Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
Play Blast Billiards on your PC desktop! This downloadable game features six of the best levels from Original, Trick, Ultimate and Deluxe Blast Billiards!
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
Sammo
new user


Reg'd: Mon
Posts: 3
Re: Trojan and spyware problems.
      Wed May 07 2008 01:17 PM
Reply to this post Reply   Reply to this post Quote  

ComboFix 08-05-01.3 - Dale 2008-05-07 8:06:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -4:00]
Running from: C:\Documents and Settings\Dale\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dale\Application Data\inst.exe
C:\Recycled\Recycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 21:57 . 2008-05-06 21:57 <DIR> d-------- C:\2c4740d0b9aab3a953c63ad84f
2008-05-06 20:36 . 2008-05-06 20:40 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\Simply Super Software
2008-05-06 20:36 . 2008-05-06 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-06 20:36 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-06 20:36 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-05-06 20:36 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-06 20:36 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-06 20:36 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Program Files\Opera
2008-05-06 19:45 . 2008-05-06 19:45 <DIR> d-------- C:\Program Files\Stardock
2008-05-06 19:45 . 2008-05-06 19:45 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-05-06 19:45 . 2008-05-06 19:52 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-06 18:56 . 2008-05-06 18:56 <DIR> d-------- C:\Program Files\Glary Undelete
2008-05-06 18:52 . 2008-05-06 18:52 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\GlarySoft
2008-05-06 18:51 . 2008-05-06 18:51 <DIR> d-------- C:\Program Files\Registry Repair
2008-05-06 17:39 . 2008-05-06 17:39 <DIR> d-------- C:\Program Files\MyPlayCity.com
2008-05-05 15:38 . 2008-05-05 15:40 <DIR> d-------- C:\Program Files\AdwareAlert
2008-05-05 15:38 . 2008-05-05 15:38 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\AdwareAlert
2008-05-05 13:48 . 2008-05-05 13:48 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\Ambient Design
2008-05-04 00:19 . 2008-05-04 11:19 <DIR> d-------- C:\Program Files\Panda Security
2008-05-03 23:10 . 2008-05-07 07:55 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-03 22:22 . 2008-05-03 22:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-03 22:16 . 2008-05-07 07:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 22:16 . 2008-05-07 07:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 20:46 . 2008-05-03 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 11:31 . 2005-11-23 06:51 <DIR> d-------- C:\Documents and Settings\JESUS I love YOU\WINDOWS
2008-05-02 11:31 . 2008-05-02 11:31 <DIR> d-------- C:\Documents and Settings\JESUS I love YOU
2008-05-02 11:31 . 2008-05-07 08:05 1,024 --ah----- C:\Documents and Settings\JESUS I love YOU\ntuser.dat.LOG
2008-05-01 21:46 . 2005-11-23 06:51 <DIR> d-------- C:\Documents and Settings\Easy\WINDOWS
2008-05-01 21:46 . 2008-05-01 21:46 <DIR> d-------- C:\Documents and Settings\Easy
2008-05-01 21:46 . 2008-05-07 08:05 1,024 --ah----- C:\Documents and Settings\Easy\ntuser.dat.LOG
2008-05-01 12:02 . 2008-05-01 12:02 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-01 11:33 . 2008-05-03 21:28 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-01 10:47 . 2008-05-01 10:47 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\Symantec
2008-05-01 08:45 . 2008-05-01 08:45 <DIR> d-------- C:\Program Files\Unlocker
2008-05-01 08:45 . 2008-05-01 08:45 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\Desktopicon
2008-04-28 18:29 . 2008-04-28 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-04-28 18:29 . 2008-04-28 18:29 268 --ah----- C:\sqmdata02.sqm
2008-04-28 18:29 . 2008-04-28 18:29 244 --ah----- C:\sqmnoopt02.sqm
2008-04-27 21:52 . 2008-04-27 21:52 <DIR> dr-hs---- C:\sys
2008-04-27 21:52 . 2008-04-27 21:52 <DIR> d-------- C:\Program Files\Magic Photo Editor
2008-04-25 17:51 . 2008-04-26 07:08 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\AVGTOOLBAR
2008-04-25 17:07 . 2008-04-25 17:07 <DIR> d-------- C:\Program Files\AVG
2008-04-24 21:06 . 500 C:\WINDOWS\!??*?
2008-04-24 20:13 . 2008-04-24 20:13 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-04-21 23:08 . 2008-04-21 23:09 <DIR> d-------- C:\Program Files\PhotoPerfect
2008-04-20 16:47 . 2008-04-24 11:05 <DIR> d-------- C:\Documents and Settings\Dale\Application Data\Corel
2008-04-20 16:47 . 2008-04-21 22:45 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-20 16:47 . 2008-04-21 22:45 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\0B3BE2CD3D.sys
2008-04-18 10:29 . 2008-05-01 15:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 10:29 . 2008-04-18 10:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 10:37 . 2008-04-16 10:38 <DIR> d-------- C:\Program Files\QuickTime
2008-04-16 10:35 . 2008-04-16 10:35 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-16 10:35 . 2008-04-16 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-16 07:51 . 2008-04-16 07:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-15 20:03 . 2008-04-15 20:03 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-15 12:35 . 2008-04-18 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 15:49 . 2008-04-12 15:59 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-09 08:36 . 2008-04-09 08:42 1,355 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 00:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 13:08 --------- d-----w C:\Program Files\Google
2008-05-01 21:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 12:47 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-24 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-04-24 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Borland
2008-04-16 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-16 02:41 --------- d-----w C:\Documents and Settings\Dale\Application Data\LimeWire
2008-04-16 00:00 --------- d-----w C:\Program Files\HP
2008-04-13 18:34 --------- d-----w C:\Program Files\Real
2008-04-13 18:34 --------- d-----w C:\Documents and Settings\Dale\Application Data\NCH Swift Sound
2008-04-13 18:32 --------- d-----w C:\Program Files\Windows Live
2008-04-11 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 19:49 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 19:49 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-10 18:28 --------- d-----w C:\Program Files\Java
2008-04-07 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 01:43 --------- d-----w C:\Program Files\CCleaner
2008-04-03 18:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-03 18:59 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 11:38 --------- d-----w C:\Documents and Settings\Dale\Application Data\U3
2008-03-11 14:31 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-15 22:20 0 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-01-16 14:42 47,360 -c--a-w C:\Documents and Settings\Dale\Application Data\pcouffin.sys
2007-12-06 23:36 267,592 -c--a-w C:\Program Files\Uninstall Ask Toolbar.dll
2007-11-22 12:49 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-23 00:52 88 -csh--r C:\WINDOWS\system32\7B4EBEA51F.sys
2007-11-23 00:52 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 01:05 344064]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-15 00:05 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 12:07 176128]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-15 00:05 98394]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 20:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 20:21 54832]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 14:58 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 01:10 15872]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 01:10 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 14:26]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 08:10]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e12b002-93d6-11dc-a717-0014a5969fc1}]
\Shell\Auto\command - E:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 19:40:30 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-04-16 14:36:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 08:10:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Dale\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-05-07 8:12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 12:12:46

Pre-Run: 26,146,709,504 bytes free
Post-Run: 26,055,426,048 bytes free

235 --- E O F --- 2008-05-02 21:28:27

This is my Hijack this log after the combo scan..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:43 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6438 bytes


Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Trojan and spyware problems. Sammo Mon May 05 2008 02:54 PM
. * * Re: Trojan and spyware problems. Sammo   Wed May 07 2008 01:17 PM
. * * Re: Trojan and spyware problems. bricatModerator   Wed May 07 2008 05:32 PM
. * * Re: Trojan and spyware problems. Sammo   Wed May 07 2008 07:01 PM
. * * Re: Trojan and spyware problems. bricatModerator   Wed May 07 2008 09:49 PM
. * * Re: Trojan and spyware problems. bricatModerator   Tue May 06 2008 10:18 PM

Extra information
1 registered and 8 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved