Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Won't Come Up And Extremely Bad Fps In Computer Game


  • Please log in to reply
39 replies to this topic

#1 ICYcold

ICYcold

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 June 2007 - 04:50 PM

And I cleaned out with an ATF scan...task manager still doesn't come up and AVG doesn't say anything about it either...please help :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 2:26:53 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\netshield.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Microsoft] netshield.exe
O4 - HKLM\..\RunServices: [Microsoft] netshield.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.videoraver.com/vrcloader.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107239853421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180760817234
O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.videoraver.com/videoraver.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 June 2007 - 11:42 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ICYcold :thumbsup:

Download KillBox to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:\WINDOWS\system32\netshield.exe

Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

****************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [Microsoft] netshield.exe
O4 - HKLM\..\RunServices: [Microsoft] netshield.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

Exit Hijackthis.

****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Restart your pc.
Post a new Hijackthis log please.
Let me know how your pc is running now.

Edited by RichieUK, 10 June 2007 - 05:48 PM.

Posted Image
Posted Image

#3 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 10 June 2007 - 03:32 PM

The link to killbox doesn't work :thumbsup:

edit: woops forgot I already had killbox nevermind

Edited by ICYcold, 10 June 2007 - 03:36 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 June 2007 - 05:47 PM

I've fixed the link for Killbox above,try it now.
Posted Image
Posted Image

#5 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 10 June 2007 - 10:05 PM

Posted Image


I noticed that when I came in to check how much time is left...its saying its checking more files that what it indicates...not to mention that when it ran down the last few seconds it jumped all the way to 9 hours....is that normal or did something blotch up?

Edited by ICYcold, 10 June 2007 - 10:06 PM.


#6 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 10 June 2007 - 10:22 PM

bit defender scan log


cs

Time


06:14:53

Files


587796

Folders


10499

Boot Sectors


3

Archives


15644

Packed Files


28934







Results

Identified Viruses


2

Infected Files


4

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


512816

Engine build


AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes


C:\hp\bin\Terminator.exe


Infected with: Trojan.Killapp.30208.A

C:\hp\bin\Terminator.exe


Disinfection failed

C:\hp\bin\Terminator.exe


Deleted

C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0023813.exe


Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0023813.exe


Disinfection failed

C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0023813.exe


Deleted

C:\WINDOWS\Clearer.exe


Infected with: Trojan.Divlo.A

C:\WINDOWS\Clearer.exe


Disinfection failed

C:\WINDOWS\Clearer.exe


Deleted

C:\WINDOWS\system32\Clearer.exe


Infected with: Trojan.Divlo.A

C:\WINDOWS\system32\Clearer.exe


Disinfection failed

C:\WINDOWS\system32\Clearer.exe


Deleted


HJT log

Logfile of HijackThis v1.99.1
Scan saved at 8:35:00 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.videoraver.com/vrcloader.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107239853421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180760817234
O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.videoraver.com/videoraver.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

My computer works a heck of a lot better....the CPU usage was always at 100% but now its lower than 10% and that would also indicate that my task manager now comes up :flowers:....im going to check if i can get better FPS in game and a general indicator that if thats ok i wont edit this for a while...because im playing the game :thumbsup:

Edited by ICYcold, 10 June 2007 - 10:41 PM.


#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 11 June 2007 - 04:26 AM

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.
Posted Image
Posted Image

#8 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 11 June 2007 - 05:03 PM

Scan History Details
Start Date: 6/11/2007 7:24:51 AM
End Date: 6/11/2007 11:15:55 AM
Total Time: 231 Min 4 Sec
Detected security risks

AdRotator/IconAds Adware (General) more information...
Details: AdRotator/IconAds is an ad exchange program which delivers advertisements to users' computers.
Status: Deleted

Files detected
C:\WINDOWS\system32\icondrop.db

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ROTATOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ROTATOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ROTATOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ROTATOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ROTATOR


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@atdmt[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@doubleclick[1].txt


AvenueMedia.InternetOptimizer Browser Plug-in more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT


E2Give Adware (General) more information...
Details: E2Give is an Internet Explorer Browser Helper Object (BHO) that redirects accesses to web merchants in order to claim their affiliate fees.
Status: Deleted

Files detected
C:\WINDOWS\system32\data.~
C:\WINDOWS\system32\key.~
C:\WINDOWS\system32\log.~


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Files detected
C:\WINDOWS\GatorPatch.log


IBIS.WebSearch Toolbar Toolbar more information...
Details: WebSearch Toolbar is an Internet Explorer search hijacker.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B1C27EC4-D176-403E-A0AB-8A42332FCAEB}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B1C27EC4-D176-403E-A0AB-8A42332FCAEB}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\ST3
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\ST3
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\ST3


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@mediaplex[1].txt


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@questionmarket[1].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@advertising[1].txt


webHancer Adware (General) more information...
Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHSURVEY
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHSURVEY
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHSURVEY


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CurVer


MediaMotor Trojan Downloader more information...
Details: MediaMotor is a trojan downloader that downloads and installs additional malware and adware from remote servers.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0D3F3CF0-4060-4257-BF18-77CE00454146}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{49217364-E570-4F9D-9CD2-62EB4780B2EE}\TypeLib


WindUpdates.PreviewAdService Adware (General) more information...
Details: WindUpdates.PreviewAdService is a variant of the WindUpdates adware component.
Status: Deleted

Files detected
C:\PROGRAM FILES\PREVIEW ADSERVICE\PrevAdComm.dll
C:\PROGRAM FILES\PREVIEW ADSERVICE


WindUpdates.MediaAccess Adware (General) more information...
Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop.
Status: Deleted

Files detected
C:\Program Files\Media Gateway\Info.txt


SafeSurfing.RsyncMon Browser Plug-in more information...
Details: SafeSurfing.RsyncMon is a SafeSurfing adware variant that installs as a Browser Helper Object (BHO) in Internet Explorer.
Status: Deleted

Files detected
C:\WINDOWS\ISSM0064.DAT

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IRSSYNCD
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IRSSYNCD
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IRSSYNCD


WindUpdates.MediaGateway Adware (General) more information...
Details: WindUpdates.MediaGateway is an adware application that displays advertising on the desktop, usually pop-ups.
Status: Deleted

Files detected
C:\PROGRAM FILES\MEDIA GATEWAY\Info.txt
C:\PROGRAM FILES\MEDIA GATEWAY


Zango.SecretChamber Adware Installer more information...
Details: Zango.SecretChamber is bundled with Zango Search Assistant and displays pop-up advertisements based on browsing behaviors.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\2
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\2
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\3
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\3
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable\Main
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable\Main
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable\Main
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable\Main
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\DefaultFile
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\DefaultFile
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\2
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\2
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\3
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\3
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DefaultIcon
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DefaultIcon
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Insertable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Insertable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Typelib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Typelib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Verb
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Verb\0
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Verb\0
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Verb\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Verb\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\VersionIndependentProgID


My Freeze/YourScreen Adware Bundler more information...
Details: My Freeze/YourScreen .com is a website which contains many screen savers , this site also bundled with many adwares such as Whenu.com, Save now etc
Status: Deleted

Files detected
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\control.txt
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\FreeRingtones.ico
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\FreeRingtones.url
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\PartyPoker.ico
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\PartyPoker.url
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\registryCleaner.ico
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\registryCleaner.url
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\wfallsaw.ico
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM\wfallsaw.url
C:\PROGRAM FILES\FREE OFFERS FROM FREEZE.COM


Command Service Adware (General) more information...
Details: Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES


SafeSurfing Browser Plug-in more information...
Details: SafeSurfing is a program that installs adware without the users consent.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\TDPER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\TDPER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\TDPER.EXE


Desktop Links Adware (General) more information...
Details: Desktop Links consists of various links and shortcuts placed on the desktop by adware and spyware programs. It includes folders and links placed in Internet Explorer's favorites list.

Files detected
C:\Program Files\Free Offers from Freeze.com\registryCleaner.ico


TitanPoker Potentially Unwanted Program more information...
Details: TitanPoker is an online casino game that requires a software download to the user's machine.
Status: Ignored

Files detected
C:\WINDOWS\system32\TitanPokerIconDropTRA107.ico


Adware.TDPop Adware (General) more information...
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME
HKEY_USERS\S-1-5-21-2078581234-2642307776-2663849099-1003\SOFTWARE\IANITIME

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 12 June 2007 - 02:11 AM

Restart your pc,post a new Hijackthis log into your next reply.
Let me know how its running now please.
Posted Image
Posted Image

#10 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 02 September 2007 - 05:01 PM

With an AVG scan I get that trojan and avg will clean it out but then it just keeps coming back I've also noticed a bit of a slow down and I get half as much pop ups coming through adblock on firefox than normal, and normal was pretty much only one or two...any help is greatly appreciated


HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:02:49 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.videoraver.com/vrcloader.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107239853421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180760817234
O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.videoraver.com/videoraver.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#11 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 11 September 2007 - 07:31 PM

can i please get some help here? internet explorer is almost useless now and my dad needs IE for work and other things and i have to use my ps3 to access my logs now...i need something to fix this fast or this computer might have to be completely wiped which i do not want =/

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 12 September 2007 - 11:56 AM

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#13 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 12 September 2007 - 07:35 PM

ComboFix 07-09-13.1 - "Owner" 2007-09-12 17:10:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -7:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\APPLIC~1\DOBE~1
C:\DOCUME~1\Owner\MYDOCU~1\DOBE~1
C:\DOCUME~1\Owner\MYDOCU~1\DOBE~2
C:\DOCUME~1\Owner\MYDOCU~1\ICROSO~1
C:\DOCUME~1\Owner\MYDOCU~1\internet.lnk
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\sembly~1
C:\WINDOWS\fnts~1
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\test.exe
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.

2007-09-12 17:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 14:45 <DIR> d-------- C:\Program Files\Amazing DVD Player
2007-09-09 13:24 <DIR> d-------- C:\Program Files\Komorebi
2007-09-09 13:20 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-09-09 13:20 <DIR> d-------- C:\Program Files\AVI Movie Player
2007-09-07 15:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-28 22:33 <DIR> d-------- C:\Program Files\CamStudio
2007-08-27 10:38 <DIR> d-------- C:\Program Files\BearShare Applications
2007-08-27 10:38 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BearShare
2007-08-27 10:38 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BearShare
2007-08-14 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
2007-08-14 21:40 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-08-14 21:40 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2007-08-14 21:40 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-08-14 21:40 <DIR> d-------- C:\Program Files\MAGIX
2007-08-12 16:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 16:41 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-10 20:09 --------- d---s---- C:\Program Files\Xfire
2007-09-08 17:57 --------- d-------- C:\Program Files\StepMania
2007-09-07 16:31 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-02 16:37 --------- d-------- C:\Program Files\Call of Duty
2007-08-29 19:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-08-29 19:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-08-28 22:28 --------- d-------- C:\Program Files\Game Cam Lite v1.4
2007-08-27 12:03 12245693 --a------ C:\AVG7QT.DAT
2007-08-25 18:48 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-08-25 18:48 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-28 13:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 20:05 --------- d-------- C:\Program Files\TRACTION In-Game Radio Player
2007-07-17 16:46 --------- d-------- C:\Program Files\Jailbreak
2007-07-17 16:41 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-14 13:35 --------- d-------- C:\Program Files\Apophysis 2(2).0
2007-07-14 13:34 --------- d-------- C:\Program Files\Kate's Video Converter
2007-07-14 13:34 --------- d-------- C:\Program Files\CamStudio(2)
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-03 01:13:49 56 --sh--r C:\WINDOWS\system32\939471D3F3.sys
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-05-03 01:13:49 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 17:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]
2005-12-01 16:39 113152 --a------ C:\WINDOWS\IECodecPlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 07:07]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 02:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 19:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-16 14:39]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 02:56]
"nwiz"="nwiz.exe" [2003-08-19 02:56 C:\WINDOWS\system32\nwiz.exe]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 08:54]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-06-25 18:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 21:25]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"NVIEW"="nview.dll,nViewLoadHook" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-05 23:30:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
AutoTBar.exe [2003-06-18 19:19:08]

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-29 12:44:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 12:26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-04 07:15 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Epson printer Registration.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson printer Registration.lnk
backup=C:\WINDOWS\pss\Epson printer Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
R2 KodakSvc;Kodak AiO Device Service;"C:\Program Files\Kodak\printer\center\KodakSvc.exe"
S2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
S3 gUSBSTOi;gUSBSTOi;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\gUSBSTOi.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

*Newly Created Service* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 21:31:55 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-09-12 22:09:17 C:\WINDOWS\Tasks\Kodak AiO Scheduled Maintenance.job"
- C:\Program Files\Kodak\Printer\Center\Kodak.Statistics.exe
"2005-09-17 00:37:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 17:23:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe"
.
Completion time: 2007-09-12 17:31:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 17:31
C:\ComboFix.2006-07-27.135032.txt ... 2006-07-27 13:09
C:\ComboFix2.txt ... 2006-07-27 14:00
.
--- E O F ---



HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:08 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Policies\Explorer\Run: [mspfrd] C:\WINDOWS\System32\mspfrd.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.videoraver.com/vrcloader.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107239853421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180760817234
O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.videoraver.com/videoraver.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://myspace-886.vo.llnwd.net/00167/68/81/167881886_s.jpg

--
End of file - 9611 bytes


Thanks for responding again...i can finally come into my thread and post using my computer and hijack this will open

I did get a threat detected from AVG though about a iexplorer trojan but i used avg to heal the file

Edited by ICYcold, 12 September 2007 - 07:50 PM.


#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 13 September 2007 - 04:13 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKCU\..\Policies\Explorer\Run: [mspfrd] C:\WINDOWS\System32\mspfrd.exe


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#15 ICYcold

ICYcold
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 13 September 2007 - 01:30 PM

I click on the kaspersky link and then a pop up tells me about benefits, requirements and limitations and the privacy and then i have to click accept or decline, but every time I click accept nothing happens, it just sits there =/

Edited by ICYcold, 13 September 2007 - 01:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users