Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Help Needed!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Graveworm

Graveworm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 08 July 2011 - 09:42 AM

Hi and HELP!

Everything's gone to bleep, basically...
I think I'm infected with a rootkit. I cannot access Spybot or any of the other security software.
I have JUST managed to run Hijack this by creating a new user in the permissions and running it from a DOS prompt.
Anyway, here's the log.
Hope someone can help me out here, just got bleep loads of work in and can't do a damn thing...

Thanks if anyone can help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:34, on 08/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HIJACK~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GTablet] C:\PROGRA~1\GENIUS~1\GTablet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\\ATHALONXP\EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P34 "\\ATHALONXP\EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [\\Niclaptop\EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P34 "\\Niclaptop\EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\Crypto\CRYPTO~1\TVTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\Utorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [Screenshot Captor] "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [googletalk] C:\Documents and Settings\Nic\Application Data\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Anti-Malware Lab] "C:\Documents and Settings\All Users.WINDOWS\Application Data\a50f91\AMa50_231.exe" /s /d
O4 - HKUS\S-1-5-21-1390067357-1202660629-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-1390067357-1202660629-725345543-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1390067357-1202660629-725345543-500\..\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: cumulus.lnk = C:\Program Files\Cumulus_Weather\cumulus.exe
O4 - Startup: MagicDisc.lnk.disabled
O4 - Startup: setup_9.0.0.722_07.07.2011_03-13.lnk = C:\Program Files\Virus Removal Tool1\setup_9.0.0.722_07.07.2011_03-13\startup.exe
O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KW - Unknown owner - C:\DOCUME~1\Nic\LOCALS~1\Temp\KW.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RGGRPCIPGWCY - Unknown owner - C:\DOCUME~1\Nic\LOCALS~1\Temp\RGGRPCIPGWCY.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\PROGRA~1\WinPcap\rpcapd.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware / Darkwet - C:\Program Files\wLite\wService.exe

--
End of file - 14039 bytes

Hi,

I know in the rules it says not to bump posts, but I'm wondering if mine's been overlooked. I can only use my comp in SAFE MODE at the moment.
I've done another Hijack This run, here's the log. Please, if anyone can help. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:10, on 12/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cumulus_Weather\cumulus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Serif\WebPlus\X5\Program\WebPlus.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 3\lightroom.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GTablet] C:\PROGRA~1\GENIUS~1\GTablet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\\ATHALONXP\EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P34 "\\ATHALONXP\EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [\\Niclaptop\EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P34 "\\Niclaptop\EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\Crypto\CRYPTO~1\TVTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\Utorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [Screenshot Captor] "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: cumulus.lnk = C:\Program Files\Cumulus_Weather\cumulus.exe
O4 - Startup: MagicDisc.lnk.disabled
O4 - Startup: setup_9.0.0.722_07.07.2011_03-13.lnk = C:\Program Files\Virus Removal Tool1\setup_9.0.0.722_07.07.2011_03-13\startup.exe
O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KW - Unknown owner - C:\DOCUME~1\Nic\LOCALS~1\Temp\KW.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RGGRPCIPGWCY - Unknown owner - C:\DOCUME~1\Nic\LOCALS~1\Temp\RGGRPCIPGWCY.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware / Darkwet - C:\Program Files\wLite\wService.exe

--
End of file - 15574 bytes

EDIT: Posts merged ~Budapest

Edited by Budapest, 12 July 2011 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 Graveworm

Graveworm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 13 July 2011 - 07:54 AM

Can anyone help with this problem, please.
I am now getting Windows telling me that since I loaded windows on this computer (5 years ago), the hardware has changed a lot and needs reactivating within 3 days. What is going on?

Please, if anyone can help! Here is the DDS report:


.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Nic at 18:24:06 on 2011-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1133 [GMT 3:00]
.
AV: ThreatFire *Enabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Anti-Malware Lab *Enabled/Updated* {D0D7D35A-76D1-41BD-9499-ACEB2F576DBD}
FW: PC Tools Firewall Plus *Enabled*
FW: Anti-Malware Lab *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cumulus_Weather\cumulus.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Serif\WebPlus\X5\Program\WebPlus.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Nic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: PimpFish Toolbar Opcode Handler: {29c88e20-4234-41b9-a9db-982958c95fb1} - c:\program files\pimpfish\PimpFish.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PimpFish: {d593de91-7b41-45c2-830e-e9a99ab142aa} - c:\program files\pimpfish\PimpFish.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [XarkaToday] c:\program files\today calendar\Today.exe
uRun: [X-Grabber] c:\program files\screenshot wizard\sswizard.exe
uRun: [Vidalia] "c:\documents and settings\nic\my documents\tor\tor browser\app\vidalia.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Screenshot Captor] "c:\program files\screenshotcaptor\ScreenshotCaptor.exe" /autorun
uRun: [RegClean Expert Scheduler] "c:\program files\registry clean expert\RCHelper.exe" /startup
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [DisplayFusion] c:\program files\displayfusion\DisplayFusion.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [BambooScribe.exe] "c:\program files\vision objects\bamboo scribe\BambooScribe.exe" /i
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
uRun: [AdobeBridge]
mRun: [TVTray] c:\progra~1\crypto\crypto~1\TVTray.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [sfagent] c:\program files\fighters\spamfighter\sfagent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Live Update 5] c:\program files\msi\live update 5\LU5.exe /reminder
mRun: [GTablet] c:\progra~1\genius~1\GTablet.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [D-Link AirPlus XtremeG DWL-G122] c:\program files\d-link\airplus xtremeg dwl-g122\AirGCFG.exe
mRun: [BambooScribeAutoStart.vbe] "c:\program files\vision objects\bamboo scribe\BambooScribeAutoStart.vbe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.3\apdproxy.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\nic\startm~1\programs\startup\cumulus.lnk - c:\program files\cumulus_weather\cumulus.exe
StartupFolder: c:\docume~1\nic\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\documents and settings\nic\start menu\programs\startup\ProjectWhois.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\directoc.lnk - c:\program files\msi\directoc\StartDirectOC.exe
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\PC Alert 4.lnk.disabled
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Register Mask Pro 3.0.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\rupsmo~1.lnk - c:\program files\megatec\upsilon 2000\Monw32.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm
IE: &SHOUTcast Search - c:\documents and settings\all users.windows\application data\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Flash with Flash Capture - c:\program files\flash capture\dl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - c:\program files\eltima software\flash decompiler trillix\saveflash\iebt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{88FD72C9-7BB7-4A56-AD67-6544FEDC926C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DBC777F1-6D06-41B2-A44F-6D5EB8D52BA2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nic\application data\mozilla\firefox\profiles\n8dcn3bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\nic\application data\mozilla\firefox\profiles\n8dcn3bq.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nic\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\nic\application data\mozilla\firefox\profiles\n8dcn3bq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\nic\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\nic\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\octoshape streaming services\nic\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll
FF - plugin: c:\program files\octoshape streaming services\nic\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\dnaml\npdbplug.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 46883862;46883862 Boot Guard Driver;c:\windows\system32\drivers\46883862.sys [2011-7-7 37392]
R0 65614672;65614672 Boot Guard Driver;c:\windows\system32\drivers\65614672.sys [2011-7-7 37392]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-6-20 30600]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-6-20 20744]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2008-7-15 19478]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-1-28 159600]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-7 18816]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2008-7-15 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2008-7-15 431236]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-6-20 187528]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-15 16168]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-6-20 35720]
S0 oymvpkc;oymvpkc;c:\windows\system32\drivers\gpuwnkra.sys --> c:\windows\system32\drivers\gpuwnkra.sys [?]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-7-9 28552]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 46883861;46883861;c:\windows\system32\drivers\46883861.sys [2011-7-7 128016]
S1 65614671;65614671;c:\windows\system32\drivers\65614671.sys [2011-7-7 128016]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-7 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-7 309848]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-6-20 14216]
S1 KProcessHacker2;KProcessHacker2;c:\program files\process hacker 2\kprocesshacker.sys [2011-6-6 32840]
S1 setup_9.0.0.722_07.07.2011_03-13drv;setup_9.0.0.722_07.07.2011_03-13drv;c:\windows\system32\drivers\4688386.sys [2011-7-7 315408]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2008-7-15 64093]
S2 231;231;\??\c:\docume~1\nic\locals~1\temp\231.sys --> c:\docume~1\nic\locals~1\temp\231.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-7 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-7 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-19 21992]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [2008-7-15 34376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-1-28 73840]
S2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\drivers\trackcam.sys [2009-9-10 77888]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-9-17 212608]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-19 1691480]
S3 gsernt;gsernt;c:\windows\system32\drivers\gsernt.sys [2007-4-28 24192]
S3 KW;KW;c:\docume~1\nic\locals~1\temp\KW.exe [2011-7-6 519040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-4 22712]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3F.tmp [2011-7-7 6144]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-1-5 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-1-5 7680]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I);c:\windows\system32\drivers\Nuvision.sys [2009-9-18 259528]
S3 PCAlertDriver;PCAlertDriver;c:\program files\msi\pc alert 4\NTGLM7X.sys [2007-3-2 28160]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-1-28 95640]
S3 phil2vid;Philips USB VGA Camera;c:\windows\system32\drivers\philcam2.sys [2009-8-19 173696]
S3 PhTVTune;Crypto PC TV Radio III WDM TVTuner (FM1216ME);c:\windows\system32\drivers\PhTVTune.sys [2007-3-2 27808]
S3 RGGRPCIPGWCY;RGGRPCIPGWCY;c:\docume~1\nic\locals~1\temp\RGGRPCIPGWCY.exe [2011-7-6 560000]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12672]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2008-12-20 2875392]
S4 Eagletron TrackerPod Service;Eagletron TrackerPod Service;c:\program files\common files\eagletron\TrackerPodSvcSvr.exe [2009-9-10 135168]
S4 EasyHideIP;EasyHideIP;c:\program files\easy-hide-ip\services\EasyHideIp.exe [2009-5-6 45056]
S4 HttpCheckXP;HttpCheckXP;c:\program files\website monitor\HttpCheckXP.exe [2004-10-12 866816]
S4 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-07-13 15:21:41 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-07-13 13:02:02 -------- d-----w- c:\program files\Runtime Software
2011-07-13 10:53:29 -------- d-----w- c:\documents and settings\nic\application data\Windows Search
2011-07-12 23:14:23 -------- d-----w- c:\documents and settings\nic\application data\AVG8
2011-07-12 21:09:55 545 ----a-w- c:\windows\UC.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\RAR.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\LHA.PIF
2011-07-12 21:09:55 545 ----a-w- c:\windows\ARJ.PIF
2011-07-12 21:09:55 -------- d-----w- C:\totalcmd
2011-07-12 21:09:55 -------- d-----w- c:\documents and settings\nic\application data\GHISLER
2011-07-12 17:13:30 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-12 17:13:27 -------- d-----w- c:\windows\system32\drivers\nss\0305010.006
2011-07-12 17:13:27 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-12 17:13:27 -------- d-----w- c:\program files\Norton Security Scan
2011-07-12 17:13:26 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
2011-07-12 17:13:21 -------- d-----w- c:\program files\NortonInstaller
2011-07-12 17:13:21 -------- d-----w- c:\documents and settings\all users.windows\application data\NortonInstaller
2011-07-12 17:07:46 269 ----a-w- c:\documents and settings\all users.windows\application data\bdinstall.bin
2011-07-11 13:04:35 -------- d-----w- c:\program files\Fiddler2
2011-07-08 23:21:41 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-07-08 21:45:25 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-07 09:23:20 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-07 01:43:15 6144 ------w- c:\windows\system32\3F.tmp
2011-07-07 01:38:28 37392 ----a-w- c:\windows\system32\drivers\46883862.sys
2011-07-07 01:38:28 315408 ----a-w- c:\windows\system32\drivers\4688386.sys
2011-07-07 01:38:28 128016 ----a-w- c:\windows\system32\drivers\46883861.sys
2011-07-07 01:38:27 -------- d-----w- c:\program files\Virus Removal Tool1
2011-07-07 01:35:44 6144 ------w- c:\windows\system32\2F.tmp
2011-07-07 01:35:35 6144 ------w- c:\windows\system32\2E.tmp
2011-07-07 01:30:57 37392 ----a-w- c:\windows\system32\drivers\65614672.sys
2011-07-07 01:30:57 315408 ----a-w- c:\windows\system32\drivers\6561467.sys
2011-07-07 01:30:57 128016 ----a-w- c:\windows\system32\drivers\65614671.sys
2011-07-07 01:29:07 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-07 01:28:59 40112 ----a-w- c:\windows\avastSS.scr
2011-07-07 01:28:53 -------- d-----w- c:\program files\AVAST Software
2011-07-07 01:28:53 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2011-07-06 11:26:02 -------- d-----w- c:\program files\Sophos
2011-07-06 10:00:50 -------- d-----w- c:\program files\Panda Security
2011-07-06 08:52:13 -------- d-----w- c:\program files\ESET
2011-07-06 08:32:19 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-07-06 00:24:36 711728 ----a-w- c:\windows\is-LVU74.exe
2011-07-05 20:13:18 5018 ----a-w- c:\windows\system32\tmp.reg
2011-07-05 19:59:55 -------- d-sh--w- c:\documents and settings\nic\application data\Anti-Malware Lab
2011-07-05 19:59:53 -------- d-sh--w- c:\documents and settings\all users.windows\application data\AMAGTL
2011-07-05 19:22:46 -------- d-----w- c:\documents and settings\nic\application data\QuickScan
2011-07-05 18:45:50 -------- d-----w- c:\program files\Defraggler
2011-07-02 12:50:56 -------- d-----w- c:\windows\system32\winrm
2011-07-02 12:50:52 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-07-02 12:50:20 -------- d-----w- c:\documents and settings\nic\application data\Windows Desktop Search
2011-07-02 12:48:49 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-02 12:48:49 -------- d-----w- c:\program files\Windows Desktop Search
2011-07-02 12:45:18 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-07-02 12:45:18 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-07-02 12:45:18 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-30 22:21:11 -------- d-sh--w- c:\documents and settings\nic\IECompatCache
2011-06-30 22:20:41 -------- d-sh--w- c:\documents and settings\nic\PrivacIE
2011-06-29 22:15:34 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-29 22:15:34 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-28 22:26:29 -------- d-----w- c:\documents and settings\nic\application data\Google Talk
2011-06-23 15:53:02 -------- d-----w- C:\Log
2011-06-23 15:52:37 27648 ----a-r- c:\windows\Setup_ck.exe
2011-06-23 15:52:37 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2011-06-23 15:52:37 18432 ----a-w- c:\windows\Setup_ck.dll
2011-06-23 15:52:37 165888 ----a-w- c:\windows\Ckconfig.exe
2011-06-23 15:52:37 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-06-23 15:52:25 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2011-06-23 15:52:24 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2011-06-23 15:52:20 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2011-06-23 00:05:19 -------- d-----w- c:\documents and settings\nic\application data\Kernel for Windows Data Recovery
2011-06-23 00:00:38 -------- d-----w- c:\program files\Kernel for Windows Data Recovery
2011-06-22 23:57:57 -------- d-----w- c:\program files\The Undelete Company
2011-06-22 23:46:46 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2011-06-22 22:29:49 -------- d-----w- c:\program files\LinuxLive USB Creator
2011-06-20 18:00:12 -------- d-sh--w- C:\BOOT
2011-06-20 18:00:02 20744 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-06-20 18:00:02 187528 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-06-20 18:00:01 35720 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-06-20 18:00:01 30600 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-06-20 18:00:01 14216 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-06-20 17:57:54 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-06-20 17:57:42 -------- d-----w- c:\program files\EASEUS
2011-06-20 14:27:16 -------- d-sh--w- c:\documents and settings\nic\IETldCache
2011-06-20 13:06:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-20 13:06:36 -------- d-----w- c:\windows\ie8updates
2011-06-20 13:06:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-20 13:06:27 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-20 13:06:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-20 13:06:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-20 13:06:27 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-20 13:06:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-20 13:06:27 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-20 13:05:15 -------- dc-h--w- c:\windows\ie8
2011-06-20 12:16:09 -------- d-----w- c:\program files\Test My Hardware
2011-06-20 10:37:42 -------- d-----w- c:\program files\Western Digital Corporation
2011-06-16 21:16:56 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-06-29 20:42:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 06:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 06:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 22:45:50 567 ----a-w- c:\windows\Vue 7 xStream.reg
2011-05-10 16:46:46 277 ----a-w- c:\windows\Vue 5 Infinite.reg
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-29 00:10:13 45115 ----a-w- c:\windows\system32\ANICtl.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 11:19:22 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-19 05:35:46 687616 ----a-w- c:\windows\system32\yowindow.scr
2009-12-17 06:58:39 50448 ----a-w- c:\program files\Uninstalppt2flash.exe
2008-09-22 00:56:30 2260480 ----a-w- c:\program files\pdf2swf.exe
2008-09-22 00:56:30 1231872 ----a-w- c:\program files\swfdump.exe
2008-09-22 00:56:30 1220096 ----a-w- c:\program files\swfbbox.exe
2008-09-22 00:56:30 1210368 ----a-w- c:\program files\swfstrings.exe
2008-09-22 00:56:30 1210368 ----a-w- c:\program files\font2swf.exe
2008-09-22 00:56:29 1335296 ----a-w- c:\program files\swfc.exe
2008-09-22 00:56:29 1253888 ----a-w- c:\program files\jpeg2swf.exe
2008-09-22 00:56:29 1228800 ----a-w- c:\program files\swfextract.exe
2008-09-22 00:56:29 1228288 ----a-w- c:\program files\swfcombine.exe
2008-09-22 00:56:29 1227264 ----a-w- c:\program files\gif2swf.exe
2008-09-22 00:56:29 1223168 ----a-w- c:\program files\png2swf.exe
2008-09-22 00:56:29 1219072 ----a-w- c:\program files\wav2swf.exe
2007-09-13 18:58:58 214485 ----a-w- c:\program files\ZS6Uninstal.exe
.
============= FINISH: 18:25:46.10 ===============

Edited by Graveworm, 13 July 2011 - 10:28 AM.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 15 July 2011 - 05:15 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Graveworm

Graveworm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 16 July 2011 - 04:24 AM

Hi and thanks for getting back to me.
Since I posted this, I've actually done a full reformat and loaded Windows 7, but still having problems with Windows freezing up so I can only use it in Safe Mode.
Fearing a hardware problem, and the need to get back to work, I've actually ordered a new PC.
So, unless you have any idea why Windows is still freezing up?

Thanks for your time

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 16 July 2011 - 11:12 AM

Hi!

If you did a full reformat and re-install, then the issues you are still experiencing with freezing up are more than likely hardware issues, and you may want to pop into the hardware forum to see what the techs have to say about that issue.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 24 July 2011 - 09:41 AM

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users