Post by: FIxeL on October 12, 2007, 09:15:34 AM
Post by: guestolo on October 12, 2007, 08:34:10 PM
Can you do the following, If you have an older version of Hijackthis
Uninstall it from Add/remove programs
Then
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum
Post by: FIxeL on October 13, 2007, 01:08:00 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:43, on 2007.10.13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PSCS\data\eventwin.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PSCS\data\symserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\FIxeL\LOCALS~1\Temp\SkypeSetup.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/ (http://\"http://www.google.lt/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\div32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [bdmreg] C:\WINDOWS\system32\bdmreg.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab (http://\"http://www.acclaim.com/cabs/acclaim_v5.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8356AA-547C-4E3F-836C-CA8018695423}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{349FF121-5FF2-46FD-A6FC-869C5FFBAEAD}: NameServer = 212.59.1.1 212.59.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: mssql - {1B26D8B1-E27F-44A7-B78D-4F5AD482A5BE} - C:\WINDOWS\mssql.dll
O21 - SSODL: syscore - {62EBD1CE-7E5C-43FB-870B-AFDFB9D9BBA9} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 11321 bytes
Post by: guestolo on October 13, 2007, 10:11:27 AM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post that log from combofix
Afterwards: Can you also do the following
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Recap:
1. Post the log from combofix
2. Post the log from Smitfraudfix
3. Can you also post a fresh hijackthis log
Note: It may take more than one reply to post all that info, do so if needed please
Post by: FIxeL on October 13, 2007, 11:45:42 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> thank you a lot /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />just in case here are the logs:
---------------------------------------------CombiFix---------------------------------------------------
ComboFix 07-10-12.4 - FIxeL 2007-10-13 19:33:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1257.1.1033.18.597 [GMT 3:00]
Running from: C:\Documents and Settings\FIxeL\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\FIxeL\Start Menu\Programs\moviebox
C:\Documents and Settings\FIxeL\Start Menu\Programs\moviebox\Uninstall.lnk
C:\Program Files\inetget2
C:\Program Files\inetget2\popinstall.exe
C:\Program Files\moviebox
C:\Program Files\moviebox\Uninstall.exe
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\Program Files\winpop
C:\Program Files\winpop\winpop.exe
C:\WINDOWS\div32.dll
C:\WINDOWS\div32.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\mssql.dll
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.
2007-10-13 19:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-13 09:03 <DIR> d-------- C:\HijackThis
2007-10-12 16:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-11 19:44 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-09-27 21:25 118,272 --a------ C:\WINDOWS\system32\SX5363S.DLL
2007-09-27 21:25 102,400 --a------ C:\WINDOWS\system32\RV32RTP.dll
2007-09-17 18:11 <DIR> d-------- C:\Program Files\Trust
2007-09-17 18:11 2,637,824 --a------ C:\WINDOWS\system32\XWheel.dll
2007-09-17 18:11 1,146,880 --a------ C:\WINDOWS\system32\MousePage.dll
2007-09-17 18:11 679,936 --a------ C:\WINDOWS\system32\XIndicator.dll
2007-09-17 18:11 229,376 --a------ C:\WINDOWS\system32\Hook.dll
2007-09-17 18:11 27,648 --a------ C:\WINDOWS\system32\drivers\GMFilter.sys
2007-09-13 22:10 <DIR> d-------- C:\Program Files\Video Converter for Nokia Smartphones
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 16:35 --------- d-----w C:\Program Files\FlashGet
2007-10-13 16:32 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\uTorrent
2007-10-13 16:05 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\Skype
2007-10-13 01:58 --------- d-s---w C:\Program Files\Xfire
2007-10-09 12:24 --------- d-----w C:\Program Files\Java
2007-10-08 22:40 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\Xfire
2007-10-07 07:14 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\AVG7
2007-10-03 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-02 16:34 --------- d-----w C:\Program Files\HLSW
2007-09-17 14:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 20:40 --------- d-----w C:\Program Files\Nokia
2007-09-10 20:40 --------- d-----w C:\Program Files\Common Files\Nokia
2007-09-07 10:37 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-07 10:37 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-09-02 15:07 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\Bioshock
2007-08-24 22:07 --------- d-----w C:\Program Files\directx
2007-08-21 08:00 --------- d-----w C:\Documents and Settings\FIxeL\Application Data\Hamachi
2007-08-18 08:25 --------- d-----w C:\Program Files\Any Video Converter
2007-08-16 00:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-04-06 20:40:08 238,284 -csh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 12:22]
"nwiz"="nwiz.exe" [2006-06-01 12:22 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 09:54 C:\WINDOWS\RTHDCPL.exe]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2003-12-09 18:21]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 12:22 C:\WINDOWS\system32\nvmctray.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-03 16:30]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"bdmreg"="C:\WINDOWS\system32\bdmreg.exe" [2007-02-08 06:51]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-08-25 11:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 20:38]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-15 09:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Hide-The-IP"="C:\Program Files\Hide The IP\HideTheIP.exe" [2007-03-01 18:48]
"ZTE ADSL"="" []
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2006-12-28 09:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 12:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2006-08-16 00:23]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05]
"RAMSaverPro"="C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe" [2007-07-19 21:51]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2006-07-02 01:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\FIxeL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-03 02:56:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoCommonGroups"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FIxeL^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]
"C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTemperaturos2]
C:\Program Files\AW\LTemperaturos2\LTemperaturos2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]
C:\Program Files\sXe Injected\sXe Injected.exe
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\C:\Program Files\VMLaunch\BuddyVM.sys
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
R3 ZTPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\ztpppoe.sys
S3 glauiad;jetSpeed USB LAN Device;C:\WINDOWS\system32\DRIVERS\glauiad.sys
S3 RegVacService;RegVac Registry Service;C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 00:08:25 C:\WINDOWS\Tasks\RegCure.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-10-13 19:37:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-13 19:40:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-01-02 04:56
.
--- E O F ---
----------------------------------------------------------SmitFraudFix---------------------------------------------------
SmitFraudFix v2.240
Scan done at 19:42:08,14, 2007.10.13
Run from C:\Documents and Settings\FIxeL\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\Program Files\PSCS\data\eventwin.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PSCS\data\symserv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\FIxeL
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\FIxeL\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FIxeL\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.59.1.1
DNS Server Search Order: 212.59.2.2
Description: ZTE USB Remote NDIS Device - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F8356AA-547C-4E3F-836C-CA8018695423}: NameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{349FF121-5FF2-46FD-A6FC-869C5FFBAEAD}: NameServer=212.59.1.1 212.59.2.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F8356AA-547C-4E3F-836C-CA8018695423}: NameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{349FF121-5FF2-46FD-A6FC-869C5FFBAEAD}: NameServer=212.59.1.1 212.59.2.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F8356AA-547C-4E3F-836C-CA8018695423}: NameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{349FF121-5FF2-46FD-A6FC-869C5FFBAEAD}: NameServer=212.59.1.1 212.59.2.2
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
--------------------------------------------------------HJKTHIS-------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:12, on 2007.10.13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\Program Files\PSCS\data\eventwin.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PSCS\data\symserv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/ (http://\"http://www.google.lt/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [bdmreg] C:\WINDOWS\system32\bdmreg.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab (http://\"http://www.acclaim.com/cabs/acclaim_v5.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8356AA-547C-4E3F-836C-CA8018695423}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{349FF121-5FF2-46FD-A6FC-869C5FFBAEAD}: NameServer = 212.59.1.1 212.59.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10663 bytes
Post by: guestolo on October 13, 2007, 12:11:54 PM
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
ALLOW this script to run if prompted by your AntiVirus
Post by: FIxeL on October 13, 2007, 01:52:28 PM
INSTALLED SOFTWARE (194) - PC - 2007.10.13 21:50:21
2Moons Ver: 1.00.0000 Installed: 2007.07.31
Adobe Bridge 1.0 Ver: 001.000.004 Installed: 2007.03.31
Adobe Common File Installer Ver: 1.00.0000 Installed: 2007.02.21
Adobe Flash Player ActiveX Ver: 9.0.47.0
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 2007.02.21
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 2007.02.21
Adobe Reader 8.1.0 Ver: 8.1.0 Installed: 2007.06.22
Adobe Shockwave Player
Adobe Stock Photos 1.0 Ver: 1.0.8 Installed: 2007.03.31
Adobe® Photoshop® Album Starter Edition 3.0 Ver: 3.00.000 Installed: 2007.04.06
AltDesk.1.8 Ver: 1.8
AMX Mod X Installer 1.76d Ver: 1.76d
Any Video Converter 2.0.7 Installed: 2007.08.18
ApexDC Ver: 1.1.0 Installed: 2007.03.04
AusLogics BoostSpeed Ver: version 3.6 Installed: 2007.06.23
AVG Anti-Spyware 7.5
AVG Free Edition
BioShock Ver: 2.5.0000 Installed: 2007.09.02
BitComet 0.86 Ver: 0.86
Black & White® 2 Ver: 1.00.0000 Installed: 2007.09.22
Black & White® 2 Battle of the Gods Ver: 1.00.0000 Installed: 2007.09.22
Canon i250
CCleaner (remove only)
CheMax 6.9 Ver: 6.9
Complete Japanese
ConTEXT Ver: 0.98.0 Installed: 2007.05.11
CuteFTP 8 Professional Ver: 8.0.5
DameK UltraBlue
Delete Virtual-Mate Launcher Ver: 1.0.1
Devil May Cry 3 Special Edition Ver: 1.00.000 Installed: 2007.08.21
DFX 8 for Winamp Ver: 8
DFX 8 for Windows Media Player Ver: 8.349 Installed: 2007.07.30
DU Meter
DynGate
eMusic - 50 Free MP3 offer
FileZilla (remove only)
FlashGet 1.8.8.1009 Ver: 1.8.8.1009
Free Download Manager 2.1
GameCenter
GM-4200 Gamer Mouse Optical Ver: 1.0.5 Installed: 2007.09.17
Google Earth Ver: 4.0.2722 Installed: 2007.05.13
Guard Shield
GZN
Hamachi 1.0.2.1
Hide The IP
HijackThis 2.0.2 Ver: 2.0.2
HLSW v1.1.0
Hotfix for Windows Media Format 11 SDK (KB929399) Installed: 2007.04.10
Hotfix for Windows Media Player 11 (KB939683) Installed: 2007.09.01
Hotfix for Windows XP (KB915865) Ver: 10 Installed: 2006.12.29
Hotfix for Windows XP (KB926239) Ver: 2 Installed: 2007.04.09
Hotfix for Windows XP (KB935448) Ver: 1 Installed: 2007.04.12
ijji - Gunz
iZotope Ozone 1.0 for Winamp2 and Winamp3 Ver: 1.0
J2SE Runtime Environment 5.0 Update 10 Ver: 1.5.0.100 Installed: 2006.12.29
J2SE Runtime Environment 5.0 Update 11 Ver: 1.5.0.110 Installed: 2007.02.10
J2SE Runtime Environment 5.0 Update 9 Ver: 1.5.0.90 Installed: 2006.12.22
Java(tm) 6 Update 2 Ver: 1.6.0.20 Installed: 2007.08.09
Java(tm) 6 Update 3 Ver: 1.6.0.30 Installed: 2007.10.09
Java(tm) SE Runtime Environment 6 Update 1 Ver: 1.6.0.10 Installed: 2007.05.09
jetSpeed 520 ADSL Modem
K-Lite Codec Pack 2.77 Full Ver: 2.77
Kaiba Corp Virtual Duel System 1.4 Installed: 2007.06.03
LIVE gaming on Windows Runtime Version 1.0.6027 Ver: 1.0.6027 Installed: 2007.06.25
Lost Planet Extreme Condition Ver: 1.0.0.1 Installed: 2007.07.02
LTemperaturos2 Ver: 2.0.0 Installed: 2007.06.01
Marvel(tm) - Ultimate Alliance Ver: 1.00.0000 Installed: 2007.08.06
Marvel(tm) - Ultimate Alliance Ver: 1.00.0000 Installed: 2007.08.06
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 2007.07.12
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 2007.04.09
Microsoft Internationalized Domain Names Mitigation APIs Installed: 2006.12.29
Microsoft National Language Support Downlevel APIs Installed: 2006.12.29
Microsoft Office Professional Edition 2003 Ver: 11.0.7969.0 Installed: 2007.10.11
Microsoft User-Mode Driver Framework Feature Pack 1.0 Installed: 2006.12.18
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.56336 Installed: 2007.06.25
Mozilla Firefox (2.0.0.2) Ver: 2.0.0.2 (en-US)
Mozilla Firefox (2.0.0.7) Ver: 2.0.0.7 (en-US)
MSXML 4.0 SP2 (KB925672) Ver: 4.20.9839.0 Installed: 2006.12.19
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 2006.12.19
MSXML 4.0 SP2 (KB936181) Ver: 4.20.9848.0 Installed: 2007.08.16
MSXML 6.0 Parser (KB933579) Ver: 6.10.1200.0 Installed: 2007.08.16
Nero 7 Premium Ver: 7.01.7728 Installed: 2006.12.17
Nero Sipps
Nokia Connectivity Cable Driver Ver: 6.84.4.0 Installed: 2007.09.10
Nokia Lifeblog 2.1 Ver: 2.1.131 Installed: 2007.05.07
Nokia MTP driver Ver: 1.0.0 Installed: 2007.05.07
Nokia N73 highlights Ver: 1.0.6 Installed: 2007.05.07
Nokia Nseries Skin for Microsoft Windows Media Player Ver: 1.0.4 Installed: 2007.05.07
Nokia PC Connectivity Solution Ver: 6.23.9.0 Installed: 2007.05.07
Nokia PC Suite Ver: 6.81.13.0 Installed: 2007.05.07
Nokia Software Updater Ver: 01.03.095.29303 Installed: 2007.09.10
Nokia themes for your device Ver: 1.0.5 Installed: 2007.05.07
NVIDIA Drivers
PartitionMagic Ver: 8.00.000 Installed: 2006.12.17
Plato Video To 3GP Converter Free 3.35 Installed: 2007.01.10
PowerQuest PartitionMagic 8.0 Ver: 8.00.000 Installed: 2006.12.17
QuickTime
RAM Saver Pro version 7.0
Rappelz_USA Ver: 1.00.0000 Installed: 2007.10.03
RealPlayer
Realtek High Definition Audio Driver Ver: 5.10.0.5273 Installed: 2006.12.17
RegVac Registry Cleaner 4.02 (Registered Version) Installed: 2006.12.21
RocketDock 1.3.1 Installed: 2007.06.27
RYL2 - Incomplete Union v1.6.0.2 Ver: 1.6.0.2
Security Update for Microsoft .NET Framework 2.0 (KB928365) Ver: 2
Security Update for Windows Internet Explorer 7 (KB928090) Ver: 20070117.120000 Installed: 2007.02.14
Security Update for Windows Internet Explorer 7 (KB929969) Ver: 20061222.120000 Installed: 2007.01.11
Security Update for Windows Internet Explorer 7 (KB931768) Ver: 1 Installed: 2007.05.10
Security Update for Windows Internet Explorer 7 (KB933566) Ver: 1 Installed: 2007.06.13
Security Update for Windows Internet Explorer 7 (KB937143) Ver: 1 Installed: 2007.08.16
Security Update for Windows Internet Explorer 7 (KB938127) Ver: 1 Installed: 2007.08.16
Security Update for Windows Internet Explorer 7 (KB939653) Ver: 1 Installed: 2007.10.12
Security Update for Windows Media Player 11 (KB936782) Installed: 2007.08.16
Security Update for Windows Media Player 6.4 (KB925398) Installed: 2006.12.19
Security Update for Windows XP (KB918118) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB919007) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB920213) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB920685) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB921503) Ver: 1 Installed: 2007.08.16
Security Update for Windows XP (KB922819) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB923191) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB923414) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB923694) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB923980) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB924191) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB924270) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB924496) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB924667) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB925454) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB925486) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB925902) Ver: 1 Installed: 2007.04.05
Security Update for Windows XP (KB926255) Ver: 1 Installed: 2006.12.19
Security Update for Windows XP (KB926436) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB927779) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB927802) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB928255) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB928843) Ver: 1 Installed: 2007.02.14
Security Update for Windows XP (KB929123) Ver: 1 Installed: 2007.06.13
Security Update for Windows XP (KB930178) Ver: 1 Installed: 2007.04.12
Security Update for Windows XP (KB931261) Ver: 1 Installed: 2007.04.12
Security Update for Windows XP (KB931784) Ver: 1 Installed: 2007.04.12
Security Update for Windows XP (KB932168) Ver: 1 Installed: 2007.04.12
Security Update for Windows XP (KB933729) Ver: 1 Installed: 2007.10.11
Security Update for Windows XP (KB935839) Ver: 1 Installed: 2007.06.13
Security Update for Windows XP (KB935840) Ver: 1 Installed: 2007.06.13
Security Update for Windows XP (KB936021) Ver: 1 Installed: 2007.08.16
Security Update for Windows XP (KB938829) Ver: 1 Installed: 2007.08.16
Security Update for Windows XP (KB941202) Ver: 1 Installed: 2007.10.12
Shockwave Director 10.1.4
Skypeâ„¢ 3.5 Ver: 3.5.239 Installed: 2007.10.13
SnagIt 8 Ver: 8.2.2 Installed: 2007.07.18
Software Update for Web Folders Ver: 9.60.6715.0 Installed: 2006.12.17
Sony Ericsson Themes Creator 3.06 Ver: 3.06
SpaceCowboy Ver: 0.3.3.74
SUPER © Version 2007.bld.22 (Mar 14, 2007) Ver: Version 2007.bld.22 (Mar 14, 2007) Installed: 2007.01.01
sXe Injected
Tom Clancy's Ghost Recon Advanced Warfighter® 2 Ver: 1.00.0000 Installed: 2007.07.09
Turf Battles Ver: 1.0.0 Installed: 2007.07.24
Ulead Disc-Direct SDK Ver: 1.0
Update for Windows XP (KB920872) Ver: 1 Installed: 2006.12.19
Update for Windows XP (KB922582) Ver: 1 Installed: 2006.12.19
Update for Windows XP (KB927891) Ver: 3 Installed: 2007.05.23
Update for Windows XP (KB929338) Ver: 1 Installed: 2007.03.15
Update for Windows XP (KB930916) Ver: 1 Installed: 2007.05.10
Update for Windows XP (KB931836) Ver: 1 Installed: 2007.02.14
Update for Windows XP (KB933360) Ver: 1 Installed: 2007.08.29
Update for Windows XP (KB938828) Ver: 1 Installed: 2007.08.16
Uplink
UserBar Generator 1.2
Ventrilo Client Ver: 2.3.0 Installed: 2006.12.17
Ventrilo Server Ver: 2.3.1 Installed: 2006.12.23
Video Converter for Nokia Smartphones 1.2
Web Page Maker Resource Pack 1.0
Web Page Maker V2
Winamp (remove only)
WinAVIVideoConverter
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) Ver: 06/12/2006 6.81.0.21
Windows Internet Explorer 7 Ver: 20061107.210142 Installed: 2006.12.29
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 2006.12.18
Windows Media Player 11
Windows Media Player 11 Installed: 2006.12.17
WinFast PVR
WinFast TV USB II(Driver)
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Widget Engine
Zip Recovery Toolbox 1.0 Installed: 2007.06.19
Zip Repair Pro Ver: 3.1.0.284
ZTE ADSL Dialer 1.0j_EN
µTorrent Ver: 1.6
Post by: guestolo on October 13, 2007, 03:27:02 PM
This includes:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 6 Update 2
Java SE Runtime Environment 6 Update 1
Did you intentionally install the next set of software?
Not that there's anything wrong with them, just checking
Hide The IP
RAM Saver Pro
sXe Injected
NOTE: Your option, but I wouldn't run Utorrent on startup, using valuable bandwidth at bootup if you are sharing files
This is your option
You can disable Utorrent from running on startup by opening the program
Select OPTIONS>>Preferences>>General>>Uncheck Start uTorrent on system startup
Post by: FIxeL on October 13, 2007, 04:05:29 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on October 14, 2007, 02:54:50 AM
It's a free download and install
Do the following
add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Let's remove some tools we used earlier
Download this tool:
[color=\"blue\"]OTMoveIt[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer, don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now
I hope everthing is well, I'll lock this topic if you have no further problems
Post by: FIxeL on October 14, 2007, 11:18:47 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> last question , do i have to run spywareblaster every time i turn on computer?
Post by: guestolo on October 14, 2007, 12:24:50 PM
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Post by: FIxeL on October 14, 2007, 01:30:49 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> thank you for the help /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on October 14, 2007, 06:14:37 PM
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />