Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kai

Pages: [1]
1
Tech Clinic / Need help with suspected aurora virus
« on: June 03, 2005, 08:54:06 AM »
Everything seems to running about the same, but ad-aware/spybot arent picking up anything new so must mean im all good http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />.

Thanks for all the help questolo, and good luck for whatever it is that you do aside from helping people http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

2
Tech Clinic / Need help with suspected aurora virus
« on: June 02, 2005, 02:36:23 AM »
hmmm unknown eh? D:

vgewfk.exe was infected, deleted... well heres the results

Scan results
Code: [Select]
AntiVir  Found TR/Agent.CP
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Trojan.Agent.CP
ClamAV  Found nothing
Dr.Web  Found not a virus Adware.CallingHome
F-Prot Antivirus  Found W32/Agent.NA
Fortinet  Found W32/Agent.CP-tr
Kaspersky Anti-Virus  Found Trojan.Win32.Agent.cp
mks_vir  Found Trojan.Agent.Cp
NOD32  Found Win32/Agent.CP
Norman Virus Control  Found nothing
VBA32  Found Trojan.Win32.Agent.cp
and by filename i assume you mean

Code: [Select]
File:    vgewfk.exe
Status:  
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5  0e3df308253dd58440de1a85800482d6
Packers detected:  
PE_PATCH, UPX

3
Tech Clinic / Need help with suspected aurora virus
« on: June 01, 2005, 02:59:49 AM »
done

HJT
Code: [Select]
Logfile of HijackThis v1.99.1
Scan saved at 5:48:20 PM, on 1/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
U:\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
K:\Trend Micro\Internet Security\PCClient.exe
K:\Trend Micro\Internet Security\TMOAgent.exe
U:\Ahead\InCD\InCD.exe
K:\steam\steam.exe
K:\Programs\Spybot\TeaTimer.exe
K:\Programs\SpywareGuard\sgmain.exe
K:\Programs\Ewido\Security Suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
K:\Trend Micro\Internet Security\Tmntsrv.exe
K:\Trend Micro\Internet Security\tmproxy.exe
K:\Programs\SpywareGuard\sgbhp.exe
K:\Trend Micro\Internet Security\PccPfw.exe
K:\Programs\IDA\ida.exe
C:\WINDOWS\system32\wuauclt.exe
K:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - K:\Programs\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\Programs\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "K:\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "K:\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] U:\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [Steam] "k:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Programs\Spybot\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = K:\Programs\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download ALL with IDA - K:\Programs\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - K:\Programs\IDA\idaie.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - K:\Programs\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - K:\Programs\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116923669207
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{971ACAC0-A642-49FC-88FA-635D2A3DDD18}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - K:\Programs\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - U:\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\tmproxy.exe
FindIt's
Code: [Select]
Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 01/06/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first
 
* UPX!  C:\WINDOWS\System32\VGEWFK.EXE
 
»»»»» lagitamate file's can/will show in this section.
 
* UPX!  C:\WINDOWS\System32\XVID.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.
 
 Volume in drive C has no label.
 Volume Serial Number is EC83-6516

 Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
 Volume in drive C has no label.
 Volume Serial Number is EC83-6516

 Directory of C:\WINDOWS\system32

08/02/2004  11:51 PM               318 ati_cube.ico
26/12/2003  11:43 AM            15,086 DNA_icon.ico
               2 File(s)         15,404 bytes
               0 Dir(s)   2,034,737,152 bytes free
 
»»»»»»»»»»»»»»»»»»»»»»»».

4
Tech Clinic / Need help with suspected aurora virus
« on: May 31, 2005, 05:53:43 AM »
Thanks for the help so far http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />, heres the logs

HJT:

Code: [Select]
Logfile of HijackThis v1.99.1
Scan saved at 8:49:58 PM, on 31/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
U:\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
K:\Trend Micro\Internet Security\PCClient.exe
K:\Trend Micro\Internet Security\TMOAgent.exe
K:\steam\steam.exe
K:\Programs\Spybot\TeaTimer.exe
K:\Programs\Ewido\Security Suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
K:\Programs\SpywareGuard\sgmain.exe
K:\Trend Micro\Internet Security\Tmntsrv.exe
K:\Trend Micro\Internet Security\tmproxy.exe
K:\Programs\SpywareGuard\sgbhp.exe
K:\Trend Micro\Internet Security\PccPfw.exe
K:\Programs\Mozilla\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
K:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - K:\Programs\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\Programs\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "K:\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "K:\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [Steam] "k:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Programs\Spybot\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = K:\Programs\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download ALL with IDA - K:\Programs\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - K:\Programs\IDA\idaie.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - K:\Programs\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - K:\Programs\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116923669207
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{971ACAC0-A642-49FC-88FA-635D2A3DDD18}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - K:\Programs\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - U:\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\tmproxy.exe
EWIDO:
Code: [Select]
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:  8:40:21 PM, 31/05/2005
 + Report-Checksum:  7F8A499D

 + Date of database:  31/05/2005
 + Version of scan engine: v3.0

 + Duration:    105 min
 + Scanned Files:  153489
 + Speed:    24.28 Files/Second
 + Infected files:  7
 + Removed files:  7
 + Files put in quarantine:  7
 + Files that could not be opened: 0
 + Files that could not be cleaned: 0

 + Binder:  Yes
 + Crypter:  Yes
 + Archives:  Yes

 + Scanned items:
C:\
K:\
U:\

 + Scan result:
C:\WINDOWS\system32\jrjuqj.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\lmokay.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\qjqdsfd.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\ukhymvw.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\vrsttg.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\vuddgv.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\wuhpkuv.exe -> Trojan.Agent.cp -> Cleaned with backup


::Report End   C:\Windows\Nail.exe and
   C:\Windows\autoload.exe were infected as well, but first time round i didnt run nailfix first and lost the log... D:

The .exe's you asked me to fix with HJT werent found by the scan...
mbe my system is clean already... also, windows gave me an error msg about nail.exe missing, thats supposed to happen right? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />

5
Tech Clinic / Need help with suspected aurora virus
« on: May 30, 2005, 05:25:59 AM »
hey, new here http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> tbh i only signed up to get some help with this damned virus. I've downloaded and run all your suggested programs and fixed anything I found not quite right; even manually tried to delete the TODO associated files that were running on my pc.

another problem are recurring virus', my av prog keeps detecting two different trojans,

TROJ_BUDDY affecting c:\windows\ddjsvheji.exe
TROJ_STERVIS.C affecting c:\windows\svcproc.exe

Anyway, heres the HJT Logfile

Code: [Select]
Logfile of HijackThis v1.99.1
Scan saved at 7:02:22 PM, on 30/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
U:\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
K:\Trend Micro\Internet Security\PCClient.exe
K:\Trend Micro\Internet Security\TMOAgent.exe
c:\windows\system32\jmximbo.exe
K:\steam\steam.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
K:\Trend Micro\Internet Security\Tmntsrv.exe
K:\Trend Micro\Internet Security\tmproxy.exe
K:\Programs\Spybot\TeaTimer.exe
K:\Programs\SpywareGuard\sgmain.exe
K:\Programs\SpywareGuard\sgbhp.exe
K:\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wuauclt.exe
K:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\Programs\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "K:\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "K:\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [htzhlx] c:\windows\system32\jmximbo.exe
O4 - HKLM\..\Run: [mddwga] c:\windows\system32\irpesgb.exe
O4 - HKCU\..\Run: [Steam] "k:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Programs\Spybot\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = K:\Programs\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116923669207
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{19C9AC89-A9C2-4216-A253-955278B1CEF2}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{971ACAC0-A642-49FC-88FA-635D2A3DDD18}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D4179C6-D066-4781-94E1-10037159CEC4}: Domain = vic.bigpond.net.au
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - U:\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - K:\Programs\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - K:\Programs\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - K:\Trend Micro\Internet Security\tmproxy.exe
Any help would be appreciated <3

Pages: [1]