|
|
|
Please check my HiJackThis log
|
|
|
fakestuff
Newbie
|
12. February 2008 @ 08:53 |
Link to this message
|
I had the error c:\windows\system32\gmzrotate.dll
I read a forum about someone else who had it and did what the person said that person should do and I had another error c:\windows\system32\aucgnnst.dll
I used that was one the other forum and I did the same thing for the aucgnnst.dll.
I was just wondering if you could check my Hijackthis log to see if there is any problems.
"Allow hijackthis to fix this line:
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify"
-----Log-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:38 AM, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
O2 - BHO: (no name) - {5BEA646D-6228-468A-AD54-7B48DA16BEF0} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\ddcddcy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\tbwnnkew.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Warkeys Update.exe.lnk = C:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1196405205390
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O20 - Winlogon Notify: ddcddcy - ddcddcy.dll (file missing)
O21 - SSODL: msmhost - {4135787E-25A6-4549-AB0F-76E593B3692D} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {5F7608B1-C215-418E-8866-74E22491109D} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hnyxwnpt.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10435 bytes
Thanks
|
|
Advertisement
|
 |
|
|
Member
|
13. February 2008 @ 22:12 |
Link to this message
|
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
you can select all the entries that end in (file missing)
looks like you had some real nasty trojans
because a clean hjt log (contrary to popular opinion) does not mean a clean computer i would do a online scan here:
ESET online scanner:
http://www.eset.com/onlinescan/
uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
echoreply
|
|
fakestuff
Newbie
|
15. February 2008 @ 20:41 |
Link to this message
|
Wow thanks for replaying, I did the HJT thing and am scanning right now. Sorry if I was not able to do it right away other people use this computer and I try my best to keep it clean.
Thanks
|
|
fakestuff
Newbie
|
15. February 2008 @ 21:12 |
Link to this message
|
|
Alright its done, it found for trojans I think.
------------
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2880 (20080215)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=5265d48212c1094bb8270e109a11b463
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-02-16 02:09:13
# local_time=2008-02-15 09:09:13 (-0500, Eastern Standard Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=480846
# found=4
# scan_time=2066
C:\Documents and Settings\Nadler's\Local Settings\Temp\lzn2wgt1.exe Win32/TrojanDownloader.Zlob.BNL trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nadler's\Local Settings\Temp\lzn2wgt1.exe »NSIS »barf.dll Win32/TrojanDownloader.Zlob.BNL trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nadler's\Local Settings\Temp\routipqno.exe probably a variant of Win32/TrojanDownloader.Obfuscated trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\hix\mirc.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
-----------------------
Thanks
|
Member
|
15. February 2008 @ 21:32 |
Link to this message
|
hi,
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
O2 - BHO: (no name) - {5BEA646D-6228-468A-AD54-7B48DA16BEF0} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\ddcddcy.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\tbwnnkew.dll (file missing)
O20 - Winlogon Notify: ddcddcy - ddcddcy.dll (file missing)
O21 - SSODL: msmhost - {4135787E-25A6-4549-AB0F-76E593B3692D} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {5F7608B1-C215-418E-8866-74E22491109D} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hnyxwnpt.exe (file missing)
-----------------------------------
one more download to get and run:
Download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
|
|
fakestuff
Newbie
|
15. February 2008 @ 23:57 |
Link to this message
|
Here it is:
The report:
------------
SDFix: Version 1.142
Run by Nadler's on 15/02/2008 at 11:40 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS\system32
:lol 4770600
:lol.exe 8768
Total size: 4779368 bytes.
system32: deleted 4779368 bytes in 2 streams.
Checking for remaining Streams
C:\WINDOWS\system32
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 23:45:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c7,db,2a,0c,fc,33,09,4d,40,3a,6f,a1,04,04,1b,61,19,e1,b8,cd,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2d,5d,81,24,12,83,12,4e,5b,4d,53,22,6d,ef,f3,66,00,cd,84,0c,05,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="64.71.255.198"
"DhcpDomain"="phub.net.cable.rogers.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91B49097-7980-4CED-9E6A-4DB8ADCAF64C}]
"LeaseObtainedTime"=dword:47b65dd0
"T1"=dword:47b65dd0
"T2"=dword:47b65dd0
"DhcpRetryTime"=dword:00000000
"DhcpRetryStatus"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{91B49097-7980-4CED-9E6A-4DB8ADCAF64C}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:47b65dd0
"T1"=dword:47b65dd0
"T2"=dword:47b65dd0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2d,5d,81,24,12,83,12,4e,5b,4d,53,22,6d,ef,f3,66,00,cd,84,0c,05,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 117
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\hnyxwnpt.exe"="C:\\WINDOWS\\system32\\hny"
"C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme:*:Disabled:GunBound"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Disabled:Apache HTTP Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\kidonadler\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\kidonadler\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Nadler's\\Desktop\\MIRC.v6.31withCrack\\crack\\mirc.exe"="C:\\Documents and Settings\\Nadler's\\Desktop\\MIRC.v6.31withCrack\\crack\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\MARS\\MR97310\\marscamc.exe"="C:\\Program Files\\MARS\\MR97310\\marscamc.exe:*:Enabled:MarsCam CIF"
"C:\\Documents and Settings\\Nadler's\\Desktop\\pickup.listchecker.exe"="C:\\Documents and Settings\\Nadler's\\Desktop\\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"C:\\Documents and Settings\\Nadler's\\Desktop\\PickUpListChecker\\pickup.listchecker.exe"="C:\\Documents and Settings\\Nadler's\\Desktop\\PickUpListChecker\\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Nadler's\\Desktop\\heythere.exe"="C:\\Documents and Settings\\Nadler's\\Desktop\\heythere.exe:*:Enabled:heythere"
"C:\\Program Files\\SPSSInc\\SPSS16\\spss.com"="C:\\Program Files\\SPSSInc\\SPSS16\\spss.com:*:Disabled:SPSS 16.0 (1033:com)"
"C:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"="C:\\Program Files\\SPSSInc\\SPSS16\\spss.exe:*:Disabled:SPSS 16.0 (1033:exe)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 27 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 19 Sep 2007 1,068,944 A.SH. --- "C:\WINDOWS\system32\qpqss.tmp"
Fri 21 Sep 2007 962,477 A.SH. --- "C:\WINDOWS\system32\qpqss.bak1"
Fri 21 Sep 2007 957,837 A.SH. --- "C:\WINDOWS\system32\qpqss.bak2"
Sun 23 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 12 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 11 Oct 2007 921,600 A..H. --- "C:\Documents and Settings\Nadler's\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe"
Tue 5 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT2.tmp"
Tue 5 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Fri 15 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT2.tmp"
Tue 5 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT3.tmp"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\afvqwy0.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\anbk6y8.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\cqp77c8.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\d3cw02w.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\dpjdy6y.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\dzmifie.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\etmt5zo.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\eue3rx7.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\f7823bt.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\fyo4zzd.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\fz0beev.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\g6rdyy8.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\gl2prsr.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\jdd0g5u.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\k3tmr5j.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\kkspm78.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\l379ihn.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\lbqbrd5.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\lzmn9q0.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\m4hovxd.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\mbkbsn8.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\mt9s48n.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\oes7axu.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ovfl0y9.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\pobnzsg.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\poy5a42.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\qke1k9m.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\qx3kwsp.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\s3ejtq4.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\sij9q3g.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\sinx9uc.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\t0zcaiw.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\tqfqq2p.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\vhm9w7q.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\vl7vrew.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\wtvm6hi.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\xdjeii7.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\y7sd8na.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ya0wy11.dll"
Mon 4 Feb 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ya7xbl7.dll"
Finished!
------------
And the HJT:
-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:24 PM, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Warkeys Update.exe.lnk = C:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1196405205390
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8989 bytes
-----------------------------
Thanks
|
Member
|
16. February 2008 @ 11:33 |
Link to this message
|
hi,
do you have any idea what this is?
heythere.exe
(C:\\Documents and Settings\\Nadler's\\Desktop\)
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
a good free tool for keeping temps cookies etc cleaned up with one click:
ATFCleaner
http://www.atribune.org/content/view/19/2/
echoreply
|
|
fakestuff
Newbie
|
16. February 2008 @ 19:25 |
Link to this message
|
|
LOL yeah the heythere.exe was a experiment trojan my friend sent me to see if he could look at my desktop, it does nothing really.
Thanks for helping.
Thanks
|
Member
|
16. February 2008 @ 21:08 |
Link to this message
|
hi,
glad to help. if all is good on your end you can delete the sdfix folder and make a new restore point. the why and how:
One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
happy safe surfing
|
|
Advertisement
|
|
|
Member
|
17. February 2008 @ 02:50 |
Link to this message
|
Hey there, there are some steps left out.
Update Java
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
* Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
* Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
* Click the "Download" button to the right.
* Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
* Click on the link to download Windows Offline Installation and save the file to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
* Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Just to double check, please post a new HijackThis log.
Windows and system security is my priority.
|
|
