Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirusxp 2008


  • This topic is locked This topic is locked
3 replies to this topic

#1 bryan767

bryan767

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 10 August 2008 - 01:14 AM

all of a sudden this downloaded by itself and now im screwed i cant open task manager. and i have tried using regedit to fix that.. but no luck please help!!

Deckard's System Scanner v20071014.68
Run by Games on 2008-08-10 01:53:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Games.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:05 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\0xf9.exe
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\Program Files\rhcg42j0e1ct\rhcg42j0e1ct.exe
C:\WINDOWS\system32\pphcl42j0e1ct.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Games\Desktop\ad-aware\dss.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\DOCUME~1\Games\Desktop\ad-aware\Games.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\Games\LOCALS~1\Temp\~nsu.tmp\Au_.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.12");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("network.cookie.prefsMigrated", true);
user_pref("prefs.converted-to-utf8", true);
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\GAMES\Application Data\Mozilla\Profiles\default\71jnk0rd.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [lphcl42j0e1ct] C:\WINDOWS\system32\lphcl42j0e1ct.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [SMrhcg42j0e1ct] C:\Program Files\rhcg42j0e1ct\rhcg42j0e1ct.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Games\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/070552351df2fa...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146528318900
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12054 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 01:42:26 94208 --a------ C:\WINDOWS\system32\pphcl42j0e1ct.exe
2008-08-10 01:42:26 0 d-------- C:\Documents and Settings\Games\Application Data\rhcg42j0e1ct
2008-08-10 01:41:57 0 d-------- C:\Program Files\rhcg42j0e1ct
2008-08-10 01:41:23 60928 --a------ C:\WINDOWS\system32\blphcl42j0e1ct.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-10 01:41:16 130048 --a------ C:\WINDOWS\system32\lphcl42j0e1ct.exe
2008-08-10 01:41:15 0 d-------- C:\Program Files\Microsoft Security Adviser
2008-08-10 01:41:13 18432 --a------ C:\0xf9.exe <Not Verified; aaaa; sadfdsfdsfds>
2008-07-29 23:10:06 0 d-------- C:\Program Files\Postal2
2008-07-21 01:54:14 0 d-------- C:\Program Files\PCDJ DEX
2008-07-17 00:08:13 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-17 00:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-14 21:20:54 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 01:06:09 0 d-------- C:\Program Files\iPod
2008-07-14 01:06:03 0 d-------- C:\Program Files\iTunes
2008-07-13 22:54:14 0 d-------- C:\Program Files\eMule
2008-07-13 22:48:47 0 d-------- C:\Program Files\BitTorrent
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files\Java
2008-07-11 19:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 01:34:04 0 d-------- C:\WINDOWS\Logs
2008-07-11 01:28:33 0 d-------- C:\Program Files\Windows Defender
2008-07-11 00:12:03 10103328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-10 23:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier


-- Find3M Report ---------------------------------------------------------------

2008-08-10 01:50:51 0 d-------- C:\Documents and Settings\Games\Application Data\DNA
2008-08-09 21:56:56 0 d-------- C:\Program Files\Winamp
2008-08-05 11:07:48 0 d-------- C:\Documents and Settings\Games\Application Data\Hamachi
2008-08-03 22:40:17 0 d-------- C:\Documents and Settings\Games\Application Data\LimeWire
2008-08-03 20:06:02 0 d-------- C:\Program Files\AIMTunes
2008-07-29 23:30:40 0 d-------- C:\Documents and Settings\Games\Application Data\Adobe
2008-07-29 23:00:27 0 d-------- C:\Documents and Settings\Games\Application Data\BitTorrent
2008-07-26 22:31:59 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-17 00:09:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 00:57:03 0 d-------- C:\Program Files\SpywareBlaster
2008-07-14 21:20:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 01:14:53 0 d-------- C:\Program Files\LimeWire
2008-07-13 16:22:42 0 d-------- C:\Program Files\Java
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files
2008-07-11 08:49:15 0 d-------- C:\Documents and Settings\Games\Application Data\Viewpoint
2008-07-11 08:48:19 0 d-------- C:\Program Files\Viewpoint
2008-07-11 08:32:22 0 d-------- C:\Program Files\ATI Technologies
2008-07-11 00:40:01 0 d-------- C:\Documents and Settings\Games\Application Data\Netscape
2008-07-11 00:39:06 0 d-------- C:\Program Files\Netscape
2008-07-10 22:38:49 0 d-------- C:\Documents and Settings\Games\Application Data\Mozilla
2008-07-10 08:44:00 0 d-------- C:\Documents and Settings\Games\Application Data\Spybot - Search & Destroy
2008-07-10 08:27:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-09 17:02:42 0 d-------- C:\Program Files\Spyware Doctor
2008-07-09 17:01:05 0 d-------- C:\Program Files\MRU-Blaster
2008-07-09 16:58:53 0 d-------- C:\Documents and Settings\Games\Application Data\PC Tools
2008-07-09 16:53:42 0 d-------- C:\Program Files\Symantec
2008-07-09 14:04:06 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-09 14:04:04 0 d--h----- C:\Documents and Settings\Games\Application Data\GTek
2008-07-08 23:35:08 0 d-------- C:\Documents and Settings\Games\Application Data\Symantec
2008-06-15 23:22:28 0 d-------- C:\Program Files\Bonjour
2008-06-15 23:22:00 0 d-------- C:\Program Files\QuickTime
2008-06-13 22:52:25 4096 --a------ C:\WINDOWS\system32\crash
2008-06-13 22:14:05 0 d-------- C:\Program Files\World of Warcraft
2008-06-12 15:27:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-12 15:25:25 0 d-------- C:\Program Files\planetside
2008-06-12 14:58:47 0 d-------- C:\Program Files\IDoser v4
2008-06-08 15:28:08 17627 --a------ C:\WINDOWS\War3Unin.dat
2008-06-08 15:27:17 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-08 15:27:16 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-02 21:05:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [10/04/2007 04:06 PM 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [05/16/2003 01:59 PM]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [03/17/2004 12:26 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/21/2004 10:05 PM]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 06:12 AM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [08/20/2007 10:58 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 09:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [08/03/2008 07:02 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [02/21/2008 06:02 PM]
"lphcl42j0e1ct"="C:\WINDOWS\system32\lphcl42j0e1ct.exe" [08/10/2008 01:41 AM]
"msctrl.exe"="C:\Program Files\Microsoft Security Adviser\msctrl.exe" [08/10/2008 01:41 AM]
"msavsc.exe"="C:\Program Files\Microsoft Security Adviser\msavsc.exe" [08/10/2008 01:41 AM]
"msscan.exe"="C:\Program Files\Microsoft Security Adviser\msscan.exe" [08/10/2008 01:41 AM]
"msiemon.exe"="C:\Program Files\Microsoft Security Adviser\msiemon.exe" [08/10/2008 01:41 AM]
"msfw.exe"="C:\Program Files\Microsoft Security Adviser\msfw.exe" [08/10/2008 01:41 AM]
"mssadv.exe"="" []
"SMrhcg42j0e1ct"="C:\Program Files\rhcg42j0e1ct\rhcg42j0e1ct.exe" [08/08/2008 11:58 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Games\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [10/14/2007 6:29:33 PM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/19/2006 8:48:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6ffd4d-4de1-11dd-9017-00095b9461cd}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65a2094-7f2d-11da-8aec-00095b9461cd}]
AutoRun\command- F:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-08-10 02:03:41 ------------

BC AdBot (Login to Remove)

 


m

#2 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 10 August 2008 - 02:39 AM

i saw a fix on how to get this virus out.. so i followed the directions but im still experiencing problems getting my task manger to come up because it keeps saying that it was disabled. i can get it to work but only after deleting the regestry that makes it block the taskmanager. in my desktop properties i am unable to see the desktop background tab, but i am able to change it by finding a picture and making it my background. also my computer is running slow and i keep hearing a clicking sound from my speakers. same sound as if you change pages on the internet.. or when something pops up but your not viewing it yet. i did another hijack this can aswell.

Deckard's System Scanner v20071014.68
Run by Games on 2008-08-10 03:27:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Games.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:25 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\alt.exe.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\Games\LOCALS~1\Temp\dnlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Documents and Settings\Games\Desktop\ad-aware\dss.exe
C:\DOCUME~1\Games\Desktop\ad-aware\Games.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\ms-E.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe
C:\google.com\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.12");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("network.cookie.prefsMigrated", true);
user_pref("prefs.converted-to-utf8", true);
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\GAMES\Application Data\Mozilla\Profiles\default\71jnk0rd.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: BhoApp Class - {A3628B71-12F5-82E7-9B56-0D7E91241ADB} - C:\Program Files\altcmd\altcmd32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\alt.exe.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\google.com\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\google.com\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\google.com\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\google.com\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\google.com\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Games\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/070552351df2fa...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146528318900
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Games\LOCALS~1\Temp\dnlsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13630 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 02:48:51 100 --a------ C:\Documents and Settings\Games\Application Data\temp.dll
2008-08-10 02:47:04 0 d-------- C:\google.com
2008-08-10 02:46:42 2816 --a------ C:\WINDOWS\system32\msdirect.sys
2008-08-10 02:46:34 84480 --a------ C:\WINDOWS\neos.exe
2008-08-10 02:46:33 0 d-------- C:\Program Files\altcmd
2008-08-10 02:46:32 60928 --a------ C:\WINDOWS\system32\blphcl42j0e1ct.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-10 02:46:23 134144 --a------ C:\WINDOWS\system32\lphcl42j0e1ct.exe
2008-08-10 01:42:26 94208 --a------ C:\WINDOWS\system32\pphcl42j0e1ct.exe
2008-08-10 01:42:26 0 d-------- C:\Documents and Settings\Games\Application Data\rhcg42j0e1ct
2008-08-10 01:41:15 0 d-------- C:\Program Files\Microsoft Security Adviser
2008-08-10 01:41:13 1328 --a------ C:\0xf9.exe
2008-07-29 23:10:06 0 d-------- C:\Program Files\Postal2
2008-07-21 01:54:14 0 d-------- C:\Program Files\PCDJ DEX
2008-07-17 00:08:13 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-17 00:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-14 21:20:54 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 01:06:09 0 d-------- C:\Program Files\iPod
2008-07-14 01:06:03 0 d-------- C:\Program Files\iTunes
2008-07-13 22:54:14 0 d-------- C:\Program Files\eMule
2008-07-13 22:48:47 0 d-------- C:\Program Files\BitTorrent
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files\Java
2008-07-11 19:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 01:34:04 0 d-------- C:\WINDOWS\Logs
2008-07-11 01:28:33 0 d-------- C:\Program Files\Windows Defender
2008-07-11 00:12:03 10755616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-10 23:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier


-- Find3M Report ---------------------------------------------------------------

2008-08-10 02:53:26 0 d-------- C:\Documents and Settings\Games\Application Data\DNA
2008-08-09 21:56:56 0 d-------- C:\Program Files\Winamp
2008-08-05 11:07:48 0 d-------- C:\Documents and Settings\Games\Application Data\Hamachi
2008-08-03 22:40:17 0 d-------- C:\Documents and Settings\Games\Application Data\LimeWire
2008-08-03 20:06:02 0 d-------- C:\Program Files\AIMTunes
2008-07-29 23:30:40 0 d-------- C:\Documents and Settings\Games\Application Data\Adobe
2008-07-29 23:00:27 0 d-------- C:\Documents and Settings\Games\Application Data\BitTorrent
2008-07-26 22:31:59 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-17 00:09:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 00:57:03 0 d-------- C:\Program Files\SpywareBlaster
2008-07-14 21:20:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 01:14:53 0 d-------- C:\Program Files\LimeWire
2008-07-13 16:22:42 0 d-------- C:\Program Files\Java
2008-07-13 16:21:48 0 d-------- C:\Program Files\Common Files
2008-07-11 08:49:15 0 d-------- C:\Documents and Settings\Games\Application Data\Viewpoint
2008-07-11 08:48:19 0 d-------- C:\Program Files\Viewpoint
2008-07-11 08:32:22 0 d-------- C:\Program Files\ATI Technologies
2008-07-11 00:40:01 0 d-------- C:\Documents and Settings\Games\Application Data\Netscape
2008-07-11 00:39:06 0 d-------- C:\Program Files\Netscape
2008-07-10 22:38:49 0 d-------- C:\Documents and Settings\Games\Application Data\Mozilla
2008-07-10 08:44:00 0 d-------- C:\Documents and Settings\Games\Application Data\Spybot - Search & Destroy
2008-07-10 08:27:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-09 17:02:42 0 d-------- C:\Program Files\Spyware Doctor
2008-07-09 17:01:05 0 d-------- C:\Program Files\MRU-Blaster
2008-07-09 16:58:53 0 d-------- C:\Documents and Settings\Games\Application Data\PC Tools
2008-07-09 16:53:42 0 d-------- C:\Program Files\Symantec
2008-07-09 14:04:06 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-09 14:04:04 0 d--h----- C:\Documents and Settings\Games\Application Data\GTek
2008-07-08 23:35:08 0 d-------- C:\Documents and Settings\Games\Application Data\Symantec
2008-06-15 23:22:28 0 d-------- C:\Program Files\Bonjour
2008-06-15 23:22:00 0 d-------- C:\Program Files\QuickTime
2008-06-13 22:52:25 4096 --a------ C:\WINDOWS\system32\crash
2008-06-13 22:14:05 0 d-------- C:\Program Files\World of Warcraft
2008-06-12 15:27:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-12 15:25:25 0 d-------- C:\Program Files\planetside
2008-06-12 14:58:47 0 d-------- C:\Program Files\IDoser v4
2008-06-08 15:28:08 17627 --a------ C:\WINDOWS\War3Unin.dat
2008-06-08 15:27:17 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-08 15:27:16 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-02 21:05:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3628B71-12F5-82E7-9B56-0D7E91241ADB}]
12/15/2005 10:06 PM 167936 --a------ C:\Program Files\altcmd\altcmd32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [10/04/2007 04:06 PM 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [05/16/2003 01:59 PM]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [03/17/2004 12:26 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/21/2004 10:05 PM]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 06:12 AM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [08/20/2007 10:58 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 09:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [08/03/2008 07:02 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"msctrl.exe"="C:\Program Files\Microsoft Security Adviser\msctrl.exe" [08/10/2008 01:41 AM]
"msavsc.exe"="C:\Program Files\Microsoft Security Adviser\msavsc.exe" [08/10/2008 01:41 AM]
"msscan.exe"="C:\Program Files\Microsoft Security Adviser\msscan.exe" [08/10/2008 01:41 AM]
"msiemon.exe"="C:\Program Files\Microsoft Security Adviser\msiemon.exe" [08/10/2008 01:41 AM]
"msfw.exe"="C:\Program Files\Microsoft Security Adviser\msfw.exe" [08/10/2008 01:41 AM]
"mssadv.exe"="" []
"PromoReg"="C:\WINDOWS\system32\alt.exe.exe" [08/10/2008 02:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msctrl.exe"="C:\Program Files\Microsoft Security Adviser\msctrl.exe" [08/10/2008 01:41 AM]
"msavsc.exe"="C:\Program Files\Microsoft Security Adviser\msavsc.exe" [08/10/2008 01:41 AM]
"msscan.exe"="C:\Program Files\Microsoft Security Adviser\msscan.exe" [08/10/2008 01:41 AM]
"msiemon.exe"="C:\Program Files\Microsoft Security Adviser\msiemon.exe" [08/10/2008 01:41 AM]
"msfw.exe"="C:\Program Files\Microsoft Security Adviser\msfw.exe" [08/10/2008 01:41 AM]
"mssadv.exe"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"DriverLoad"=
"DriverCheck"=
"SystemDriverLoad"=
"SystemDriver"=
"FDriver"=
"ADriver"=
"CDriver"=c:\google.com\svchost.exe
"DDriver"=c:\google.com\svchost.exe
"alpha"=c:\google.com\svchost.exe
"beta"=c:\google.com\svchost.exe
"gamma"=c:\google.com\svchost.exe

C:\Documents and Settings\Games\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [10/14/2007 6:29:33 PM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/19/2006 8:48:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"DriverLoad"=
"DriverCheck"=
"SystemDriverLoad"=
"Winhost"=
"Winhost1"=
"Winhost2"=
"Winhost3"=
"Winhost4"=
"SystemDriver"=
"FDriver"=
"ADriver"=
"CDriver"=c:\google.com\svchost.exe
"DDriver"=c:\google.com\svchost.exe
"alpha"=c:\google.com\svchost.exe
"beta"=c:\google.com\svchost.exe
"gamma"=c:\google.com\svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcl42j0e1ct]
C:\WINDOWS\system32\lphcl42j0e1ct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcg42j0e1ct]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6ffd4d-4de1-11dd-9017-00095b9461cd}]
AutoRun\command- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65a2094-7f2d-11da-8aec-00095b9461cd}]
AutoRun\command- F:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-08-10 03:38:30 ------------

thanks again!

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:51 PM

Posted 20 August 2008 - 05:07 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:51 PM

Posted 25 August 2008 - 04:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users