1
Tech Clinic / hijacked
« on: January 17, 2006, 04:39:20 PM »
everything seems to be running smoothly....i got rid of one of the adawares ...thank you for all your help.....i'll probably be back in the future lol...thanks again
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / hijacked
« on: January 17, 2006, 02:38:48 PM »
Logfile of HijackThis v1.99.1
Scan saved at 3:37:13 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-215404-441.dll
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Scan saved at 3:37:13 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-215404-441.dll
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
3
Tech Clinic / hijacked
« on: January 17, 2006, 05:25:20 AM »
Ability Office 2002
Ad-aware 6 Professional
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AOpen Multimedia Utilities
Avance AC'97 Audio
AVG 6.0 Anti-Virus - FREE Edition
BitTorrent 3.4.2
BPS Spyware-Adware Remover 8.2.0.2
Carnival Cruise Lines Tycoon 2005 - Island Hopping
CCleaner (remove only)
CleanUp!
Digital Patrol 4.10.17
DivX Player
DivX Pro Trial
Elecard MPEG-2 Decoder&Streaming Pack
ewido anti-malware
GameSpy Arcade
GoldWave v5.10
HijackThis 1.99.1
Historywasherpro.com
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
iClean
InfoProcess AntiHook 2.5 (Build 12)
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 6
Kill Docs
Lexmark 730 Series
Lexmark X73
LimeWire 4.9.30
Logitech QuickCam
Macromedia Flash Player 8
Macromedia Shockwave Player
Mall Of America Tycoon
Mall Tycoon
Maxell CreateIt
MGI PhotoSuite 8.1 (Remove Only)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft PowerPoint Viewer 97
Microsoft Windows XP Video Decoder Checkup Utility
Miss Bingo
Monopoly
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
Mustek Scanner Solutions for 600 III EP Plus v3.0
Nero - Burning Rom
NVIDIA Drivers
NVIDIA DVD Decoder
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Ocean Aquarium 3D Deluxe
Ocean Aquarium 3D Deluxe v1 Screen Saver
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
PConPoint v1.1
Photo Explosion SE
PhotoShow Express 3
Railroad Tycoon II - Platinum
RCT3 Soaked
RealArcade
RealPlayer
Registry Mechanic
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3
Royal Vegas Online Casino
SeaStorm 3D Screensaver 1.5
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Shizmoo Web Games (Uproar)
Shockwave
SmileyDistrict Optimizer
SonicStage 3.3
Sony ACID Music Studio 5.0
Spybot - Search & Destroy 1.3
SpySubtract
Storybook Weaver Deluxe
Survivor (tm)
The Game Of Life
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
WinAce Archiver
Window Washer 5
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows Registry Repair Pro
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Yahoo! Messenger
your Poker Room
Zoo Tycoon: Complete Collection
Ad-aware 6 Professional
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AOpen Multimedia Utilities
Avance AC'97 Audio
AVG 6.0 Anti-Virus - FREE Edition
BitTorrent 3.4.2
BPS Spyware-Adware Remover 8.2.0.2
Carnival Cruise Lines Tycoon 2005 - Island Hopping
CCleaner (remove only)
CleanUp!
Digital Patrol 4.10.17
DivX Player
DivX Pro Trial
Elecard MPEG-2 Decoder&Streaming Pack
ewido anti-malware
GameSpy Arcade
GoldWave v5.10
HijackThis 1.99.1
Historywasherpro.com
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
iClean
InfoProcess AntiHook 2.5 (Build 12)
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 6
Kill Docs
Lexmark 730 Series
Lexmark X73
LimeWire 4.9.30
Logitech QuickCam
Macromedia Flash Player 8
Macromedia Shockwave Player
Mall Of America Tycoon
Mall Tycoon
Maxell CreateIt
MGI PhotoSuite 8.1 (Remove Only)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft PowerPoint Viewer 97
Microsoft Windows XP Video Decoder Checkup Utility
Miss Bingo
Monopoly
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
Mustek Scanner Solutions for 600 III EP Plus v3.0
Nero - Burning Rom
NVIDIA Drivers
NVIDIA DVD Decoder
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Ocean Aquarium 3D Deluxe
Ocean Aquarium 3D Deluxe v1 Screen Saver
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
PConPoint v1.1
Photo Explosion SE
PhotoShow Express 3
Railroad Tycoon II - Platinum
RCT3 Soaked
RealArcade
RealPlayer
Registry Mechanic
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3
Royal Vegas Online Casino
SeaStorm 3D Screensaver 1.5
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Shizmoo Web Games (Uproar)
Shockwave
SmileyDistrict Optimizer
SonicStage 3.3
Sony ACID Music Studio 5.0
Spybot - Search & Destroy 1.3
SpySubtract
Storybook Weaver Deluxe
Survivor (tm)
The Game Of Life
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
WinAce Archiver
Window Washer 5
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows Registry Repair Pro
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Yahoo! Messenger
your Poker Room
Zoo Tycoon: Complete Collection
4
Tech Clinic / hijacked
« on: January 16, 2006, 09:07:02 PM »
Logfile of HijackThis v1.99.1
Scan saved at 9:59:01 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:47:56 PM, 1/16/2006
+ Report-Checksum: 610F25F5
+ Scan result:
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060109-004948-515.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060109-005025-262.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-173300-489.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-173358-766.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-174647-683.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-183220-697.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Battlefield 1942 CD-KEY Generator.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Anti-Virus 2004 Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton AntiVirus 2004 Pro Activation Key & Serial.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Antivirus 2004 PRO Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Internet Security Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton SystemWorks 2004 Pro Reg-Code Generator.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Windows XP Pro ACTIVATION-KEY GENERATOR !!!.exe -> Worm.Apsiv : Cleaned with backup
C:\WINDOWS\system32\setdrv32.dll -> Trojan.Agent.cs : Cleaned with backup
C:\WINDOWS\system32\__sys.exe -> Worm.Apsiv : Cleaned with backup
::Report End
VundoFix V4.0
Listing files found while scanning....
VundoFix V4.0
Listing files found while scanning....
VundoFix V4.0
Listing files found while scanning....
Scan saved at 9:59:01 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:47:56 PM, 1/16/2006
+ Report-Checksum: 610F25F5
+ Scan result:
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060109-004948-515.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060109-005025-262.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-173300-489.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-173358-766.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-174647-683.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\backups\backup-20060116-183220-697.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Battlefield 1942 CD-KEY Generator.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Anti-Virus 2004 Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton AntiVirus 2004 Pro Activation Key & Serial.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Antivirus 2004 PRO Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton Internet Security Reg-Code Generator (WORKING!!).exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Norton SystemWorks 2004 Pro Reg-Code Generator.exe -> Worm.Apsiv : Cleaned with backup
C:\Documents and Settings\shelly\Shared\Windows XP Pro ACTIVATION-KEY GENERATOR !!!.exe -> Worm.Apsiv : Cleaned with backup
C:\WINDOWS\system32\setdrv32.dll -> Trojan.Agent.cs : Cleaned with backup
C:\WINDOWS\system32\__sys.exe -> Worm.Apsiv : Cleaned with backup
::Report End
VundoFix V4.0
Listing files found while scanning....
VundoFix V4.0
Listing files found while scanning....
VundoFix V4.0
Listing files found while scanning....
5
Tech Clinic / hijacked
« on: January 16, 2006, 07:00:57 PM »
Volume in drive C has no label.
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
EDIT>>>Thanks, I've saved the info, I'll post what I needed later
<guestolo>
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
EDIT>>>Thanks, I've saved the info, I'll post what I needed later
<guestolo>
6
Tech Clinic / hijacked
« on: January 16, 2006, 06:33:15 PM »
Volume in drive C has no label.
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
Directory of C:\Documents and Settings\shelly\Local Settings\Temporary Internet Files\Content.IE5\29PIZITO
Volume in drive C has no label.
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
Directory of C:\Documents and Settings\shelly\Local Settings\Temporary Internet Files\Content.IE5\29PIZITO
there it is sorry i take so long i keep getting booted from internet explorer
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
Directory of C:\Documents and Settings\shelly\Local Settings\Temporary Internet Files\Content.IE5\29PIZITO
Volume in drive C has no label.
Volume Serial Number is 9CC9-5B23
Directory of C:\WINDOWS\system32
Directory of C:\Documents and Settings\shelly\Local Settings\Temporary Internet Files\Content.IE5\29PIZITO
there it is sorry i take so long i keep getting booted from internet explorer
7
Tech Clinic / hijacked
« on: January 16, 2006, 04:30:05 PM »
Logfile of HijackThis v1.99.1
Scan saved at 5:15:50 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
sorry about that
Scan saved at 5:15:50 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
sorry about that
8
Tech Clinic / hijack this notepad results
« on: January 16, 2006, 04:16:32 PM »
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
9
Tech Clinic / hijacked
« on: January 15, 2006, 11:17:25 PM »
here is my log file
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\shelly\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {8A8F5616-35CF-4C44-9DC0-652E548C3C4b} - C:\WINDOWS\system32\otyyltns.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Windows System] gkukxpvp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Armored Attack by pogo -
O16 - DPF: Big Shot Roulette TM by pogo -
O16 - DPF: Blackjack by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: Checkers by pogo -
O16 - DPF: Command and Conquer Comanche by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: EZ Win Bingo by pogo -
O16 - DPF: Greenback Bayou by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: High Stakes Poker by pogo -
O16 - DPF: High Stakes Pool by pogo -
O16 - DPF: Its Outta Here 2 by pogo -
O16 - DPF: Jigsaw Detective by pogo -
O16 - DPF: Jokers Wild Poker by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Keno by pogo -
O16 - DPF: Lottso by pogo -
O16 - DPF: Mah Jong Garden by pogo -
O16 - DPF: Multiline Slots by pogo -
O16 - DPF: NASCAR Web Racing by pogo -
O16 - DPF: Pai Gow by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Perfect Pair Solitaire by pogo -
O16 - DPF: Perfect Passer by pogo -
O16 - DPF: Phlinx by pogo -
O16 - DPF: Pinochle by pogo -
O16 - DPF: Pirate's Gold by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: Quick Shot by pogo -
O16 - DPF: Ricochet by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Showbiz Slots 2 by pogo -
O16 - DPF: Spades by pogo -
O16 - DPF: Spider Solitaire by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: Tank Hunter by pogo -
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Top Down Baseball Challenge by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Vert Skater by pogo -
O16 - DPF: Video Poker by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: Word Whomp Whackdown by pogo -
O16 - DPF: WordJong by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D156} -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} -
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} -
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} -
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E12F0983-F19C-4A7C-A7A7-CD8F15EAEB21} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D59922-6E28-42FA-B1D6-99AFA4FDCE3D}: NameServer = 198.164.4.62 198.164.30.62
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O21 - SSODL: IEFilter - {EDD2B86A-3686-4CD1-8A7E-70F3A7CDE287} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
10
Tech Clinic / need help with hijacker
« on: January 15, 2006, 10:36:49 PM »
i think i,m being hijacked in a dll..... its setdrv.dll how do i get rid of it?
Pages: [1]