Post by: World on March 24, 2007, 11:48:56 AM
Scan saved at 16:48:08, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\Documents and Settings\\Tristan\\My Documents\\cracker\\cracker.exe
C:\\WINDOWS\\system32\\notepad.exe
C:\\Program Files\\Windows Live Toolbar\\msn_sl.exe
C:\\Documents and Settings\\Tristan\\Desktop\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll (http://\"http://www.miniclip.co.uk/puzzlepirates/miniclipGameLoader.dll\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123068450406\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
Post by: guestolo on March 24, 2007, 12:13:18 PM
You should be able to uninstall it within IE
TOOLS menu
One Note: I remember you had no AV protection earlier, you chose AOL free antivirus protection
Which is powered by Kaspersky's
A great AV by the way
But as I suggest in the download link, you may not want to have the IE security toolbar installed
You chose to install it, If you don't need it, you may choose to just uninstall the AOL security toolbar
But Leave the AntiVirus software installed
Also, I see this running in your processes
C:\\Documents and Settings\\Tristan\\My Documents\\cracker\\cracker.exe
Do you know what it's related too?
Post by: guestolo on March 24, 2007, 12:14:37 PM
Post by: World on March 24, 2007, 12:16:42 PM
Quote
Also, I see this running in your processes
C:\\\\Documents and Settings\\\\Tristan\\\\My Documents\\\\cracker\\\\cracker.exe
Its something ive been working on
Post by: guestolo on March 24, 2007, 12:17:40 PM
Ok, I thought it looked suspicious
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Post by: World on March 24, 2007, 12:18:27 PM
Post by: guestolo on March 24, 2007, 12:19:01 PM
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Post by: World on March 24, 2007, 12:50:59 PM
(http://img255.imageshack.us/img255/8334/phewwid7.png) (http://\"http://imageshack.us\")
Post by: guestolo on March 24, 2007, 02:29:12 PM
Clear your temp files
Can I see a new log please
Download [color=\"#2E8B57\"]ComboScan[/color] (http://\"http://www.techsupportforum.com/sectools/Deckard/comboscan.exe\") to your Desktop.
- Close all applications and windows.
- Double-click on comboscan.exe to run it, and follow the prompts.
- The scan may take a couple of minutes. When the scan is complete, a text file will open - ComboScan.txt
Post the next logs in your following reply:
- Comboscan.txt
- Supplementary.txt[/b]
You may need more than one reply to post all the info, please do so if required
Post by: World on March 24, 2007, 03:04:54 PM
ComboScan v20070306.20 run by Tristan on 2007-03-24 at 20:03:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Tristan.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:03:10, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Windows Live Toolbar\\msn_sl.exe
C:\\Documents and Settings\\Tristan\\Desktop\\comboscan.exe
C:\\DOCUME~1\\Tristan\\Desktop\\Tristan.exe
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll (http://\"http://www.miniclip.co.uk/puzzlepirates/miniclipGameLoader.dll\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123068450406\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
-- Files created between 2007-02-24 and 2007-03-24 -----------------------------
2007-03-23 20:00:54 2045416 --a------ C:\\WINDOWS\\system32\\codevb.dll
2007-03-23 19:59:11 150528 --a------ C:\\WINDOWS\\system32\\tlbinf32.dll
2007-03-23 19:20:08 118784 --a------ C:\\WINDOWS\\system32\\MSSTDFMT.DLL
2007-03-23 19:20:07 0 d-------- C:\\Program Files\\SpywareBlaster<SPYWAR~1>
2007-03-23 17:29:07 111227 --a------ C:\\WINDOWS\\system32\\drivers\\dump_wmimmc.sys<DUMP_W~1.SYS>
2007-03-18 19:13:26 0 d-------- C:\\Program Files\\AlisPasswordCracker<ALISPA~1>
2007-03-18 17:32:29 84 --a------ C:\\Documents and Settings\\Tristan\\sfdb_ou.dat
2007-03-18 08:36:52 0 d-------- C:\\mrs
2007-03-17 13:59:38 0 d-------- C:\\Documents and Settings\\Ashley\\.jagex_cache_32<JAGEX_~1>
2007-03-11 06:58:00 0 d-------- C:\\Program Files\\AOL
2007-03-11 06:57:59 26656 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox2.dat
2007-03-11 06:57:59 3250720 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2007-03-11 06:50:48 0 d-------- C:\\Program Files\\AOL Security Toolbar<AOLSEC~1>
2007-03-10 18:04:12 0 d-------- C:\\Documents and Settings\\Tristan\\DoctorWeb<DOCTOR~1>
2007-03-10 16:35:48 106 --a------ C:\\delete.bat
2007-03-10 15:35:00 0 d-------- C:\\SDFix
2007-03-10 07:59:53 0 d-------- C:\\WINDOWS\\system32\\ActiveScan<ACTIVE~1>
2007-03-09 18:43:30 0 d-------- C:\\HJT
2007-03-09 18:24:37 3584 --a------ C:\\WINDOWS\\system32\\Copy (2) of riched32.dll<COPY(2~1.DLL>
2007-03-09 18:24:35 3584 --a------ C:\\WINDOWS\\system32\\Copy of riched32.dll<COPYOF~2.DLL>
2007-03-09 18:24:11 431616 --a------ C:\\WINDOWS\\system32\\Copy of riched20.dll<COPYOF~1.DLL>
2007-03-09 14:38:54 0 d-------- C:\\Program Files\\Project1
2007-03-09 14:38:44 286720 -----n--- C:\\WINDOWS\\Setup1.exe
2007-03-09 14:38:42 73216 --a------ C:\\WINDOWS\\ST6UNST.EXE
2007-03-09 14:26:44 0 d-------- C:\\WINDOWS\\system32\\Package
2007-03-09 14:22:29 0 d-------- C:\\WINDOWS\\system32\\User controls<USERCO~1>
2007-03-09 14:20:06 0 d-------- C:\\WINDOWS\\User controls<USERCO~1>
2007-03-09 14:16:30 0 d-------- C:\\WINDOWS\\system32\\disk1
2007-03-04 20:25:36 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\InstallShield<INSTAL~1>
2007-03-03 11:57:50 0 d--hs---- C:\\found.002
2007-03-03 11:41:00 0 d--h----- C:\\Documents and Settings\\Ashley\\Application Data\\ijji
2007-03-02 18:36:35 0 d--h----- C:\\Documents and Settings\\Tristan\\Application Data\\ijji
2007-02-25 09:01:04 0 d--hs---- C:\\found.001
-- Find3M Report ---------------------------------------------------------------
2007-03-24 12:52:19 0 d-------- C:\\Program Files\\SwiftSwitch<SWIFTS~1>
2007-03-18 17:32:13 2699 --a------ C:\\WINDOWS\\extend.dat
2007-03-10 08:25:43 0 d-------- C:\\Program Files\\iTunes
2007-03-10 08:25:38 0 d-------- C:\\Program Files\\Messenger<MESSEN~1>
2007-03-10 08:25:25 0 d-------- C:\\Program Files\\Google
2007-03-10 08:25:20 0 d-------- C:\\Program Files\\Windows Live Toolbar<WI81E8~1>
2007-03-10 08:24:35 0 d-------- C:\\Program Files\\MSN Messenger<MSNMES~1>
2007-03-10 08:23:41 0 d-------- C:\\Program Files\\LimeWire
2007-03-04 20:25:40 0 d--h----- C:\\Program Files\\InstallShield Installation Information<INSTAL~1>
2007-03-02 20:38:58 0 d-------- C:\\Program Files\\RuanEngine<RUANEN~1>
2007-03-02 20:38:22 0 d-------- C:\\Program Files\\AC Tool<ACTOOL~1>
2007-02-06 06:09:19 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\AdobeUM
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run]
\"CTFMON.EXE\"=\"C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe\"
\"swg\"=\"C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\1.2.1128.5462\\\\GoogleToolbarNotifier.exe\"
\"Free Download Manager\"=\"C:\\\\Program Files\\\\Free Download Manager\\\\fdm.exe -autorun\"
\"updateMgr\"=\"C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_0\"
\"msnmsgr\"=\"\\\"C:\\\\Program Files\\\\MSN Messenger\\\\msnmsgr.exe\\\" /background\"
\"MSMSGS\"=\"\\\"C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\" /background\"
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]
\"NVMixerTray\"=\"\\\"C:\\\\Program Files\\\\NVIDIA Corporation\\\\NvMixer\\\\NVMixerTray.exe\\\"\"
\"NvCplDaemon\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvCpl.dll,NvStartup\"
\"nwiz\"=\"nwiz.exe /install\"
\"NvMediaCenter\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvMcTray.dll,NvTaskbarInit\"
\"ATIPTA\"=\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI Control Panel\\\\atiptaxx.exe\"
\"ATICCC\"=\"\\\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI.ACE\\\\cli.exe\\\" runtime\"
\"iTunesHelper\"=\"\\\"C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\\"\"
\"SunJavaUpdateSched\"=\"\\\"C:\\\\Program Files\\\\Java\\\\jre1.5.0_10\\\\bin\\\\jusched.exe\\\"\"
\"aol\"=\"\\\"C:\\\\Program Files\\\\AOL\\\\Active Virus Shield\\\\avp.exe\\\"\"
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\securityproviders]
\"SecurityProviders\"=\"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll\"
[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\\
LocalService REG_MULTI_SZ Alerter\WebClient\LmHosts\RemoteRegistry\upnphost\SSDPSRV\\
NetworkService REG_MULTI_SZ DnsCache\\
DcomLaunch REG_MULTI_SZ DcomLaunch\TermService\\
rpcss REG_MULTI_SZ RpcSs\\
imgsvc REG_MULTI_SZ StiSvc\\
termsvcs REG_MULTI_SZ TermService\\
Usnsvc REG_MULTI_SZ usnsvc\\
-- End of ComboScan: finished at 2007-03-24 at 20:03:36 ------------------------
Post by: World on March 25, 2007, 05:06:32 AM
ComboScan v20070306.20 run by Tristan on 2007-03-25 at 11:04:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Tristan.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:04:29, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jucheck.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\LimeWire\\LimeWire.exe
C:\\Documents and Settings\\Tristan\\Desktop\\comboscan.exe
C:\\DOCUME~1\\Tristan\\Desktop\\Tristan.exe
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = www.miniclip.co.uk/runescape_game.html
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\system32\\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\\Program Files\\AOL Security Toolbar\\tbu2A\\AOL_security_toolbar.dll
O4 - HKLM\\..\\Run: [NVMixerTray] \"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [aol] \"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Free Download Manager] C:\\Program Files\\Free Download Manager\\fdm.exe -autorun
O4 - HKCU\\..\\Run: [updateMgr] C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
O4 - Global Startup: MSOFFICE.EXE.lnk = C:\\Program Files\\Microsoft Office\\Office\\MSOFFICE.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\\Program Files\\Free Download Manager\\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.co.uk/puzzlepirates/mi...pGameLoader.dll (http://\"http://www.miniclip.co.uk/puzzlepirates/miniclipGameLoader.dll\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123068450406 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123068450406\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\\WINDOWS\\system32\\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
-- Files created between 2007-02-25 and 2007-03-25 -----------------------------
2007-03-23 21:00:54 2045416 --a------ C:\\WINDOWS\\system32\\codevb.dll
2007-03-23 20:59:11 150528 --a------ C:\\WINDOWS\\system32\\tlbinf32.dll
2007-03-23 20:20:08 118784 --a------ C:\\WINDOWS\\system32\\MSSTDFMT.DLL
2007-03-23 20:20:07 0 d-------- C:\\Program Files\\SpywareBlaster<SPYWAR~1>
2007-03-23 18:29:07 111227 --a------ C:\\WINDOWS\\system32\\drivers\\dump_wmimmc.sys<DUMP_W~1.SYS>
2007-03-18 20:13:26 0 d-------- C:\\Program Files\\AlisPasswordCracker<ALISPA~1>
2007-03-18 18:32:29 84 --a------ C:\\Documents and Settings\\Tristan\\sfdb_ou.dat
2007-03-18 09:36:52 0 d-------- C:\\mrs
2007-03-17 14:59:38 0 d-------- C:\\Documents and Settings\\Ashley\\.jagex_cache_32<JAGEX_~1>
2007-03-11 07:58:00 0 d-------- C:\\Program Files\\AOL
2007-03-11 07:57:59 29984 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox2.dat
2007-03-11 07:57:59 3250720 --ahs---- C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2007-03-11 07:50:48 0 d-------- C:\\Program Files\\AOL Security Toolbar<AOLSEC~1>
2007-03-10 19:04:12 0 d-------- C:\\Documents and Settings\\Tristan\\DoctorWeb<DOCTOR~1>
2007-03-10 17:35:48 106 --a------ C:\\delete.bat
2007-03-10 16:35:00 0 d-------- C:\\SDFix
2007-03-10 08:59:53 0 d-------- C:\\WINDOWS\\system32\\ActiveScan<ACTIVE~1>
2007-03-09 19:43:30 0 d-------- C:\\HJT
2007-03-09 19:24:37 3584 --a------ C:\\WINDOWS\\system32\\Copy (2) of riched32.dll<COPY(2~1.DLL>
2007-03-09 19:24:35 3584 --a------ C:\\WINDOWS\\system32\\Copy of riched32.dll<COPYOF~2.DLL>
2007-03-09 19:24:11 431616 --a------ C:\\WINDOWS\\system32\\Copy of riched20.dll<COPYOF~1.DLL>
2007-03-09 15:38:54 0 d-------- C:\\Program Files\\Project1
2007-03-09 15:38:44 286720 -----n--- C:\\WINDOWS\\Setup1.exe
2007-03-09 15:38:42 73216 --a------ C:\\WINDOWS\\ST6UNST.EXE
2007-03-09 15:26:44 0 d-------- C:\\WINDOWS\\system32\\Package
2007-03-09 15:22:29 0 d-------- C:\\WINDOWS\\system32\\User controls<USERCO~1>
2007-03-09 15:20:06 0 d-------- C:\\WINDOWS\\User controls<USERCO~1>
2007-03-09 15:16:30 0 d-------- C:\\WINDOWS\\system32\\disk1
2007-03-04 21:25:36 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\InstallShield<INSTAL~1>
2007-03-03 12:57:50 0 d--hs---- C:\\found.002
2007-03-03 12:41:00 0 d--h----- C:\\Documents and Settings\\Ashley\\Application Data\\ijji
2007-03-02 19:36:35 0 d--h----- C:\\Documents and Settings\\Tristan\\Application Data\\ijji
2007-02-25 10:01:04 0 d--hs---- C:\\found.001
-- Find3M Report ---------------------------------------------------------------
2007-03-24 13:52:19 0 d-------- C:\\Program Files\\SwiftSwitch<SWIFTS~1>
2007-03-18 18:32:13 2699 --a------ C:\\WINDOWS\\extend.dat
2007-03-10 09:25:43 0 d-------- C:\\Program Files\\iTunes
2007-03-10 09:25:38 0 d-------- C:\\Program Files\\Messenger<MESSEN~1>
2007-03-10 09:25:25 0 d-------- C:\\Program Files\\Google
2007-03-10 09:25:20 0 d-------- C:\\Program Files\\Windows Live Toolbar<WI81E8~1>
2007-03-10 09:24:35 0 d-------- C:\\Program Files\\MSN Messenger<MSNMES~1>
2007-03-10 09:23:41 0 d-------- C:\\Program Files\\LimeWire
2007-03-04 21:25:40 0 d--h----- C:\\Program Files\\InstallShield Installation Information<INSTAL~1>
2007-03-02 21:38:58 0 d-------- C:\\Program Files\\RuanEngine<RUANEN~1>
2007-03-02 21:38:22 0 d-------- C:\\Program Files\\AC Tool<ACTOOL~1>
2007-02-06 07:09:19 0 d-------- C:\\Documents and Settings\\Tristan\\Application Data\\AdobeUM
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run]
\"CTFMON.EXE\"=\"C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe\"
\"swg\"=\"C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\1.2.1128.5462\\\\GoogleToolbarNotifier.exe\"
\"Free Download Manager\"=\"C:\\\\Program Files\\\\Free Download Manager\\\\fdm.exe -autorun\"
\"updateMgr\"=\"C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_0\"
\"msnmsgr\"=\"\\\"C:\\\\Program Files\\\\MSN Messenger\\\\msnmsgr.exe\\\" /background\"
\"MSMSGS\"=\"\\\"C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\" /background\"
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]
\"NVMixerTray\"=\"\\\"C:\\\\Program Files\\\\NVIDIA Corporation\\\\NvMixer\\\\NVMixerTray.exe\\\"\"
\"NvCplDaemon\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvCpl.dll,NvStartup\"
\"nwiz\"=\"nwiz.exe /install\"
\"NvMediaCenter\"=\"RUNDLL32.EXE C:\\\\WINDOWS\\\\system32\\\\NvMcTray.dll,NvTaskbarInit\"
\"ATIPTA\"=\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI Control Panel\\\\atiptaxx.exe\"
\"ATICCC\"=\"\\\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI.ACE\\\\cli.exe\\\" runtime\"
\"iTunesHelper\"=\"\\\"C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\\"\"
\"SunJavaUpdateSched\"=\"\\\"C:\\\\Program Files\\\\Java\\\\jre1.5.0_10\\\\bin\\\\jusched.exe\\\"\"
\"aol\"=\"\\\"C:\\\\Program Files\\\\AOL\\\\Active Virus Shield\\\\avp.exe\\\"\"
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\securityproviders]
\"SecurityProviders\"=\"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll\"
[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\\
LocalService REG_MULTI_SZ Alerter\WebClient\LmHosts\RemoteRegistry\upnphost\SSDPSRV\\
NetworkService REG_MULTI_SZ DnsCache\\
DcomLaunch REG_MULTI_SZ DcomLaunch\TermService\\
rpcss REG_MULTI_SZ RpcSs\\
imgsvc REG_MULTI_SZ StiSvc\\
termsvcs REG_MULTI_SZ TermService\\
Usnsvc REG_MULTI_SZ usnsvc\\
-- End of ComboScan: finished at 2007-03-25 at 11:04:58 ------------------------
Post by: guestolo on March 25, 2007, 04:27:25 PM
Your AV picking up on anything?
Try running a complete scan with Active virus shield and see if it picks up anything
Post by: guestolo on June 09, 2007, 04:31:46 PM