Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am at your mercy! please help i have the generic host error


  • This topic is locked This topic is locked
28 replies to this topic

#1 dragonjk

dragonjk

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 December 2008 - 04:42 PM

I have windows xp sp2

Ok ill go into as much detail as possible. Yesterday when i swiched my computer on, as it was booting I saw for the first time a strange new error.

Data Execution Prevention
To help protect your computer, Windows has closed this program.
Name: Generic Host Process for Win32 Service
Publisher: Microsoft Corporation

Then 2 seconds later

Generic Host Process for Win32 Service has encounterd a problem and needs to close.

So I go ahead an close it but now firefox will not open up anymore I keep trying to open it and all of a sudden the wierdist thing happends. My taskbar and window borders swich to classic mode! the old gray box's and taskbar! Also i cannot click on anything on the taskbar its locked up, i wait 2 mins and it reverts back to the windows xp borders and styles. I can also use the taskbar and i can click on whatever is on there again, only now my sound has stopped working! i cant play any music or watch any movies!

This happeds everytime WITHOUT fail when i boot my computer, so i have to use EI6 (which I hate) I tryed the windows hotfix update for generic host error and that did nothing, I have scanned with AVG, Spybot and malware's antispyware and they havent fixed anything. I have also ran scandisk and its turned up nothing.... I dont know what else to do besides ask for help... Ill be posting a hyjackthis log on here in my next post ina few mins. I also have a Combofix log if anyone requests it.

Please help me.

BC AdBot (Login to Remove)

 


#2 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 December 2008 - 04:53 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:20, on 09/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\steam\steam.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10160 bytes

#3 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 December 2008 - 05:07 PM

Ok update, after running combofix again, the error has gone away, however all the otherstuff, firefox the no-sounds ect ect are still happening

Also the computer thinks it has no sound divice although it can still play sounds

Edited by dragonjk, 09 December 2008 - 05:18 PM.


#4 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 December 2008 - 05:17 PM

Ok anotherupdate, for some reason world of warcraft's sound works fine but every other game's does not... this is bizzare

#5 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 December 2008 - 08:03 PM

i have found Trojan.Win32.Kolweb.n and removed it. but i am still having sound issues when my taskbar screws up

Edited by dragonjk, 09 December 2008 - 08:19 PM.


#6 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 December 2008 - 01:50 AM

it was working fine today... now its having sound issues and firefox problems again

Edited by dragonjk, 11 December 2008 - 02:34 AM.


#7 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:16 AM

Posted 17 December 2008 - 02:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE


Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#8 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 19 December 2008 - 04:13 PM

sry i have been away from home the past 2 days. and im about to go out, ill do these tomorrow morning. sry about that. And no i am still haveing a few problems

#9 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 20 December 2008 - 04:01 PM

DDS (Version 1.1.0) - NTFSx86
Run by James at 20:58:28.15 on 20/12/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2046.1432 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
"C:\WINDOWS\system32\svchost.exe" 92869
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\James\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [kdx] c:\windows\kdx\KHost.exe -all
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [I-Hate-Keyloggers] c:\documents and settings\james\my documents\i-hate-keyloggers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [CameraFixer] c:\windows\CameraFixer.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\9kvidw5h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\james\application data\mozilla\firefox\profiles\9kvidw5h.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-27 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-11 26824]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-12 353680]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-12-12 464264]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-27 76040]
S0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys []
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\common files\microsoft shared\speech\csvd.exe [2008-12-3 11573248]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S2 wowsystemcode123;Remote TCP/IP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-8-28 10664]
S3 iatmunin;iatmunin;\??\c:\docume~1\james\locals~1\temp\iatmunin.sys []
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\PsSdk30.drv []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys []

=============== Created Last 30 ================

2008-12-20 20:36 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-20 20:36 1,409 a------- c:\windows\QTFont.for
2008-12-17 16:31 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-15 23:16 124 a------- c:\windows\asr.INI
2008-12-15 23:14 <DIR> --d----- C:\WOTLK issues
2008-12-15 23:14 <DIR> --d----- c:\program files\Advanced Sound Recorder
2008-12-15 03:01 <DIR> --d----- c:\program files\MSXML 6.0
2008-12-12 21:48 209,008 a------- c:\windows\system32\kbhookdll.dll
2008-12-12 21:48 102,912 a------- c:\windows\system32\VB6STKIT.DLL
2008-12-12 18:28 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-12 18:28 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-12 18:05 <DIR> --d----- c:\program files\AskBarDis
2008-12-12 18:05 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-12-12 18:04 1,221,008 a------- c:\windows\system32\zpeng25.dll
2008-12-12 18:04 <DIR> --d----- c:\windows\system32\ZoneLabs
2008-12-12 18:04 <DIR> --d----- c:\program files\Zone Labs
2008-12-12 18:04 348,371 a------- c:\windows\system32\vsconfig.xml
2008-12-12 18:03 <DIR> --d----- c:\windows\Internet Logs
2008-12-12 18:01 5,376 a------- c:\windows\system32\drivers\MS1000.sys
2008-12-12 17:59 <DIR> --d----- c:\program files\The Cleaner Demo
2008-12-12 17:42 <DIR> --d----- c:\program files\Uniblue
2008-12-11 09:09 141,016 a------- c:\windows\system32\alsndmgr.wav
2008-12-11 09:08 <DIR> --d----- c:\program files\Realtek AC97
2008-12-09 21:49 <DIR> --d----- c:\program files\Trend Micro
2008-12-09 21:43 <DIR> --d----- c:\windows\system32\NtmsData
2008-12-09 21:08 <DIR> --d----- C:\cmdcons
2008-12-09 21:04 161,792 a------- c:\windows\SWREG.exe
2008-12-09 21:04 98,816 a------- c:\windows\sed.exe
2008-12-09 06:59 <DIR> --d----- c:\docume~1\james\applic~1\Malwarebytes
2008-12-09 06:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-09 06:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 06:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 06:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-08 12:47 0 a------- c:\windows\1.ini
2008-12-06 18:08 143,872 a------- c:\windows\system32\wow953_178.dll
2008-12-06 18:08 20 a------- c:\windows\syscheck
2008-12-03 10:41 76,787 a------- c:\windows\War3Unin.dat
2008-12-03 10:41 139,264 a------- c:\windows\War3Unin.exe
2008-12-03 10:41 2,829 a------- c:\windows\War3Unin.pif
2008-12-03 10:37 <DIR> --d----- C:\war
2008-11-22 19:00 <DIR> --d----- c:\program files\Ventrilo
2008-11-22 19:00 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

==================== Find3M ====================

2008-12-10 20:54 170,886 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-10-24 11:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-17 12:51 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-17 12:51 3,812 a------- c:\windows\system32\ealregsnapshot1.reg
2008-10-16 10:37 659,456 a------- c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-05-18 10:34 306,580 a------- c:\program files\1840_flyer1.pdf
2008-05-13 19:58 306 a------- c:\program files\vidgow2gameplayhi.asx
2008-05-11 18:42 6,200,817 a------- c:\program files\EDR.zip
2008-05-11 18:38 4,172,182 a------- c:\program files\recoveryfixwindows.exe
2008-05-11 18:37 7,985,496 a------- c:\program files\RecoverMyFiles-Setup.exe
2008-05-11 18:28 197,233 a------- c:\program files\restoration.exe
2008-05-07 17:45 29,828,880 a------- c:\program files\UAW_Patch2.exe
2008-05-01 21:17 519,336 a------- c:\program files\aoc20080416.exe
2008-04-27 14:25 19,092 a------- c:\program files\Glider.log
2008-04-27 14:25 8,166 a------- c:\program files\Glider.config.xml
2008-04-27 14:25 473 a------- c:\program files\NewDebuffs.xml
2008-04-27 14:25 2,351 a------- c:\program files\Combat.log
2008-04-27 14:25 169 a------- c:\program files\Chat.log
2008-04-27 14:24 13,183 a------- c:\program files\Attach.wav
2008-04-27 14:23 42,791 a------- c:\program files\Glider.LastRun.log
2008-04-27 13:56 1,794,048 a------- c:\program files\GliderDeploy.exe
2008-04-07 23:03 27,334 a------- c:\program files\sig2.JPG
2008-04-07 22:59 36,582 a------- c:\program files\sig.JPG
2008-04-07 22:41 7,426 a------- c:\program files\avatar2.JPG
2008-04-07 17:55 75,649 a------- c:\program files\Paladin.JPG
2008-03-03 21:46 1,088 a------- c:\program files\Readme.txt
2007-12-31 15:31 28,528 a------- c:\program files\inquisition_daemonhunt_mod.htm
2007-12-18 18:01 22,328 a------- c:\docume~1\james\applic~1\PnkBstrK.sys
2007-09-14 15:04 1 a------- c:\documents and settings\james\SI.bin
2005-08-06 15:22 4,582 a------- c:\program files\deviance.nfo
2003-09-03 06:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 20:58:49.54 ===============

Attached Files



#10 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 21 December 2008 - 10:42 AM

Hi dragonjk,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

BitTorrent and Azureus and DNA and LimeWire
You have BitTorrent and Azureus and DNA and LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall BitTorrent and Azureus and DNA and LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are three options in the window to clear the cache - Leave all 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download [url="http://eric.71.mespages.googlepages.com/LopSD.exe"]Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Also, please post a new HijackThis log.
Posted Image

#11 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 23 December 2008 - 10:48 PM

Sorry ive been rather busy. I am a chef irl and ive had alot of work latly due to it nearing chistmas. But i have the week off now so Ill be posting my logs shortly

#12 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 23 December 2008 - 10:51 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 6400 @ 2.13GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : James ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : ZoneAlarm Firewall 8.0.065.000 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:322 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 24/12/2008| 3:46 )

--------------------\\ Listing folders in APPLIC~1

[14/10/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2DBoy
[11/05/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
[12/01/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/10/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/05/2007|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/06/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[17/05/2007|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[26/09/2008|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[05/05/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Funcom
[11/05/2007|16:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[27/06/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/03/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[27/08/2007|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[17/06/2007|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Laconic Software
[09/12/2008|06:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/12/2008|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[18/09/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[03/11/2007|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[07/06/2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[06/06/2007|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[12/06/2007|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
[02/07/2007|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sky
[11/12/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[21/09/2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[11/05/2007|06:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/05/2007|06:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[19/02/2008|21:09] C:\DOCUME~1\James\APPLIC~1\Adobe
[17/05/2007|13:03] C:\DOCUME~1\James\APPLIC~1\Apple Computer
[14/11/2007|20:24] C:\DOCUME~1\James\APPLIC~1\Azureus
[16/12/2008|19:01] C:\DOCUME~1\James\APPLIC~1\BitTorrent
[13/03/2008|12:03] C:\DOCUME~1\James\APPLIC~1\BitTorrent DNA
[17/05/2008|15:35] C:\DOCUME~1\James\APPLIC~1\CNC_Generals_World
[11/05/2008|12:19] C:\DOCUME~1\James\APPLIC~1\Command & Conquer 3 Kane's Wrath
[14/05/2007|19:20] C:\DOCUME~1\James\APPLIC~1\Command & Conquer 3 Tiberium Wars
[28/04/2008|14:42] C:\DOCUME~1\James\APPLIC~1\DAEMON Tools
[18/09/2007|22:53] C:\DOCUME~1\James\APPLIC~1\DivX
[24/12/2008|03:38] C:\DOCUME~1\James\APPLIC~1\DNA
[28/05/2007|01:40] C:\DOCUME~1\James\APPLIC~1\DriveHQ
[28/05/2007|01:39] C:\DOCUME~1\James\APPLIC~1\DriveHQHOOK
[24/02/2008|11:57] C:\DOCUME~1\James\APPLIC~1\dvdcss
[11/05/2007|16:32] C:\DOCUME~1\James\APPLIC~1\Google
[02/07/2007|07:49] C:\DOCUME~1\James\APPLIC~1\Grisoft
[16/12/2007|15:56] C:\DOCUME~1\James\APPLIC~1\Help
[11/05/2007|06:11] C:\DOCUME~1\James\APPLIC~1\Identities
[19/10/2008|22:59] C:\DOCUME~1\James\APPLIC~1\IGN_DLM
[19/05/2008|13:18] C:\DOCUME~1\James\APPLIC~1\InstallShield Installation Information
[02/07/2007|21:40] C:\DOCUME~1\James\APPLIC~1\Kontiki
[10/05/2008|23:09] C:\DOCUME~1\James\APPLIC~1\LimeWire
[08/10/2007|21:24] C:\DOCUME~1\James\APPLIC~1\Macromedia
[09/12/2008|06:59] C:\DOCUME~1\James\APPLIC~1\Malwarebytes
[06/06/2007|22:43] C:\DOCUME~1\James\APPLIC~1\Media Player Classic
[27/06/2008|10:10] C:\DOCUME~1\James\APPLIC~1\Microsoft
[20/06/2008|14:40] C:\DOCUME~1\James\APPLIC~1\Mozilla
[03/11/2007|17:18] C:\DOCUME~1\James\APPLIC~1\NCH Swift Sound
[06/06/2007|22:43] C:\DOCUME~1\James\APPLIC~1\Real
[11/05/2008|18:40] C:\DOCUME~1\James\APPLIC~1\RecoveryFix for Windows
[12/06/2007|21:03] C:\DOCUME~1\James\APPLIC~1\Screaming Bee
[01/12/2007|19:22] C:\DOCUME~1\James\APPLIC~1\SecondLife
[11/05/2007|13:40] C:\DOCUME~1\James\APPLIC~1\SecuROM
[17/10/2008|13:18] C:\DOCUME~1\James\APPLIC~1\SPORE
[19/02/2008|20:39] C:\DOCUME~1\James\APPLIC~1\Sun
[27/09/2008|19:42] C:\DOCUME~1\James\APPLIC~1\SystemRequirementsLab
[18/09/2007|22:50] C:\DOCUME~1\James\APPLIC~1\Talkback
[12/02/2008|00:49] C:\DOCUME~1\James\APPLIC~1\teamspeak2
[15/06/2008|11:39] C:\DOCUME~1\James\APPLIC~1\U3
[22/11/2008|19:02] C:\DOCUME~1\James\APPLIC~1\Ventrilo
[05/10/2007|18:53] C:\DOCUME~1\James\APPLIC~1\vlc

[12/05/2008|07:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Acronis
[11/06/2007|01:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/06/2007|01:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[23/12/2008 17:00][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[18/12/2008 03:00][--a------] C:\WINDOWS\tasks\RegCure.job
[19/12/2008 10:40][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/12/2008 20:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/05/2008|23:54] C:\Program Files\7-Zip
[27/04/2008|14:00] C:\Program Files\Accounts
[11/05/2008|22:00] C:\Program Files\Acronis
[12/01/2008|12:36] C:\Program Files\Adobe
[15/12/2008|23:15] C:\Program Files\Advanced Sound Recorder
[27/09/2008|19:58] C:\Program Files\AGEIA Technologies
[22/06/2008|13:43] C:\Program Files\Ai
[15/10/2008|09:56] C:\Program Files\Apple Software Update
[12/12/2008|18:06] C:\Program Files\AskBarDis
[27/06/2008|10:11] C:\Program Files\AVG
[11/10/2008|19:40] C:\Program Files\Bethesda Softworks
[01/05/2008|04:30] C:\Program Files\BitTorrent
[13/03/2008|12:03] C:\Program Files\BitTorrent_DNA
[27/04/2008|14:00] C:\Program Files\Classes
[17/05/2008|15:29] C:\Program Files\CNC 3 Map Manager
[09/12/2008|22:59] C:\Program Files\Common Files
[11/05/2007|06:00] C:\Program Files\ComPlus Applications
[28/09/2008|06:44] C:\Program Files\Curse
[28/04/2008|14:57] C:\Program Files\DAEMON Tools
[27/04/2008|13:58] C:\Program Files\DefaultScripts
[03/06/2008|18:37] C:\Program Files\Diablo II
[07/05/2008|17:32] C:\Program Files\DIFX
[29/02/2008|10:52] C:\Program Files\Digital Surveillance Recorder
[12/05/2007|18:43] C:\Program Files\directx
[19/02/2008|21:10] C:\Program Files\DivX
[20/12/2008|20:30] C:\Program Files\DNA
[25/09/2008|19:49] C:\Program Files\Download Manager
[21/04/2008|21:22] C:\Program Files\DriftCity
[17/05/2008|18:26] C:\Program Files\EA Games
[17/10/2008|12:51] C:\Program Files\Electronic Arts
[11/12/2008|16:44] C:\Program Files\Enigma Software Group
[13/01/2008|20:01] C:\Program Files\Game Cam v1.4
[25/04/2008|12:24] C:\Program Files\GameSpy
[11/05/2007|17:24] C:\Program Files\Google
[29/03/2008|20:03] C:\Program Files\Gravity
[27/06/2008|10:11] C:\Program Files\Grisoft
[05/10/2007|18:22] C:\Program Files\Haali
[18/02/2008|19:33] C:\Program Files\Handbrake
[26/06/2007|11:10] C:\Program Files\Hewlett-Packard
[17/12/2007|12:42] C:\Program Files\id Software
[23/02/2008|14:23] C:\Program Files\ImTOO
[11/12/2008|09:08] C:\Program Files\InstallShield Installation Information
[06/06/2007|12:54] C:\Program Files\Intel
[30/06/2007|00:00] C:\Program Files\InterActual
[16/12/2008|16:49] C:\Program Files\Internet Explorer
[29/06/2007|08:58] C:\Program Files\iPod
[23/03/2008|20:39] C:\Program Files\IrfanView
[29/06/2007|08:58] C:\Program Files\iTunes
[29/10/2008|19:56] C:\Program Files\Java
[02/07/2007|21:39] C:\Program Files\KService
[24/12/2008|03:39] C:\Program Files\LimeWire
[09/12/2008|06:59] C:\Program Files\Malwarebytes' Anti-Malware
[06/06/2007|22:42] C:\Program Files\Media Player Classic
[16/12/2008|16:49] C:\Program Files\Messenger
[11/05/2007|06:06] C:\Program Files\microsoft frontpage
[21/12/2007|09:35] C:\Program Files\Microsoft Games
[03/11/2007|17:22] C:\Program Files\Morpheus
[15/01/2008|20:57] C:\Program Files\Movie Maker
[24/12/2008|03:44] C:\Program Files\Mozilla Firefox
[02/11/2008|17:30] C:\Program Files\MSBuild
[16/05/2007|18:12] C:\Program Files\MSN
[17/05/2007|13:52] C:\Program Files\MSN Apps
[11/05/2007|06:00] C:\Program Files\MSN Gaming Zone
[04/06/2007|20:30] C:\Program Files\MSN Messenger
[24/06/2007|12:38] C:\Program Files\MSXML 4.0
[15/12/2008|03:01] C:\Program Files\MSXML 6.0
[03/11/2007|18:30] C:\Program Files\NCH Software
[03/11/2007|17:18] C:\Program Files\NCH Swift Sound
[07/06/2007|14:18] C:\Program Files\Nero
[11/05/2007|06:02] C:\Program Files\NetMeeting
[11/05/2007|21:43] C:\Program Files\NVIDIA Corporation
[11/05/2007|06:00] C:\Program Files\Online Services
[27/08/2007|02:38] C:\Program Files\Outlook Express
[16/12/2008|19:01] C:\Program Files\PeerGuardian2
[04/10/2007|08:11] C:\Program Files\PowerISO
[27/04/2008|14:16] C:\Program Files\Profiles
[01/12/2007|22:50] C:\Program Files\QuickTime
[06/06/2007|22:42] C:\Program Files\Real Alternative
[12/06/2007|21:32] C:\Program Files\Realtek
[11/12/2008|15:42] C:\Program Files\Realtek AC97
[02/11/2008|17:27] C:\Program Files\Reference Assemblies
[09/12/2008|20:52] C:\Program Files\RegCure
[11/05/2008|18:29] C:\Program Files\REST2514
[27/04/2008|13:58] C:\Program Files\Scripts
[07/05/2008|17:22] C:\Program Files\Sega
[11/12/2008|16:10] C:\Program Files\Spybot - Search & Destroy
[21/12/2008|23:25] C:\Program Files\Steam
[02/07/2008|00:29] C:\Program Files\StepVoice Recorder
[28/08/2007|19:41] C:\Program Files\StickMen Screen Saver
[08/11/2007|12:19] C:\Program Files\SurfAnonymous
[27/09/2008|19:42] C:\Program Files\SystemRequirementsLab
[12/02/2008|00:49] C:\Program Files\Teamspeak2_RC2
[12/12/2008|18:01] C:\Program Files\The Cleaner Demo
[10/04/2008|18:33] C:\Program Files\THQ
[11/06/2008|10:13] C:\Program Files\Tortun
[09/08/2007|11:03] C:\Program Files\Traffic Shaper XP Client
[09/08/2007|11:06] C:\Program Files\Traffic Shaper XP Server
[09/12/2008|21:49] C:\Program Files\Trend Micro
[14/07/2007|14:52] C:\Program Files\Ubisoft
[31/08/2007|12:06] C:\Program Files\UI Central
[12/12/2008|17:42] C:\Program Files\Uniblue
[11/05/2007|06:11] C:\Program Files\Uninstall Information
[19/05/2008|13:02] C:\Program Files\Unreal Tournament 3
[22/11/2008|19:00] C:\Program Files\Ventrilo
[05/10/2007|18:41] C:\Program Files\VideoLAN
[22/12/2008|00:47] C:\Program Files\Warcraft III
[27/08/2007|02:40] C:\Program Files\Windows Media Player
[11/05/2007|06:00] C:\Program Files\Windows NT
[11/05/2007|06:02] C:\Program Files\WindowsUpdate
[11/08/2007|12:42] C:\Program Files\WinRAR
[26/05/2007|11:54] C:\Program Files\WinXMedia
[16/12/2008|00:46] C:\Program Files\World of Warcraft
[26/09/2008|16:32] C:\Program Files\World of Warcraft Public Test
[15/11/2008|01:19] C:\Program Files\WorldOfGoo
[24/11/2007|23:19] C:\Program Files\XBC
[11/05/2007|06:06] C:\Program Files\xerox
[26/05/2007|13:00] C:\Program Files\Xilisoft
[24/09/2008|12:55] C:\Program Files\XpertVision
[12/12/2008|18:04] C:\Program Files\Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/05/2008|22:00] C:\Program Files\Common Files\Acronis
[12/01/2008|12:37] C:\Program Files\Common Files\Adobe
[26/09/2008|07:32] C:\Program Files\Common Files\Blizzard Entertainment
[01/03/2008|10:26] C:\Program Files\Common Files\DirectX
[01/03/2008|10:06] C:\Program Files\Common Files\InstallShield
[11/05/2007|06:06] C:\Program Files\Common Files\Java
[07/12/2007|13:25] C:\Program Files\Common Files\Microsoft Shared
[11/05/2007|06:01] C:\Program Files\Common Files\MSSoap
[11/05/2007|06:55] C:\Program Files\Common Files\ODBC
[12/06/2007|21:03] C:\Program Files\Common Files\Screaming Bee
[11/05/2007|06:01] C:\Program Files\Common Files\Services
[02/11/2007|14:32] C:\Program Files\Common Files\snp2std
[11/05/2007|06:55] C:\Program Files\Common Files\SpeechEngines
[27/08/2007|02:38] C:\Program Files\Common Files\System
[22/11/2008|19:00] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 58 Processes )

IEXPLORE.EXE ~ [PID:8024]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\James\Cookies\james@advertstream[2].txt
C:\DOCUME~1\James\Cookies\james@adverts[2].txt
C:\DOCUME~1\James\Cookies\james@messagespace.advertserve[2].txt
C:\DOCUME~1\James\Cookies\james@monstersandcritics.advertserve[1].txt
C:\DOCUME~1\James\Cookies\james@sharpadverts[1].txt
C:\DOCUME~1\James\Cookies\james@stanzapub.advertserve[1].txt
C:\DOCUME~1\James\Cookies\james@ads.poweradvertising[2].txt
C:\DOCUME~1\James\Cookies\james@partypoker[2].txt
C:\DOCUME~1\James\Cookies\james@32vegas[2].txt
C:\DOCUME~1\James\Cookies\james@banner.32vegas[1].txt
C:\DOCUME~1\James\Cookies\james@888[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 03:47:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\James\Application Data\BitTorrent\AVG Anti-Spyware Plus 7.5.1.43 + Crack.torrent
C:\DOCUME~1\James\Application Data\BitTorrent\Quake4.DVD-Fullcrack.works.torrent
C:\DOCUME~1\James\Cookies\james@crackserialkeygen[2].txt
C:\DOCUME~1\James\Cookies\james@www.keygen[2].txt
C:\DOCUME~1\James\My Documents\Morpheus Shared\Downloads\Partials\Nero 7.0.1.2 Ultra Edition with Keygen - English.rar
C:\DOCUME~1\James\My Documents\Morpheus Shared\Downloads\Torrents\[isoHunt] Nero 7[1].0.1.2 Ultra Edition with Keygen - English.rar.torrent
C:\DOCUME~1\James\Recent\Bioshock DVD9 ONEHiTWONDER + Crack iso [www[1].Fulldls.com].lnk
C:\DOCUME~1\James\Recent\Crack.lnk


[F:469][D:35]-> C:\DOCUME~1\James\LOCALS~1\Temp
[F:2945][D:0]-> C:\DOCUME~1\James\Cookies
[F:409][D:4]-> C:\DOCUME~1\James\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 24/12/2008| 3:49 - Option : [1]

--------------------\\ Scan completed at 3:49:03




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:40, on 24/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\James\My Documents\i-hate-keyloggers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10533 bytes

#13 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 24 December 2008 - 01:28 AM

dragonjk,

You're infected because you download cracks.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\DOCUME~1\James\Application Data\BitTorrent\AVG Anti-Spyware Plus 7.5.1.43 + Crack.torrent
    C:\DOCUME~1\James\Application Data\BitTorrent\Quake4.DVD-Fullcrack.works.torrent
    C:\DOCUME~1\James\Cookies\james@crackserialkeygen[2].txt
    C:\DOCUME~1\James\Cookies\james@www.keygen[2].txt
    C:\DOCUME~1\James\My Documents\Morpheus Shared\Downloads\Partials\Nero 7.0.1.2 Ultra Edition with Keygen - English.rar
    C:\DOCUME~1\James\My Documents\Morpheus Shared\Downloads\Torrents\[isoHunt] Nero 7[1].0.1.2 Ultra Edition with Keygen - English.rar.torrent
    C:\DOCUME~1\James\Recent\Bioshock DVD9 ONEHiTWONDER + Crack iso [www[1].Fulldls.com].lnk
    C:\DOCUME~1\James\Recent\Crack.lnk
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Then

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
Posted Image

#14 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 25 December 2008 - 09:50 PM

Firefox still has issues booting. also when my comp booted up after the reset, i got an erro saying c:/documents doesnt exist or somthing like that, plus the comp beeped twice in quick succession.

Edited by dragonjk, 25 December 2008 - 10:22 PM.


#15 dragonjk

dragonjk
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 25 December 2008 - 10:23 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:23:04, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\steam\steam.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\James\My Documents\i-hate-keyloggers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\James\My Documents\i-hate-keyloggers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10820 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users