Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Sl Program


  • Please log in to reply
21 replies to this topic

#1 talkingwolf

talkingwolf

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 01 February 2008 - 02:34 PM

I have used the second life VR Sim for afew years and have always been able to make it function till now. I resently reformatted and now the sim does not function. I have unloaded and reloaded the program. I have updated my software and drivers. My equipment is all compatible +. I have fast DSL. There is no resean i can see. I have used several viral scans, but i think i have something getting in the way of the program. Please help me with this.
Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:35 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199211215491
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199231130781
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5977 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 12 February 2008 - 07:40 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 12 February 2008 - 03:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:53 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Registry Easy\RegEasy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Void\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199211215491
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199231130781
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6499 bytes

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 12 February 2008 - 03:48 PM

I only see one thing. Not sure if this would stop you from reaching Secondlife though.

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Search Settings

Then,

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\Search Settings\kb125\SearchSettings.dll

Reboot your computer to go back to normal mode and post a new log.

#5 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 18 February 2008 - 11:10 AM

Grinder you are always my fav. You always seem to understand. Thanks. Of course being a complete dumb ass. I used Limewire to try and get a crack for a program I use to own and got like 20 new virals. I think I got most of the obviouse ones. Using the methodes youve showed me in the past.
Any chance I missed any?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:06 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Void\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203265865218
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5302 bytes

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 19 February 2008 - 09:54 AM

I dont see any but we will need to dig deeper.

First do this:

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 4' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
Then,
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#7 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 19 February 2008 - 01:06 PM

ComboFix 08-02-19.2 - Void 2008-02-19 12:11:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1598 [GMT -5:00]
Running from: C:\Documents and Settings\Void\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-19 12:05 . 2008-02-19 12:05 <DIR> d-------- C:\Program Files\Sun
2008-02-19 12:05 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-19 12:03 . 2008-02-19 12:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-17 01:10 . 2004-08-04 02:56 1,689,088 --a------ C:\WINDOWS\system32\2324c9a0.dll
2008-02-16 11:28 . 2008-02-16 22:26 <DIR> d-------- C:\Program Files\Eraser
2008-02-16 01:58 . 2008-02-16 01:58 <DIR> d-------- C:\Program Files\iTunes
2008-02-16 01:58 . 2008-02-16 01:58 <DIR> d-------- C:\Program Files\iPod
2008-02-16 00:01 . 2004-08-04 02:56 1,689,088 --a------ C:\WINDOWS\system32\40c038.dll
2008-02-15 23:06 . 2008-02-15 23:06 921 --a------ C:\WINDOWS\QSFVExit.bat
2008-02-15 21:39 . 2008-02-15 21:39 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-02-15 21:39 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-02-15 20:27 . 2008-02-15 20:27 <DIR> d-------- C:\Documents and Settings\Void\Application Data\gtk-2.0
2008-02-15 20:26 . 2008-02-15 20:26 <DIR> d-------- C:\Documents and Settings\Void\.thumbnails
2008-02-15 20:19 . 2008-02-15 20:23 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-02-15 20:19 . 2008-02-15 20:50 <DIR> d-------- C:\Documents and Settings\Void\.gimp-2.4
2008-02-15 20:12 . 2008-02-15 20:12 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Nikon
2008-02-15 20:11 . 2008-02-15 20:11 <DIR> d-------- C:\Program Files\Nikon
2008-02-15 20:09 . 2008-02-15 20:09 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-15 19:02 . 2008-02-15 21:20 <DIR> d-------- C:\Documents and Settings\Void\Shared
2008-02-15 19:02 . 2008-02-15 21:18 <DIR> d-------- C:\Documents and Settings\Void\Incomplete
2008-02-15 19:01 . 2008-02-15 21:21 <DIR> d-------- C:\Documents and Settings\Void\Application Data\LimeWire
2008-02-15 17:55 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\80d916a.dll
2008-02-15 14:22 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\16d573f0.dll
2008-02-15 13:36 . 2008-02-16 01:30 <DIR> d-------- C:\Program Files\SecondLifeWindLight
2008-02-15 10:34 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\2d3f6880.dll
2008-02-14 19:14 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\22786c.dll
2008-02-14 07:35 . 2004-08-04 02:56 1,689,088 --a------ C:\WINDOWS\system32\11dbf5e0.dll
2008-02-14 07:35 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\219f113d.dll
2008-02-14 00:04 . 2008-02-15 20:25 <DIR> d-------- C:\Program Files\Gimp+Brushes
2008-02-13 23:38 . 2008-02-13 23:38 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-13 23:38 . 2008-02-13 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-13 23:25 . 2008-02-16 12:38 <DIR> d-------- C:\Program Files\Photo Pos Pro
2008-02-13 23:25 . 2008-02-13 23:25 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-02-13 23:25 . 2008-02-13 23:25 163,054 --a------ C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2008-02-13 23:21 . 2008-02-13 23:30 <DIR> d-------- C:\Program Files\Photo Pos Pro Photo Editor
2008-02-13 19:36 . 2004-08-04 02:56 1,689,088 --a------ C:\WINDOWS\system32\4e75bef.dll
2008-02-13 19:36 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\e33e6f4.dll
2008-02-13 19:36 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\264edf09.dll
2008-02-13 19:27 . 2008-02-13 23:35 <DIR> d-------- C:\Program Files\Photoshop CS2
2008-02-13 05:14 . 2004-08-04 02:56 1,689,088 --a------ C:\WINDOWS\system32\37d84f55.dll
2008-02-13 05:14 . 2004-08-04 02:56 82,944 --a------ C:\WINDOWS\system32\23e73d40.dll
2008-02-10 17:11 . 2008-02-10 17:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-07 14:52 . 2008-02-07 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-07 14:49 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\GALA-NET
2008-02-07 14:49 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-02-06 11:01 . 2008-02-06 11:01 <DIR> d-------- C:\Program Files\illiminable
2008-02-05 16:29 . 2008-02-06 10:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 15:54 . 2008-02-05 15:54 <DIR> d-------- C:\Nikon
2008-02-05 02:04 . 2008-02-05 02:04 <DIR> d-------- C:\Program Files\Xara
2008-02-05 02:04 . 2008-02-05 02:04 <DIR> d-------- C:\Program Files\Common Files\Xara
2008-02-05 00:34 . 2008-02-05 00:34 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-05 00:34 . 2008-02-05 00:34 <DIR> d-------- C:\Program Files\backburner 2
2008-02-05 00:34 . 2008-02-05 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-04 16:48 . 2008-02-04 16:48 <DIR> d-------- C:\Program Files\Cepstral
2008-02-04 15:41 . 2008-02-13 23:49 <DIR> d-------- C:\WINDOWS\Lhsp
2008-02-04 15:40 . 2008-02-04 15:41 <DIR> d-------- C:\WINDOWS\speech
2008-02-04 15:40 . 2008-02-13 23:43 <DIR> d-------- C:\Program Files\KARI2
2008-02-04 15:40 . 2008-02-04 15:40 172,441 --a------ C:\WINDOWS\KARI2 Uninstaller.exe
2008-02-04 00:52 . 2008-02-10 13:42 <DIR> d-------- C:\Program Files\IMVU
2008-02-04 00:52 . 2008-02-12 19:05 <DIR> d-------- C:\Documents and Settings\Void\Application Data\IMVU
2008-02-03 16:45 . 2008-02-03 17:03 349,165,568 --a------ C:\nowy.avi
2008-02-03 01:50 . 2008-02-03 01:50 528 -r-hs---- C:\WINDOWS\egirllic151
2008-02-02 16:13 . 2008-02-02 16:13 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-02-02 16:12 . 2008-02-18 03:19 <DIR> d-------- C:\Program Files\Registry Easy
2008-02-02 15:09 . 2008-02-02 15:56 <DIR> d-------- C:\Program Files\LSoft Technologies
2008-02-02 12:14 . 2008-02-03 01:41 <DIR> d-------- C:\Program Files\EMCO Photo Resizer
2008-02-02 01:29 . 2008-02-02 01:29 <DIR> d-------- C:\Program Files\IPIX
2008-02-01 19:52 . 2008-02-01 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-01 19:52 . 2008-02-15 23:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 19:52 . 2008-02-01 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 10:25 . 2008-02-01 10:25 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Ambient Design
2008-02-01 10:21 . 2008-02-01 10:21 <DIR> d-------- C:\Program Files\Ambient Design
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 20:51 . 2008-02-02 01:36 <DIR> d-------- C:\Program Files\Visual Watermark
2008-01-29 15:09 . 2008-01-29 15:09 <DIR> d-------- C:\Program Files\Curious Labs
2008-01-29 14:51 . 2008-01-29 14:51 <DIR> d-------- C:\Documents and Settings\Void\Application Data\RegSweep
2008-01-29 10:22 . 2008-01-29 10:22 <DIR> d-------- C:\vcs5BGEffects
2008-01-29 01:36 . 2008-01-29 01:36 <DIR> d-------- C:\Program Files\QuickSFV
2008-01-27 01:42 . 2008-01-27 01:42 <DIR> d-------- C:\Program Files\ActiveDolls
2008-01-27 01:42 . 2008-01-27 01:42 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Pineapple Works
2008-01-26 12:18 . 2008-01-26 12:18 <DIR> d-------- C:\Program Files\SecondLife
2008-01-25 14:03 . 2008-01-25 14:03 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-25 14:03 . 2008-01-25 14:03 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-25 01:31 . 2008-01-25 01:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-23 05:08 . 2008-01-23 05:08 109 --a------ C:\WINDOWS\PControl.ini
2008-01-23 04:34 . 2008-01-27 01:57 <DIR> d-------- C:\Program Files\blaxxun Avatar Studio
2008-01-23 04:25 . 2008-01-27 01:57 <DIR> d-------- C:\Program Files\blaxxun Contact
2008-01-23 04:25 . 2008-01-23 04:25 <DIR> d-------- C:\Documents and Settings\Void\Application Data\blaxxun interactive
2008-01-23 04:20 . 2008-01-23 04:20 <DIR> d-------- C:\Program Files\Bitmanagement Software
2008-01-23 04:20 . 2008-02-18 16:18 <DIR> d-------- C:\Program Files\ABNet2 Client
2008-01-22 15:38 . 2008-01-22 15:38 <DIR> d-------- C:\Program Files\ZScreen
2008-01-22 15:28 . 2008-01-22 15:31 <DIR> d-------- C:\Program Files\vlc-0.8.6d-win32
2008-01-22 00:16 . 2008-01-22 00:16 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-20 13:05 . 2008-01-20 23:22 <DIR> d-------- C:\Documents and Settings\Void\.housecall6.6
2008-01-20 12:51 . 2008-01-26 12:31 104 --a------ C:\index.ini
2008-01-19 01:50 . 2008-01-25 15:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 17:14 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
2008-02-19 17:05 --------- d-----w C:\Program Files\Java
2008-02-19 16:44 --------- d-----w C:\Documents and Settings\Void\Application Data\uTorrent
2008-02-18 15:52 --------- d-----w C:\Program Files\a-squared Free
2008-02-17 14:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 06:57 --------- d-----w C:\Program Files\QuickTime
2008-02-15 23:15 --------- d-----w C:\Program Files\Movie Player ActiveX Control
2008-02-15 23:15 --------- d-----w C:\Program Files\Audio Capture ActiveX Control
2008-02-14 05:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 00:07 --------- d-----w C:\Documents and Settings\Void\Application Data\SecondLife
2008-02-07 19:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 01:35 --------- d-----w C:\Program Files\Oxin's Style!
2008-02-03 07:32 --------- d-----w C:\Program Files\There
2008-02-02 06:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-02 06:25 --------- d-----w C:\Program Files\Common Files\Nikon
2008-02-02 00:23 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-29 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-01-22 20:24 8,636,069 ----a-w C:\Program Files\vlc-0.8.6d-win32.7z
2008-01-22 20:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 05:34 --------- d-----w C:\Program Files\DivX
2008-01-17 08:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Search Settings
2008-01-17 08:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI MMC
2008-01-17 08:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-17 08:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-01-13 19:47 --------- d-----w C:\Program Files\SMPlayer
2008-01-10 08:34 --------- d-----w C:\Program Files\Funcom
2008-01-10 05:37 --------- d-----w C:\Program Files\Trend Micro
2008-01-10 04:52 --------- d-----w C:\Program Files\sisagp
2008-01-10 04:37 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-10 04:07 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-09 23:38 --------- d-----w C:\Documents and Settings\Void\Application Data\ArcSoft
2008-01-09 23:37 --------- d-----w C:\Program Files\ArcSoft
2008-01-09 22:50 --------- d-----w C:\Program Files\DesignWorkz Innovations
2008-01-09 12:45 --------- d-----w C:\Documents and Settings\Void\Application Data\vlc
2008-01-08 08:08 --------- d-----w C:\Documents and Settings\Void\Application Data\ATI MMC
2008-01-08 08:07 --------- d-----w C:\Program Files\Overland
2008-01-08 03:01 --------- d-----w C:\Program Files\RedlightCenter
2008-01-08 03:01 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-01-07 18:15 --------- d-----w C:\Program Files\Helicon Software
2008-01-07 18:07 3,072 --sha-w C:\Program Files\Thumbs.db
2008-01-07 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-07 07:13 0 ---ha-w C:\Documents and Settings\Void\hpothb07.dat
2008-01-07 07:13 0 ---ha-w C:\Documents and Settings\Void\Application Data\hpothb07.dat
2008-01-07 07:12 264 ---ha-w C:\hpothb07.dat
2008-01-07 07:12 259 ---ha-w C:\Program Files\hpothb07.tif
2008-01-07 07:12 150 ---ha-w C:\Program Files\hpothb07.dat
2008-01-07 07:11 --------- d-----w C:\Program Files\HP
2008-01-07 07:11 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-07 07:05 --------- d-----w C:\Program Files\CONEXANT
2008-01-07 06:52 --------- d-----w C:\Program Files\Steam
2008-01-07 06:40 --------- d-----w C:\Program Files\Common Files\ATI
2008-01-07 06:40 --------- d-----w C:\Program Files\ATI Multimedia
2008-01-07 06:24 --------- d-----w C:\Program Files\AMD
2008-01-07 06:24 --------- d-----w C:\Documents and Settings\Void\Application Data\InstallShield
2008-01-06 10:00 32,768 ----a-w C:\WINDOWS\system32\PosHistoryHelper.exe
2008-01-06 05:03 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-06 00:38 --------- d-----w C:\Documents and Settings\Void\Application Data\Search Settings
2008-01-06 00:37 --------- d-----w C:\Program Files\Search Settings
2008-01-06 00:37 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-06 00:36 --------- d-----w C:\Program Files\Free Audio Pack
2008-01-05 23:34 --------- d-----w C:\Program Files\7-Zip
2008-01-04 23:03 --------- d-----w C:\Program Files\WinAce
2008-01-04 22:19 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-04 22:15 --------- d-----w C:\Documents and Settings\Void\Application Data\Apple Computer
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:09 --------- d-----w C:\Documents and Settings\Void\Application Data\DivX
2008-01-02 23:23 --------- d-----w C:\Documents and Settings\Void\Application Data\CoCreate
2008-01-02 21:35 --------- d-----w C:\Program Files\Singular Inversions
2008-01-02 21:20 --------- d-----w C:\Documents and Settings\Void\Application Data\Uniblue
2008-01-02 21:17 --------- d-----w C:\Program Files\Serif
2008-01-02 20:46 --------- d-----w C:\Documents and Settings\Void\Application Data\Serif
2008-01-02 20:39 --------- d-----w C:\Program Files\My Documents
2008-01-02 17:49 602,242 ----a-w C:\WINDOWS\system32\PosIpLiB.dll
2008-01-02 10:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-02 09:33 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-01-02 09:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-02 09:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-02 09:28 --------- d-----w C:\Program Files\Real
2008-01-02 09:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-02 09:28 --------- d-----w C:\Program Files\Common Files\Real
2008-01-02 07:19 --------- d-----w C:\Program Files\uTorrent
2008-01-02 07:04 --------- d-----w C:\Program Files\Microsoft Silverlight
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2006-10-31 21:27 102400]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 04:28 185896]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 08:23 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 03:41 495616]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 07:44 176128]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Void\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34 8384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

R2 Cepstral License Server;Cepstral License Server;"C:\Program Files\Cepstral\bin\CepstralLicSrv.exe" [2007-03-15 13:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 21:13:30 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 12:14:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-19 12:15:13
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:00 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Void\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203265865218
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5648 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 19 February 2008 - 03:13 PM

Did you install PSExec from sysinternals on your computer?

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\2324c9a0.dll
C:\WINDOWS\system32\40c038.dll
C:\WINDOWS\QSFVExit.bat
C:\regxpcom.exe
C:\WINDOWS\system32\80d916a.dll
C:\WINDOWS\system32\16d573f0.dll
C:\Program Files\SecondLifeWindLight
C:\WINDOWS\system32\2d3f6880.dll
C:\WINDOWS\system32\22786c.dll
C:\WINDOWS\system32\11dbf5e0.dll
C:\WINDOWS\system32\219f113d.dll
C:\WINDOWS\system32\4e75bef.dll
C:\WINDOWS\system32\e33e6f4.dll
C:\WINDOWS\system32\264edf09.dll
C:\WINDOWS\system32\37d84f55.dll
C:\WINDOWS\system32\23e73d40.dll
C:\WINDOWS\PSEXESVC.EXE


DIRLOOK::
C:\WINDOWS\egirllic151


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#9 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 19 February 2008 - 04:08 PM

ComboFix 08-02-19.2 - Void 2008-02-19 15:58:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1578 [GMT -5:00]
Running from: C:\Documents and Settings\Void\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Void\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\SecondLifeWindLight
C:\regxpcom.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\QSFVExit.bat
C:\WINDOWS\system32\11dbf5e0.dll
C:\WINDOWS\system32\16d573f0.dll
C:\WINDOWS\system32\219f113d.dll
C:\WINDOWS\system32\22786c.dll
C:\WINDOWS\system32\2324c9a0.dll
C:\WINDOWS\system32\23e73d40.dll
C:\WINDOWS\system32\264edf09.dll
C:\WINDOWS\system32\2d3f6880.dll
C:\WINDOWS\system32\37d84f55.dll
C:\WINDOWS\system32\40c038.dll
C:\WINDOWS\system32\4e75bef.dll
C:\WINDOWS\system32\80d916a.dll
C:\WINDOWS\system32\e33e6f4.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\regxpcom.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\QSFVExit.bat
C:\WINDOWS\system32\11dbf5e0.dll
C:\WINDOWS\system32\16d573f0.dll
C:\WINDOWS\system32\219f113d.dll
C:\WINDOWS\system32\22786c.dll
C:\WINDOWS\system32\2324c9a0.dll
C:\WINDOWS\system32\23e73d40.dll
C:\WINDOWS\system32\264edf09.dll
C:\WINDOWS\system32\2d3f6880.dll
C:\WINDOWS\system32\37d84f55.dll
C:\WINDOWS\system32\40c038.dll
C:\WINDOWS\system32\4e75bef.dll
C:\WINDOWS\system32\80d916a.dll
C:\WINDOWS\system32\e33e6f4.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-19 12:05 . 2008-02-19 12:05 <DIR> d-------- C:\Program Files\Sun
2008-02-19 12:05 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-19 12:03 . 2008-02-19 12:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-16 11:28 . 2008-02-16 22:26 <DIR> d-------- C:\Program Files\Eraser
2008-02-16 01:58 . 2008-02-16 01:58 <DIR> d-------- C:\Program Files\iTunes
2008-02-16 01:58 . 2008-02-16 01:58 <DIR> d-------- C:\Program Files\iPod
2008-02-15 21:39 . 2008-02-15 21:39 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-02-15 20:27 . 2008-02-15 20:27 <DIR> d-------- C:\Documents and Settings\Void\Application Data\gtk-2.0
2008-02-15 20:26 . 2008-02-15 20:26 <DIR> d-------- C:\Documents and Settings\Void\.thumbnails
2008-02-15 20:19 . 2008-02-15 20:23 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-02-15 20:19 . 2008-02-15 20:50 <DIR> d-------- C:\Documents and Settings\Void\.gimp-2.4
2008-02-15 20:12 . 2008-02-15 20:12 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Nikon
2008-02-15 20:11 . 2008-02-15 20:11 <DIR> d-------- C:\Program Files\Nikon
2008-02-15 20:09 . 2008-02-15 20:09 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-15 19:02 . 2008-02-15 21:20 <DIR> d-------- C:\Documents and Settings\Void\Shared
2008-02-15 19:02 . 2008-02-15 21:18 <DIR> d-------- C:\Documents and Settings\Void\Incomplete
2008-02-15 19:01 . 2008-02-15 21:21 <DIR> d-------- C:\Documents and Settings\Void\Application Data\LimeWire
2008-02-15 13:36 . 2008-02-16 01:30 <DIR> d-------- C:\Program Files\SecondLifeWindLight
2008-02-14 00:04 . 2008-02-15 20:25 <DIR> d-------- C:\Program Files\Gimp+Brushes
2008-02-13 23:38 . 2008-02-13 23:38 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-13 23:38 . 2008-02-13 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-13 23:25 . 2008-02-16 12:38 <DIR> d-------- C:\Program Files\Photo Pos Pro
2008-02-13 23:25 . 2008-02-13 23:25 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-02-13 23:25 . 2008-02-13 23:25 163,054 --a------ C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2008-02-13 23:21 . 2008-02-13 23:30 <DIR> d-------- C:\Program Files\Photo Pos Pro Photo Editor
2008-02-13 19:27 . 2008-02-13 23:35 <DIR> d-------- C:\Program Files\Photoshop CS2
2008-02-10 17:11 . 2008-02-10 17:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-07 14:52 . 2008-02-07 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-07 14:49 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\GALA-NET
2008-02-07 14:49 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-02-06 11:01 . 2008-02-06 11:01 <DIR> d-------- C:\Program Files\illiminable
2008-02-05 16:29 . 2008-02-06 10:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 15:54 . 2008-02-05 15:54 <DIR> d-------- C:\Nikon
2008-02-05 02:04 . 2008-02-05 02:04 <DIR> d-------- C:\Program Files\Xara
2008-02-05 02:04 . 2008-02-05 02:04 <DIR> d-------- C:\Program Files\Common Files\Xara
2008-02-05 00:34 . 2008-02-05 00:34 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-05 00:34 . 2008-02-05 00:34 <DIR> d-------- C:\Program Files\backburner 2
2008-02-05 00:34 . 2008-02-05 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-04 16:48 . 2008-02-04 16:48 <DIR> d-------- C:\Program Files\Cepstral
2008-02-04 15:41 . 2008-02-13 23:49 <DIR> d-------- C:\WINDOWS\Lhsp
2008-02-04 15:40 . 2008-02-04 15:41 <DIR> d-------- C:\WINDOWS\speech
2008-02-04 15:40 . 2008-02-13 23:43 <DIR> d-------- C:\Program Files\KARI2
2008-02-04 15:40 . 2008-02-04 15:40 172,441 --a------ C:\WINDOWS\KARI2 Uninstaller.exe
2008-02-04 00:52 . 2008-02-10 13:42 <DIR> d-------- C:\Program Files\IMVU
2008-02-04 00:52 . 2008-02-12 19:05 <DIR> d-------- C:\Documents and Settings\Void\Application Data\IMVU
2008-02-03 16:45 . 2008-02-03 17:03 349,165,568 --a------ C:\nowy.avi
2008-02-03 01:50 . 2008-02-03 01:50 528 -r-hs---- C:\WINDOWS\egirllic151
2008-02-02 16:13 . 2008-02-02 16:13 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-02-02 16:12 . 2008-02-18 03:19 <DIR> d-------- C:\Program Files\Registry Easy
2008-02-02 15:09 . 2008-02-02 15:56 <DIR> d-------- C:\Program Files\LSoft Technologies
2008-02-02 12:14 . 2008-02-03 01:41 <DIR> d-------- C:\Program Files\EMCO Photo Resizer
2008-02-02 01:29 . 2008-02-02 01:29 <DIR> d-------- C:\Program Files\IPIX
2008-02-01 19:52 . 2008-02-01 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-01 19:52 . 2008-02-15 23:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 19:52 . 2008-02-01 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 10:25 . 2008-02-01 10:25 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Ambient Design
2008-02-01 10:21 . 2008-02-01 10:21 <DIR> d-------- C:\Program Files\Ambient Design
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 20:51 . 2008-02-02 01:36 <DIR> d-------- C:\Program Files\Visual Watermark
2008-01-29 15:09 . 2008-01-29 15:09 <DIR> d-------- C:\Program Files\Curious Labs
2008-01-29 14:51 . 2008-01-29 14:51 <DIR> d-------- C:\Documents and Settings\Void\Application Data\RegSweep
2008-01-29 10:22 . 2008-01-29 10:22 <DIR> d-------- C:\vcs5BGEffects
2008-01-29 01:36 . 2008-01-29 01:36 <DIR> d-------- C:\Program Files\QuickSFV
2008-01-27 01:42 . 2008-01-27 01:42 <DIR> d-------- C:\Program Files\ActiveDolls
2008-01-27 01:42 . 2008-01-27 01:42 <DIR> d-------- C:\Documents and Settings\Void\Application Data\Pineapple Works
2008-01-26 12:18 . 2008-01-26 12:18 <DIR> d-------- C:\Program Files\SecondLife
2008-01-25 14:03 . 2008-01-25 14:03 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-25 14:03 . 2008-01-25 14:03 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-25 01:31 . 2008-01-25 01:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-23 05:08 . 2008-01-23 05:08 109 --a------ C:\WINDOWS\PControl.ini
2008-01-23 04:34 . 2008-01-27 01:57 <DIR> d-------- C:\Program Files\blaxxun Avatar Studio
2008-01-23 04:25 . 2008-01-27 01:57 <DIR> d-------- C:\Program Files\blaxxun Contact
2008-01-23 04:25 . 2008-01-23 04:25 <DIR> d-------- C:\Documents and Settings\Void\Application Data\blaxxun interactive
2008-01-23 04:20 . 2008-01-23 04:20 <DIR> d-------- C:\Program Files\Bitmanagement Software
2008-01-23 04:20 . 2008-02-18 16:18 <DIR> d-------- C:\Program Files\ABNet2 Client
2008-01-22 15:38 . 2008-01-22 15:38 <DIR> d-------- C:\Program Files\ZScreen
2008-01-22 15:28 . 2008-01-22 15:31 <DIR> d-------- C:\Program Files\vlc-0.8.6d-win32
2008-01-22 00:16 . 2008-01-22 00:16 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-20 13:05 . 2008-01-20 23:22 <DIR> d-------- C:\Documents and Settings\Void\.housecall6.6
2008-01-20 12:51 . 2008-01-26 12:31 104 --a------ C:\index.ini
2008-01-19 01:50 . 2008-01-25 15:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 17:05 --------- d-----w C:\Program Files\Java
2008-02-19 16:44 --------- d-----w C:\Documents and Settings\Void\Application Data\uTorrent
2008-02-18 15:52 --------- d-----w C:\Program Files\a-squared Free
2008-02-17 14:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 06:57 --------- d-----w C:\Program Files\QuickTime
2008-02-15 23:15 --------- d-----w C:\Program Files\Movie Player ActiveX Control
2008-02-15 23:15 --------- d-----w C:\Program Files\Audio Capture ActiveX Control
2008-02-14 05:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 00:07 --------- d-----w C:\Documents and Settings\Void\Application Data\SecondLife
2008-02-07 19:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 01:35 --------- d-----w C:\Program Files\Oxin's Style!
2008-02-03 07:32 --------- d-----w C:\Program Files\There
2008-02-02 06:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-02 06:25 --------- d-----w C:\Program Files\Common Files\Nikon
2008-02-02 00:23 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-29 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-01-22 20:24 8,636,069 ----a-w C:\Program Files\vlc-0.8.6d-win32.7z
2008-01-22 20:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 05:34 --------- d-----w C:\Program Files\DivX
2008-01-17 08:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Search Settings
2008-01-17 08:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI MMC
2008-01-17 08:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-17 08:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-01-13 19:47 --------- d-----w C:\Program Files\SMPlayer
2008-01-10 08:34 --------- d-----w C:\Program Files\Funcom
2008-01-10 05:37 --------- d-----w C:\Program Files\Trend Micro
2008-01-10 04:52 --------- d-----w C:\Program Files\sisagp
2008-01-10 04:37 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-10 04:07 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-09 23:38 --------- d-----w C:\Documents and Settings\Void\Application Data\ArcSoft
2008-01-09 23:37 --------- d-----w C:\Program Files\ArcSoft
2008-01-09 22:50 --------- d-----w C:\Program Files\DesignWorkz Innovations
2008-01-09 12:45 --------- d-----w C:\Documents and Settings\Void\Application Data\vlc
2008-01-08 08:08 --------- d-----w C:\Documents and Settings\Void\Application Data\ATI MMC
2008-01-08 08:07 --------- d-----w C:\Program Files\Overland
2008-01-08 03:01 --------- d-----w C:\Program Files\RedlightCenter
2008-01-08 03:01 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-01-07 18:15 --------- d-----w C:\Program Files\Helicon Software
2008-01-07 18:07 3,072 --sha-w C:\Program Files\Thumbs.db
2008-01-07 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-07 07:13 0 ---ha-w C:\Documents and Settings\Void\hpothb07.dat
2008-01-07 07:13 0 ---ha-w C:\Documents and Settings\Void\Application Data\hpothb07.dat
2008-01-07 07:12 264 ---ha-w C:\hpothb07.dat
2008-01-07 07:12 259 ---ha-w C:\Program Files\hpothb07.tif
2008-01-07 07:12 150 ---ha-w C:\Program Files\hpothb07.dat
2008-01-07 07:11 --------- d-----w C:\Program Files\HP
2008-01-07 07:11 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-07 07:05 --------- d-----w C:\Program Files\CONEXANT
2008-01-07 06:52 --------- d-----w C:\Program Files\Steam
2008-01-07 06:40 --------- d-----w C:\Program Files\Common Files\ATI
2008-01-07 06:40 --------- d-----w C:\Program Files\ATI Multimedia
2008-01-07 06:24 --------- d-----w C:\Program Files\AMD
2008-01-07 06:24 --------- d-----w C:\Documents and Settings\Void\Application Data\InstallShield
2008-01-06 10:00 32,768 ----a-w C:\WINDOWS\system32\PosHistoryHelper.exe
2008-01-06 05:03 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-06 00:38 --------- d-----w C:\Documents and Settings\Void\Application Data\Search Settings
2008-01-06 00:37 --------- d-----w C:\Program Files\Search Settings
2008-01-06 00:37 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-06 00:36 --------- d-----w C:\Program Files\Free Audio Pack
2008-01-05 23:34 --------- d-----w C:\Program Files\7-Zip
2008-01-04 23:03 --------- d-----w C:\Program Files\WinAce
2008-01-04 22:19 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-04 22:15 --------- d-----w C:\Documents and Settings\Void\Application Data\Apple Computer
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:09 --------- d-----w C:\Documents and Settings\Void\Application Data\DivX
2008-01-02 23:23 --------- d-----w C:\Documents and Settings\Void\Application Data\CoCreate
2008-01-02 21:35 --------- d-----w C:\Program Files\Singular Inversions
2008-01-02 21:20 --------- d-----w C:\Documents and Settings\Void\Application Data\Uniblue
2008-01-02 21:17 --------- d-----w C:\Program Files\Serif
2008-01-02 20:46 --------- d-----w C:\Documents and Settings\Void\Application Data\Serif
2008-01-02 20:39 --------- d-----w C:\Program Files\My Documents
2008-01-02 17:49 602,242 ----a-w C:\WINDOWS\system32\PosIpLiB.dll
2008-01-02 10:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-02 09:33 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-01-02 09:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-02 09:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-02 09:28 --------- d-----w C:\Program Files\Real
2008-01-02 09:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-02 09:28 --------- d-----w C:\Program Files\Common Files\Real
2008-01-02 07:19 --------- d-----w C:\Program Files\uTorrent
2008-01-02 07:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-01 21:52 --------- d-----w C:\Documents and Settings\Void\Application Data\ATI
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\egirllic151 ----

C:\WINDOWS\egirllic151\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2006-10-31 21:27 102400]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 04:28 185896]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 08:23 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 03:41 495616]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 07:44 176128]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Void\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34 8384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

R2 Cepstral License Server;Cepstral License Server;"C:\Program Files\Cepstral\bin\CepstralLicSrv.exe" [2007-03-15 13:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 21:13:30 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 15:59:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-19 15:59:59
ComboFix-quarantined-files.txt 2008-02-19 20:59:39
ComboFix2.txt 2008-02-19 17:15:14
------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:14 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Void\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203265865218
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5681 bytes

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 19 February 2008 - 04:13 PM

Did you install PSExec from sysinternals on your computer?

#11 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 19 February 2008 - 05:47 PM

I dont know, my 20 year old brother checks his email on this unit, he might have. I warned him never to upload stuff. What is that, a game?

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 20 February 2008 - 03:08 PM

No its a tool to take over and issue remote commands from another computer. More info here:

http://technet.microsoft.com/en-us/sysinte...s/bb897553.aspx

I have seen it used on hacked computers in the past. I am not saying you were hacked, but it is definitely a suspicious file that is not used by malware. It is typically intentionally installed by a person. To be safe, you may want to consider reinstalling.

At this point, I do not see anything else wrong on your computer.

#13 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 20 February 2008 - 03:36 PM

I just re-formated a month and a half ago. No one has had physical access that would no how to do that.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:04 PM

Posted 20 February 2008 - 04:07 PM

Not sure what to tell you then. The file doesn't belong on your system unless you installed PSExec. If it is there, then it is highly suspicious. As far as I can see, though, you are clean now. Does the system appear to be running fine now?

#15 talkingwolf

talkingwolf
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta
  • Local time:09:04 PM

Posted 21 February 2008 - 08:17 AM

How do I get rid of that?
I just looked at my CPU usage in task bar and it is 0-47s constant if it was a hospital EKG machine they would say my computer is showing a erratic heart rythem. I screan captured a picture of what i am seeing. it is attached.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users