Show Posts

Tech Clinic / Hijack this log

« on: May 27, 2008, 04:19:51 PM »

ComboFix 08-05-27.3 - Ryan 2008-05-27 16:13:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\Ryan\Application Data\MCROSO~1.NET
C:\Documents and Settings\Ryan\Application Data\MCROSO~1.NET\M?crosoft.NET\
C:\Documents and Settings\Ryan\My Documents\DOBE~1
C:\Documents and Settings\Ryan\My Documents\DOBE~1\wowexec .exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\kifi
C:\Program Files\Common Files\kifi\kifia.exe
C:\Program Files\Common Files\kifi\kifia.lck
C:\Program Files\Common Files\kifi\kifid\class-barrel
C:\Program Files\Common Files\kifi\kifid\kific.dll
C:\Program Files\Common Files\kifi\kifid\vocabulary
C:\Program Files\Common Files\kifi\kifih
C:\Program Files\Common Files\kifi\kifil.exe
C:\Program Files\Common Files\kifi\kifil.lck
C:\Program Files\Common Files\kifi\kifim .exe
C:\Program Files\Common Files\kifi\kifim.lck
C:\Program Files\Common Files\kifi\kifip.exe
C:\Program Files\Common Files\sks~1
C:\Program Files\CPV
C:\Program Files\CPV\CPV7.dll
C:\Program Files\DioCleaner
C:\Program Files\DioCleaner\stat.bin
C:\Program Files\DioCleaner\uninstall.exe
C:\Program Files\DioCleaner\uninstall.log
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Insider
C:\Program Files\Insider\Insider .exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore .exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrModule\QdrModule12 .exe
C:\Program Files\QdrModule\QdrModule16.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\carkazupd.exe
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\dictys.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\QdrPack12 .exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\QdrPack\QdrPack14 .exe
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\QdrPack\stixpupd.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\RcvSystem
C:\Program Files\RcvSystem\httpdchk.dll
C:\Program Files\Router
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable .exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\BMff713b06.xml
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kifi
C:\WINDOWS\kifi\kifi.dat
C:\WINDOWS\kifi\wu
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\pskt.ini
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\immseujc.ini
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\orykojps.ini
C:\WINDOWS\system32\pklcbpin.ini
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\rgfiikop.ini
C:\WINDOWS\system32\srqbmimq.ini
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-27 15:32 . 2008-05-27 15:32   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-27 15:25 . 2008-05-27 15:25   <DIR>   d--------   C:\Program Files\Uniblue
2008-05-27 15:25 . 2008-05-27 15:25   <DIR>   d--------   C:\Documents and Settings\Ryan\Application Data\Uniblue
2008-05-27 14:59 . 2008-05-27 15:00   <DIR>   d--------   C:\Documents and Settings\Ryan\Application Data\U3
2008-05-27 14:50 . 2008-05-27 14:50   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 21:34 . 2008-05-26 21:34   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-05-26 19:59 . 2008-05-26 21:58   490   --a------   C:\WINDOWS\wininit.ini
2008-05-26 18:36 . 2008-05-26 19:12   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-05-26 18:36 . 2008-05-26 19:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 18:32 . 2008-05-26 18:32   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-06 09:33 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-06 09:33 . 2001-08-17 13:48   12,160   --a--c---   C:\WINDOWS\system32\dllcache\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 20:58   18,432   ----a-w   C:\WINDOWS\fkwggshm.exe
2008-03-30 02:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DIGStream
2008-03-30 02:10   ---------   d-----w   C:\Program Files\QuickTime
2008-03-30 02:10   ---------   d-----w   C:\Program Files\iTunes
2008-03-30 02:10   ---------   d-----w   C:\Program Files\ESPNRunTime
2008-03-30 02:10   ---------   d-----w   C:\Program Files\Dot1XCfg
2008-03-30 02:10   ---------   d-----w   C:\Program Files\DIGStream
2008-03-30 02:10   ---------   d-----w   C:\Program Files\Dell AIO Printer A940
2008-03-27 14:04   379,904   ----a-w   C:\WINDOWS\mrofinu72.exe.tmp
2008-01-18 21:31   66,048   ----a-w   C:\Documents and Settings\All Users\Application Data\wzyrqjwp.dll
2005-08-02 22:46   187,904   --sha-r   C:\WINDOWS\Unlhbg\asappsrv.dll
2005-08-02 22:58   293,888   --sha-r   C:\WINDOWS\Unlhbg\command.exe
2005-07-29 22:24   472   --sha-r   C:\WINDOWS\Unlhbg\oB51v0.vbs
.

Code: [Select]

<pre>
----a-w		   180,269 2008-03-30 02:10:26  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			86,102 2008-03-30 02:10:23  C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
----a-w		   278,528 2008-03-30 02:10:34  C:\Program Files\DIGStream\digstream .exe
----a-w			61,440 2008-03-30 02:10:35  C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w		   101,888 2008-03-30 02:11:33  C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w		   278,528 2008-03-27 14:04:25  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,694,208 2008-03-30 02:10:41  C:\Program Files\Messenger\MSMSGS .EXE
----a-w		   524,288 2008-03-27 14:04:20  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   524,288 2008-03-27 13:53:14  C:\Program Files\QuickTime\qttask				.exe
----a-w		   524,288 2008-02-07 20:29:54  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   524,288 2008-02-03 19:06:53  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   524,288 2008-02-03 18:49:36  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   524,288 2008-01-31 21:33:31  C:\Program Files\QuickTime\qttask			.exe
----a-w		   524,288 2008-01-19 17:33:46  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   524,288 2008-01-19 07:38:45  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   524,288 2008-01-18 16:42:52  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   524,288 2008-01-18 05:38:58  C:\Program Files\QuickTime\qttask		.exe
----a-w		   524,288 2008-01-18 05:25:22  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   524,288 2008-01-10 21:17:54  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   524,288 2007-12-31 14:40:20  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   524,288 2007-12-24 17:45:21  C:\Program Files\QuickTime\qttask	.exe
----a-w		   524,288 2007-12-24 17:39:11  C:\Program Files\QuickTime\qttask   .exe
----a-w		   524,288 2007-12-23 21:00:22  C:\Program Files\QuickTime\qttask  .exe
----a-w		   524,288 2007-12-23 17:39:38  C:\Program Files\QuickTime\qttask .exe
----a-w		   684,032 2008-03-30 02:10:31  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kjhnlf"="C:\WINDOWS\system32\?ppPatch\w?nspool.exe" [ ]
"QdrModule16"="C:\Program Files\QdrModule\QdrModule16.exe" [ ]
"QdrPack16"="C:\Program Files\QdrPack\QdrPack16.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-06 20:25 1910040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 15:44 128648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 03:47:22 151552]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMff713b06]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fc42089a]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-04-24 17:58 4616192 C:\WINDOWS\System32\NvCpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 16:17:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-27 16:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 21:21:25

Pre-Run: 51,396,366,336 bytes free
Post-Run: 53,125,754,880 bytes free

342 --- E O F --- 2008-05-27 02:32:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:22 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKCU\..\Run: [Kjhnlf] C:\WINDOWS\system32\?ppPatch\w?nspool.exe
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3306 bytes

TheTechGuide Forum

News:

Messages - sporty_874

Tech Clinic / Hijack this log

Tech Clinic / Hijack this log