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/14/2009 7:15 AM 682232]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/13/2009 11:52 PM 13696]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [4/1/2009 5:25 AM 83208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 10:12 AM 152456]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [9/1/2009 9:24 AM 110984]
S1 oswmmtnw;oswmmtnw;\??\c:\windows\system32\drivers\oswmmtnw.sys --> c:\windows\system32\drivers\oswmmtnw.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/20/2010 1:46 AM 1691480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [9/13/2009 5:31 PM 183880]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Pain\LOCALS~1\Temp\NMIE7.tmp --> c:\docume~1\Pain\LOCALS~1\Temp\NMIE7.tmp [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EEGFPTLH
*Deregistered* - eegfptlh

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rpkggirk
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1454471165-725345543-1003Core.job
- c:\documents and settings\Pain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 19:20]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1454471165-725345543-1003UA.job
- c:\documents and settings\Pain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 19:20]

2010-02-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]

2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{0C6007A9-7B3F-4596-8196-CF6D51568D92}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... -
IE: Add to Media Manager... -
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pain\Application Data\Mozilla\Firefox\Profiles\afu0y1io.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\Pain\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 02:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8676F8A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664f28
\Driver\ACPI -> ACPI.sys @ 0xf73e7cb8
\Driver\atapi -> atapi.sys @ 0xf737cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Pain\LOCALS~1\Temp\NMIE7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-07 02:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 00:16

Pre-Run: 26,852,634,624 bytes free
Post-Run: 27,594,596,352 bytes free

- - End Of File - - AAC44EA00F50EFCDE8AE398A0CAF57E6


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:07 AM, on 2/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880959437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252880930421
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 5188 bytes

#7 User is offline   Hidanagi 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-January 10

Posted 06 February 2010 - 03:04 PM

oopss i renamed it to fluffyduffy instead of fluffybunny. poster_oops.gif

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users